atsec’s Steve Weingart to talk at IEEE VLSI Test Symposium 2010
2010-03-18Austin, TX – We are proud to announce that Steve Weingart, Principal Consultant at atsec information security, will be presenting a 20-minute talk on the topic of "Considering Security Standards While Designing Devices and Systems" at the IEEE VLSI Test Symposium 2010. The IEEE VTS will be held from April 19th to April 22nd in Santa Cruz, CA. The presentation will be part of the Special Session 11B: “Hot Topic: Hardware Security: Design, Test and Verification Issues” on Wednesday, April 21st from 11am – 12pm.
Steve Weingart (BSEE University of Miami ’78) has worked in security and cryptography since the 1980’s. While at IBM’s Thomas J. Watson Research Center, he helped author the FIPS 140-1 standard and was the lead hardware engineer for the first device to be validated at the highest security level of FIPS 140-1, level 4. Since that time, he has been a developer, consultant, and standards tester for security and cryptography related projects. Steve is currently a Principal Consultant at atsec information security corporation in Austin, TX.
Abstract:
“As the skills of attackers increase, the security of computing systems has had to improve to provide adequate security and integrity protection.
What has made this task even more difficult is that the security measures that are being developed, from tamper resistance to cryptographic algorithms, are not always as strong as the developer may claim. This makes it difficult for a device or system designer to know what to use, or how to use it.
In addition, in most cases the end user has no way to judge the efficacy of a given security measure since the complexity level has gone beyond most users' ability to determine.
With these issues in mind, standards have been developed to give designers a point of reference and measure to design to; and users can choose products that have been verified to meet standards so that they have some assurance that their system is secure to some level.
Standards include both security requirements (tamper resistance and response, key management, zeroization, algorithm choice and the like), and interoperability requirements (algorithm modes and methods, endianess, etc), to ensure both security and compatibility. However, standards are not perfect. Systems and methods are evolving so rapidly that most standards have to bend and adjust to changing demands. In many cases, standards must adapt to situations that were never envisioned during the original development.
This talk will discuss the application of standards to device and system design from the position of requirements on the design and things to consider during design to meet standards. In addition, typical side door attacks (ones that have not been envisioned, so have likely not been considered) and the general concept of a security boundary will be discussed.”
We would like to invite you to join us for this presentation.
About atsec information security
atsec information security is an independent, standards-based information technology security services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich, Germany in 2000 and has extensive international operations with offices in the U.S., Germany, Sweden, and China.
atsec offers secure code review, ISO/IEC 27001 ISMS consulting, and penetration testing and scanning services as well as being a QSA and ASV.
atsec also offers evaluation and testing services leading to formal certification for IT security including evaluation under Common Criteria schemes in the U.S., Germany, and Sweden; cryptographic module and algorithm testing under the Cryptographic Module Validation Program of the National Institute of Standards and Technology (NIST) in the U.S. and Communications Security Establishment Canada (CSEC) in Canada.
atsec works with such leading global companies as IBM, Apple, Microsoft, Hewlett-Packard, Oracle, Cray, BMW, SGI, Vodafone, RWE, and Wincor-Nixdorf.
