Threat Modeling the IoT Supply Chain

Presented at AppSec USA 2015, Sept. 25, 2015, 2 p.m. (55 minutes).

Internet of Things (IoT) invites different risks and attacks as we are in the process of living in a fully connected world. There are security and privacy concerns that have no regulations for the IoT industry. In short, it is the wild west. As the relevance of IoT devices continue to rise, traction for guidelines and standards are being created. However, these standards are missing a key factor when stating "secure by design" and "privacy by design". From an insider perspective in the IoT industry, we will threat model the supply chain and development lifecycle of these IoT devices to understand the vulnerabilities in each process.


Presenters:

  • Aaron Guzman - Principal Security Consultant - SecureWorks
    Aaron Guzman is a Principal Security Consultant from the Los Angeles area with expertise in web application security, mobile application security, and embedded security. He has previously worked with established tech companies such as Belkin, Linksys, Symantec and Dell, breaking code and architecting infrastructures. With Aaron's years of experience, he has given a number of presentations at various conferences ranging from DEFCON and OWASP's Appsec USA, to developer code camps around the world. Furthermore, Aaron is a Chapter leader for the Open Web Application Security Project (OWASP) Los Angeles, Cloud Security Alliance SoCal (CSA SoCal), and a Technical Editor for Packt Publishing. He has contributed to many IoT security guidance publications from CSA, OWASP, Prpl, and others. Aaron leads the OWASP Embedded Application Security project; providing practical guidance to address the most common firmware security bugs to the embedded and IoT community. You can follow Aaron's latest research on twitter at @scriptingxss

Links:

Tags:

Similar Presentations: