Presented at Black Hat Europe 2018
Dec. 5, 2018, 3:15 p.m.
A wide gap exists between real-world attack scenarios and the implicit security guarantees of most popular databases, particularly around confidentiality of encrypted information. This talk will review the latest advances and breaks in database encryption techniques, including searchable encryption, multi-party authorization, and attribute based access.
The presentation will provide architects and defenders with specific practical guidance to protect high-sensitivity workloads in the most demanding privacy & compliance environments. We will dive-deep into database encryption threat models and the realities of production ops, including emerging methods around data in-use and blind administrator models.
- Product Security, MongoDB
Kenneth White is a security engineer whose work focuses on networks and global systems. He is co-founder and Director of the Open Crypto Audit Project and led formal security reviews on TrueCrypt and OpenSSL. He currently leads applied encryption engineering in MongoDB's global product group. He has directed R&D and security Ops in organizations ranging from startups to nonprofits to defense agencies to the Fortune 50. His work on applied signal analysis has been published in the Proceedings of the National Academy of Sciences. He created software powering the largest clinical trial & cardiac safety research networks in the world. His work on network security and forensics has been cited by the Wall Street Journal, Reuters, Wired, and the BBC.