Nulli Sponsors Inaugural SecRETs 2016 Conference
Nulli is a strong supporter of academia and industry sharing experience, research and development to extend knowledge of existing technologies and to develop innovative ideas in the realm of security and identity management. Nulli sponsored the first Security Researchers and industry Experts Talks known as SecRETs, which was held at University of Calgary on Oct 19, 2016 to encourage further collaboration between industry and academia.
….extend knowledge of existing technologies and to develop innovative ideas in the realm of security and identity management.
The Security Researchers and industry Experts Talks SecRETs conference was well attended by both industry representatives, government staff, University of Calgary Faculty and students. The format of keynote talks representing new and challenging areas of interest to researches in the cybersecurity field followed by industry presentations proved to be both valuable and insightful. This is not a product presentation summit, it was a true knowledge sharing and networking meeting of keenly interested professionals.
The first keynote presented by Dr. Reihaneh Safavi-Naini started the morning sessions with her talking about cryptography in the post-quantum computing era. Researchers believe quantum computers will be available by 2030, and when that happens, assumptions made on computational power of adversaries and their ability to break keys will no longer be valid. That means that many of the existing encryption primitives may not be useful in a post-quantum computing era. The threat is so imminent that the NSA decided to ask the security community to “act now” to help address this pending change.
Another keynote presented by Dr. Philip Fong discussed the potential security threats presented against Internet of Things (IoT). He discussed two very frightening stories on how careless use of devices in an IoT infrastructure can result in expensive consequences (Smart door lock story, cyber attack against Ukraine’s Power Grid).
Representing Nulli at the conference, I gave a presentation on the significance of relationship-based access control (RelBac) and the importance application of graphs in describing graph-based access policies. We are living in the relationship era when business owners define their business models based on relationships between entities that are interacting with them. Facebook and Twitter are two examples of companies highly reliant on graph for their applications. Relationships between people, processes, things and devices are what we have recently seen encouraging companies to describe their access policies using graphs. The business relationships are readily translated into their data model as described in graphs.
I demonstrated one of our recent projects using graphs for describing access policies in the ForgeRock™ identity platform. As a research problem, I asked the students in the audience to come up with a general purpose graph model that could be used for describing access policies of different customers with various requirements.
The conference ended with an industry panel discussion on the threat of ransomware in todays connected world. University of Calgary CIO Jerome Beaudoin provided further details about the recent ransomware incident at the University of Calgary and how they dealt with it. In this ransomware cyberattack, thousands of machines and servers were targeted and their data was encrypted. University of Calgary was asked to pay $20,000 in exchange for the encryption key. Although backup versions of the encrypted data was available it was decided that to further reduce the risk of data loss and loss of time to recover from backup and due to only having 6 days to pay the ransom, they decided to pay.
Nulli sees this conference as a key way to bring industry and academia together to share ideas and methods for addressing real world problems of the present and of the future. Nulli looks forward to supporting this sharing of knowledge and development of research encouraged at the conference as it reflects our core values of Integrity, Partnership and Knowledge.
All in all this was a great opportunity for us to hear about new trends in cyber security, and also to talk about our interesting projects at Nulli with our industry peers and with our associates at the University of Calgary and beyond.