Presented at
DeepSec 2015 „DeepSec No. 9“,
Nov. 20, 2015, 11 a.m.
(50 minutes)
Workflows with Segregation-of-Duty requirements or involving multiple
parties with non-aligned interests (typically mutually distrustful) pose
interesting challenges in often neglected security dimensions. Cryptographic approaches are presented to technically enforce strict
auditability, traceability and multi-party-authorized access control and
thus, also enable exoneration from allegations. These ideas are illustrated by challenging examples - constructing various
checks and balances for Telecommunications data retention, a vividly
discussed and widely known issue.
Presenters:
-
Thomas Maus
- IT-Security Expert / Self-employed
Thomas Maus holds a graduate in computer science.
He is consulting in the areas of system security, the analysis, tuning,
and prognosis of system performance, as well as the management of large,
heterogenous, mission-critical installations since 1993.
Projects range from architecture, implementation and operation of large
application clusters over technical project management, organisational and technical trouble-shooting, security assessments, establishing of security governance processes, security policies and analysis for trading rooms and the like to training of international police special forces for combatting cyber-crime.
He started his computing career 1979, at the age of sixteen, when winning the computing equipment for his school in a state-wide competition.
Soon followed the teamworked development of a comprehensive SW for school
administration on behalf of the federal state -- here a long lasting affection
for questions of system security, performance and architecture started.
Around 1984 he fell in love with UNIX systems and IP stacks and embraced the idea of Free Software.
Links: