Institut for Elektroniske Systemer
English
Dansk
17.02.2012

Guest lecture by Yuan Xiang Gu

Time & place: Monday, March 12 at 12:30 at NJV14, room 4-111

Title: “Software Protection and Security Dynamics”

Abstract:
What’s the most important security challenge for current application systems? The fact that un-trusted environments become a mainstream such as consumer devices and cloud computing hosts, and security is a moving target! Digital content consumed via commodity devices is penetrating every aspect of life, along with other advanced Internet-based and wireless technologies. But as the value of content and services deployed on many real-life and modern server-client delivery systems grows, so does the attraction to attackers. Modern security is facing new challenges because traditional perimeter defenses against man-in-the-middle attacks are inadequate protection against the man-at-the-end white-box attacks favored by many attackers.

Increasingly, companies rely on security technologies to protect their business model and assets, while users expect their assets to remain protected. Accordingly, security of application systems must be dynamically developed, deployed, maintained, and updated. We have no choice but to make security agile and rapidly deployable, and to employ dynamically and flexibly renewable protection technologies. Software defenses can go far toward meeting these requirements.

But in a rapidly changing world where digital content relies on software for its creation, storage, distribution, and consumption, we can’t expect any fixed protection to provide ongoing security. Hence, it’s becoming a fundamental requirement that we protect digital assets by continuously upgrading the protections in their associated software. If legitimate development suffers from moving security targets, we must ensure that the black hats face moving attack targets as well.

The emerging reality is that to protect content delivery systems effectively with software-mediated behavior, we must consider the entire security life cycle, not just initial attack resistance: our delivery systems must provide active prevention, monitoring, mitigation, and breach response for the duration of deployment. Rapid detection of and response to breaches in the field is critical. To reduce the likelihood of wide breaches, we must make systems diverse up front, and strongly varying software is much easier and cheaper than strongly varying hardware.

Recently, homomorphic encryption research is receiving serious attention from both research community and industry with very high hype that it can resolve some fundamental security problems, which are facing by cloud computing, in 5-10 years. In fact, the security issues that can be addressed by homomorphic encryption are very small part of white-box security landscape. Moreover, those problems have been addressing by homomorphic data transformation that is part of software protection technology. White-Box cryptography is a kind of application to the homomorphic data transformation.

In this presentation, we will discuss White-Box attacks and vulnerability in real world and why software protection is important, introduction to software protection technology and software security lifecycle management.

Short bio:
Mr. Gu was the co-founder of Cloakware Corporation and is a co-inventor of world leading edge software security and protection technology and he and his co-inventors are pioneers who created a brand new emerging software security and protection field and industry in the world. As a chief architect of Cloakware, Mr. Gu is responsible for Cloakware product architectures as well as technology development and evolution.

In 2007, Cloakware was acquired by Irdeto. Since then, as a senior research director of Irdeto, Mr. Gu is also leading the development of next generation Cloakware technology, and research collaboration with research communities worldwide. Recently, Mr. Gu is invited being a guest professor of Northwest University in China.

Recently years, Mr. Gu has been invited and visited over 30 universities and research institutes in North American, Europe and Asia, and organizing international security forums and becomes an active speaker at many international conferences and workshops to promote software security and protection.

Prior to joining Cloakware, Mr. Gu has worked as a senior scientist and architect at Nortel Networks. Previously, Mr. Gu was a visiting professor at the Computer Science School of McGill University at Montreal of Canada between 1988-1990. Before relocated to Canada, Mr. Gu was a professor in the Computer Science Department at Northwest University in China.

Mr. Gu received the First Outstanding Young Scientists Foundation Award from the Chinese Academy of Sciences in 1985, and has over three decades of software research and development knowledge and expertise, and has published over 60 papers and dozens of patents and patent applications.