1 / 13

Security Research at HP Labs

Security Research at HP Labs. Bill Horne, Project Manager, HP Labs. Roles of HP labs. HP strategy creation Strategically aligned technologies New opportunities for HP Fundamental science. HP Labs worldwide. http://www.hpl.hp.com. St. Petersburg. Bristol. Princeton. Palo Alto.

clem
Télécharger la présentation

Security Research at HP Labs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Research at HP Labs Bill Horne, Project Manager, HP Labs

  2. Roles of HP labs • HP strategy creation • Strategically aligned technologies • New opportunities for HP • Fundamental science

  3. HP Labs worldwide http://www.hpl.hp.com St. Petersburg Bristol Princeton Palo Alto Beijing Tokyo Haifa Bangalore ~600 employees worldwide

  4. HP research and development $3.6B spent on R&D in FY07 Business unit focus – current and next generation products Next-generation products 1 – 2 years Current products Current

  5. HP Labs 5% of R&D Disruptive/Emerging technologies Technology advancements Breakthrough technologies 3 – 15 years Next-generation products 1 – 2 years Current products Current

  6. HP’s first computer: the HP 2116a Visualization HP Indigo Digital Press “SHREK-2” – Flexible Computing Thermal Inkjet Printing HP first laser printer Memory Spot Chip HP-35, the first scientific handheld calculator Deterrence methods that could be used in printing currency Data Mining/Clustering HALO Life Size Collaboration Product Tracking Utility Computing Social Networking Email Spectroscopy RISC Architecture Dynamic Smart Cooling Adaptive Infrastructure – Model Based Automation

  7. Security context Research Challenges Develop quantitative information-systems risk management that is at least as good as quantitative financial risk management Narrow the policy and assurance gaps with automated, optimizable technology Transform operations from ad hoc point solutions to unified, coordinated technologies policygap understandrisk mechanism TRENDSOpen/Service-Centric ITRise of CybercrimeBusiness/IT alignment infrastructureoperations monitoring compliance assurancegap

  8. Trust EconomicsFeasibility Study For UK Government Seek to develop analytical tools to advise CEO/CIO/CISOs on information security investments in people, process, and technology Take account of human vulnerabilities and system vulnerabilities Integrate system models, human behaviour models, and economic models Initial studies have included empirical work on user’s attitudes to USB memory stick security policies Empirical study  Conceptual Models  Predictive, Executable Math Models

  9. Trusted infrastructure HP is a founding member of the Trusted Computing Group 160+ members Developing, defining, and promoting open, vendor-neutral industry specifications for trusted computing Hardware building blocks Software interface specifications Multiple platforms, peripherals, and devices Benefits More secure storage of data Lower cost, more secure user authentication Secure platform authentication Multiple anonymous trusted identities Network access control

  10. Role discovery Problem Controlling access to myriad systems and applications in large enterprises is complex and labor-intensive. Role Based Access Control (RBAC) simplifies the problem. Converting a conventional access control system into an RBAC system is a major challenge. Solution Graph theoretic approach to finding inherent roles in traditional access control systems. Assists top-down role development. Application Helping HP IT simplify management of limited network access for external business partners. Developing network Access Control Lists (ACLs) is one of the most resource-intensive parts of this process Role discovery in conjunction with top-down role development will enable network engineers to create role-based ACLs in 43% less time than conventional ACLs, resulting in a significant annual savings. entitlements users users roles entitlements conventional access control role-based access control

  11. Model based assurance Technology to allow enterprises to model their control architecture Focused on automating the testing and reporting of controls Integration with security analytics and correlations more traditionally used for security monitoring How to use the modeling framework to orchestrate and integrate the different assurance reporting requirements of auditors, security officers, application owners, risk officers and compliance officers Working internally with HP Audit to develop models

  12. HP Labs and the customer value chain Customer HP Labs R&D Service R&D in business units Sales Businessunitmanage-ment

  13. Executive Briefing Centers

More Related