article thumbnail

Safety and Security in Automated Driving

Adam Shostack

Safety First For Automated Driving " is a big, over-arching whitepaper from a dozen automotive manufacturers and suppliers. I also like Figure 27 & 28 (shown), showing risks associated with a generic architecture. Lets explore the risks associated with Automated Driving.

Risk 189
article thumbnail

Hoarding, Debt and Threat Modeling

Adam Shostack

This is why I included interpersonal factors in the Jenga whitepaper.) On the other side is a whiteboard with a software architecture diagram We all have too many tasks, and those where you cant imagine success, or where success seems not worth the price, are ones we want to skip.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

WHITEPAPER: Authentication Does Not Equal Zero Trust

Security Boulevard

Many vendor claims are unclear as to what they’re promising in this space, but they are quite insistent that without Zero Trust network architectures, organizations are at great risk for data breaches and other network sabotage. The post WHITEPAPER: Authentication Does Not Equal Zero Trust appeared first on Security Boulevard.

article thumbnail

Safety and Security in Automated Driving

Adam Shostack

“ Safety First For Automated Driving ” is a big, over-arching whitepaper from a dozen automotive manufacturers and suppliers. I also like Figure 27 & 28 (shown), showing risks associated with a generic architecture.

Risk 140
article thumbnail

MITRE ATT&CK: The Magic of Application Mitigations

Cisco Security

Today’s application architectures support fast, continuous innovation. Back end architectures use small, independent code modules called microservices. Clearly today’s application architectures use a lot of components, making them more complex, but the benefits run deep. They were simpler, sure, but so are horse-drawn carriages.

article thumbnail

A Spectre proof-of-concept for a Spectre-proof web

Google Security

We've confirmed that this proof-of-concept, or its variants, function across a variety of operating systems, processor architectures, and hardware generations. In 2019, the team responsible for V8, Chrome’s JavaScript engine, published a blog post and whitepaper concluding that such attacks can’t be reliably mitigated at the software level.

article thumbnail

Trust in transparency: Private Compute Core

Google Security

Let us show you our work The publicly-verifiable architectures in PCC demonstrate how we strive to deliver confidentiality and control, and do it in a way that is verifiable and visible to users. To explain in even more detail, we’ve published a technical whitepaper for researchers and interested members of the community.