mpm + confidentiality   54

Everything you should know about certificates and PKI but are too afraid to ask
This is the missing manual. I reckon most engineers can wrap their heads around all the most important concepts and common quirks in less than an hour. That’s our goal here. An hour is a pretty small investment to learn something you literally can’t do any other way.
confidentiality  integrity 
8 weeks ago by mpm
Application Layer Transport Security
The ALTS trust model has been tailored for cloud-like containerized applications. Identities are bound to entities instead of to a specific server name or host. This trust model facilitates seamless microservice replication, load balancing, and rescheduling across hosts
authentication  authorization  protocol  confidentiality 
may 2019 by mpm
step is a zero trust swiss army knife. It is an easy-to-use and hard-to-misuse utility that implements a broad set of useful zero trust primitives. The goal is to make it easier for developers, operators, and security professionals to experiment with, debug, and automate zero trust systems. Over time we plan to add infrastructure components and user-facing functionality that make building and using zero trust systems even easier.
integrity  confidentiality 
august 2018 by mpm
Istio adds traffic management to microservices and creates a basis for value-add capabilities like security, monitoring, routing, connectivity management and policy. The software is built using the battle-tested Envoy proxy from Lyft, and gives visibility and control over traffic without requiring any changes to application code
discovery  monitoring  confidentiality  integrity 
may 2017 by mpm
Monocypher is a small, secure, auditable, easy to use crypto library. It is heavily inspired by libsodium and TweetNaCl. It uses state of the art cryptographic primitives (Chacha20, Poly1305, Blake2b, Argon2i, x25519, and ed25519), and provides easy constructions on top of them
confidentiality  integrity 
february 2017 by mpm
Strobe protocol framework
Strobe is a new framework for cryptographic protocols. It can also be used for regular encryption. Its goals are to make cryptographic protocols much simpler to develop, deploy and analyze; and to fit into even tiny IoT devices
protocol  confidentiality  integrity 
january 2017 by mpm
Noise Protocol Framework
Noise is a framework for building crypto protocols. Noise protocols support mutual and optional authentication, identity hiding, forward secrecy, zero round-trip encryption, and other advanced features
confidentiality  protocol 
january 2017 by mpm
This is a header-only C++14 library implementing custom transport encryption using libsodium and Asio's stackless coroutines. It assumes pre-shared public keys and uses only the sealed box and crypto box constructs
c++  confidentiality  integrity  networking 
april 2016 by mpm
Generate and manage an internal CA for your company
confidentiality  integrity 
july 2015 by mpm
Secure Socket Funneling
Secure Socket Funneling (SSF) is a network tool and toolkit. It provides simple and efficient ways to forward data from multiple sockets (TCP or UDP) through a single secure TLS link to a remote computer
networking  confidentiality 
june 2015 by mpm
Decrypting TLS Browser Traffic With Wireshark
It turns out that Firefox and Chrome both support logging the symmetric session key used to encrypt TLS traffic to a file.  You can then point Wireshark at said file and presto! decrypted TLS traffic
browser  confidentiality  testing  networking 
february 2015 by mpm
Switch to HTTPS Now, For Free
step by step through signing up with StartSSL and creating your certificate. We’ll also cover installing it via nginx, but you can use the certificate with whatever web server you want.
confidentiality  home-it 
september 2013 by mpm
Sodium is a portable, cross-compilable, installable, packageable, API-compatible version of NaCl
confidentiality  integrity 
march 2013 by mpm
NaCl: Networking and Cryptography Library
NaCl (pronounced "salt") is a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc. NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools
confidentiality  integrity  networking 
march 2013 by mpm
Bitmessage is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities, like root certificate authorities. It also aims to hide "non-content" data, like the sender and receiver of messages, from eavesdroppers
networking  confidentiality  integrity  p2p 
december 2012 by mpm
SQLCipher is an open source extension to SQLite that provides transparent 256-bit AES encryption of database files
database  confidentiality  storage 
april 2012 by mpm
Password Authenticated Key Exchange by Juggling
Password Authenticated Key Exchange by Juggling (J-PAKE), achieves mutual au-thentication in two steps: first, two parties send ephemeral public keys to each other; second, they encrypt the shared password by juggling the public keys in a verifiable way
confidentiality  integrity  protocol  networking 
august 2011 by mpm
SSL termination: stunnel, nginx & stud
Here is the short version: to get better performance on your SSL terminator, use stud on 64bit system with patch from Émeric Brun for SSL session reuse with some AES cipher suite (128 or 256, does not really matter), without DHE, on as many cores as needed, a key size of 1024 bits unless more is needed.
confidentiality  performance 
august 2011 by mpm
Google+ Gets a “+1″ for Browser Security
Do these security measures make Google+ impervious to malicious activities? Absolutely not. Is it a good start? Yes, it is.
http  browser  integrity  confidentiality 
august 2011 by mpm
The spiped secure pipe daemon
a utility for creating symmetrically encrypted and authenticated pipes between socket addresses, so that one may connect to one address (e.g., a UNIX socket on localhost) and transparently have a connection established to another address (e.g., a
networking  confidentiality 
july 2011 by mpm
stud is a network proxy that terminates TLS/SSL connections and forwards the unencrypted traffic to some backend. It's designed to handle 10s of thousands of connections efficiently on multicore machines
networking  confidentiality  performance 
june 2011 by mpm
Data Management for Internet-Scale Single-Sign-On
We describe the data management requirements and architecture for this service, the problems we encountered, and the experience we’ve had running it. In doing so we provide perspective on “where theory meets practice.”
authentication  confidentiality  integrity 
february 2011 by mpm
Server Name Indication
Server Name Indication is a feature that extends the SSL and TLS protocol. It permits the client to request the domain name before the certificate is committed to the server. This is essential for using TLS in virtual hosting mode.
http  confidentiality 
january 2011 by mpm
Alfredo is a Java library consisting of a client and a server components to enable Kerberos SPNEGO authentication for HTTP.
java  integrity  confidentiality  authentication 
january 2011 by mpm
Don’t Hash Secrets
So here it is: Don’t hash secrets. Never. No, sorry, I know you think your case is special but it’s not. No. Stop it. Just don’t do it. You’re making the cryptographers cry.
january 2010 by mpm
We offer a fast, small symmetric encryption library written in Javascript
javascript  confidentiality 
december 2009 by mpm
Keyczar is an open source cryptographic toolkit designed to make it easier and safer for devlopers to use cryptography in their applications. Keyczar supports authentication and encryption with both symmetric and asymmetric keys
confidentiality  integrity 
june 2009 by mpm
The scrypt key derivation function
In the context of hardware brute-force attacks, scrypt is thousands of times more secure than existing "best practice" solutions such as bcrypt
integrity  confidentiality 
may 2009 by mpm
SELinux HowTo
Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) security mechanism implemented in the kernel
linux  integrity  confidentiality 
december 2008 by mpm
IPtables Examples
Simpler rulesets are at the start, with more complex scripts near the end
networking  linux  confidentiality  availability 
december 2008 by mpm
A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns
fault-prevention  integrity  confidentiality  testing 
july 2008 by mpm
Security as a System-Level Constraint
The essence of system-level design is the need to concurrently consider information from multiple engineering domains across multiple subsystems to assess holistic system properties
integrity  confidentiality  availability 
june 2008 by mpm
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows
confidentiality  networking  protocol  proxy 
may 2008 by mpm
Defense in Depth, Reconsidered: Is Information Security Anything Like War?
Despite repeated assertion, I am dubious about the standing of “defense in depth” as a core principle for security design.
integrity  confidentiality  availability 
april 2008 by mpm
Basic Principles Of Information Protection
As computers become better understood and more economical, every day brings new applications. Many of these new applications involve both storing information and simultaneous use by several individuals. The key concern in this paper is multiple use. For those applications in which all users should not have identical authority, some scheme is needed to ensure that the computer system implements the desired authority structure.
integrity  confidentiality 
april 2008 by mpm
Dogtag Certificate System
enterprise-class open source certificate authority
identity  linux  confidentiality 
march 2008 by mpm
The role of trust management in distributed systems security
we examine existing authorization mechanisms and their inadequacies. We introduce the concept of trust management, explain its basic principles, and describe some existing trust-management engines
distributed  integrity  confidentiality 
march 2008 by mpm
The Cactus Project
integrated design and implementation framework for supporting customizable dynamic fine-grain Quality of Service (QoS) attributes related to dependability, real time, and security in distributed systems
gcs  reliability  confidentiality  integrity  availability 
march 2008 by mpm
Zooko's triangle
Names: Decentralized, Secure, Human-Meaningful: Choose Two
january 2008 by mpm
a swiss-army-knife tool for web application hacking
http  integrity  confidentiality 
october 2007 by mpm
strong password hashing for Python
python  authentication  confidentiality 
october 2007 by mpm
Thoughts on Threat Modeling...
Remember that threat modeling is an analysis tool. You threat model to identify threats to your component, which then lets you know where you need to concentrate your resources
confidentiality  integrity  availability 
october 2007 by mpm
Threat Modeling: Uncover Security Design Flaws Using The STRIDE Approach
systematic approach to threat modeling developed in the Security Engineering and Communications group at Microsoft
confidentiality  integrity  availability 
october 2007 by mpm
Secure timestamping and confidential auditing
The purpose is to prove that a particular piece of content (i.e. some array of bits) existed at a particular period of time
integrity  confidentiality 
september 2007 by mpm
strong password hashing for Java
java  confidentiality  authentication 
september 2007 by mpm
Advances in Distributed Security
The old view "proved" that the integrity properties of a wide variety of services on which civilization depends, whether synchronized clocks, public directories , censorship-proof file sharing and publication, or issuing money or securities were "impossible" on asynchronous networks like the Internet unless we put unlimited faith in a third party to enforce many of the rules of the service. We now know how to provide such services with a high degree of integrity and availability, yet far more resilient to the possibility that any party might act in a malicious manner.
integrity  confidentiality 
september 2007 by mpm
Capability-Based Computer Systems
This book was published by Digital Press in 1984. It is still the most thorough survey and description of early capability-based and object-based hardware and software systems
book  integrity  confidentiality 
april 2007 by mpm
DMZ is an acronym that stands for De-Militarized Zone, and in the 'real' world it is the location between two hostile entities such as North and South Korea. In the Security community, however, it is a separate, untrusted network where boxes serving public services should be placed.
networking  integrity  confidentiality  availability 
january 2007 by mpm
Security Engineering - A Guide to Building Dependable Distributed Systems
When I wrote the first edition, we put the chapters online free after four years and found that this boosted sales of the paper edition. People would find a useful chapter online and then buy the book to have it as a reference. Wiley and I agreed to do the same with the second edition, and now, four years after publication, I am putting all the chapters online for free. Enjoy them – and I hope you'll buy the paper version to have as a conveient shelf reference
book  availability  confidentiality  integrity 
september 2006 by mpm
Handbook of Applied Cryptography
CRC Press has generously given us permission to make all chapters available for free download.
june 2006 by mpm
Rubberhose cryptographically deniable transparent disk encryption system
Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanims, such as U.K RIP legislation.
may 2006 by mpm

Copy this bookmark: