Note

My lectures at the university are here .

Security

The smart energy grids of the future depend a lot on our ability to build reliable and scalable infrastructures and components. My talk was about system and component security, not Internet security and the goal was, to show security concepts from other industry branches. "Security in Finance and Beyond" was held at the Smart Grids Week 2013 in Salzburg. It starts with an overview of security in the financial industry - an industry that is mission critical and that has been doing business over the internet for many years. While things like user access control systems, permanent vigiliance with respect to new attack vectors etc. certainly have merit, the talk shows that this is not enough. That the very foundation of mission critical software systems is weak. The abundance of ambient authority leads to fragile systems. The talk then shows some alternatives, mostly based on the concept of object capabilities.

Judging from the responses (mostly very positive) that I received, the electrical power community was a bit surprised about the fundamental security problems that all types of software still show today.

Security and Software-Quality are tightly related. Many security problems really are general software quality problems. The talk shows trends, root-causes and concepts for authority reduction. Usability is also touched. see BWCon Talk on Security and Quality at eXept AG

A talk at SPIQ in Freiburg on new dimensions in security

Dimensions of Security( powerpoint slides ).I've done a little talk on security for SPIQ. I tried to give an overview of some current problems and ways to tackle the awareness problem (e.g. by using threat models). I was going from technical things over to the social dangers without and with security. As usually, reality makes our fears come true faster than one would expect. The next morning I read about the european initiative by France, Sweden and others to collect ALL data from internet and phone traffic WITHOUT PROBABLE CAUSE. And of course terrorism is one of the reasons for that. And equally normal is that no explanation is given about the positive and negative uses of all those data. See B├╝rgerrechtsgruppen warnen vor europaweiter Pauschalschn├╝ffelei

A talk on webservices security pdf version

powerpoint version