Agile security for cloud systems? Moti Yung to give a HAIC Talk at Aalto
Renowned security and privacy scientist and cryptographer Moti Yung will visit Aalto University, hosted by the Helsinki-Aalto Center for Information Security (HAIC) to give a public lecture on 19 June.
Yung is particularly known for coining the term ‘cryptovirology’ and the principles behind it. At his HAIC Talk he will explain how, in ‘the cloud era’, software design and security tool development should be able to keep up with the constantly evolving ecosystem and take note of how cloud systems keep evolving.
Adhering to what he calls “agile principles” could also protect cloud systems from attacks and breaches.
‘In an environment where software development, updates and projects are always ongoing, also the cryptography and security designer should be in a state of adaptation to the system's evolution. I will demonstrate this in my talk based on a heavily-used real-world application,’ says Yung, referring to Google’s Advertisement Exchange, which supports the company’s multi-billion-dollar digital advertising.
Designing security tools and cryptographic solutions with the ever-extending scope and inevitable scaling up of the cloud system – such as Google’s Advertisement Exchange, Yung’s focus point in the upcoming talk – would be a way to avoid overly complex changes and loads of development overhead later on.
Yung finds an analogy of the ‘agility principle’ even for keeping every-day users safe from ransomware and all other kinds of attacks.
‘The two things people often think of only as disturbances – systems updates and backups – are in fact most essential! If everyone took care of them frequently, the window of opportunity for attackers would narrow considerably,’ reminds Yung.
Yung’s work on ransomware – the hijacking of systems or data from users or organisations and issuing demands for ransom for releasing the data – also becomes increasingly relevant with the current internet of things trend. The ‘things’ will enable new kinds of security breaches and attacks and prevention tactics need to be planned well in advance.
‘The merging of computing and physical devices will lead to new attacks where ransomware will be replaced by physical consequences.’
‘Any element of the new IoT systems will be a target, and there is not enough investment in their security. Ransomware could cause a man-made disaster if we do not secure the system-level infrastructure,’ believes Yung.
He also cautions that artificial intelligence applied without safety and security in mind will lead to attacks.
Moti Yung’s HAIC Talk The Advertisement Exchange: How to Develop Agile Cryptographic Support for an Evolving Ecosystem?, 19 June at Dipoli (Lumituuli) at 6 PM:
The talk is open for everyone, but please sign up in advance here: