Holistic security from code to cloud

Talk by Peter O’Hearn, Lacework and University College London

Abstract:  Just over two years ago I moved to a new area, cloud security, when I going the startup company Lacework with the aim of building out a code security offering to complement the cloud workload (runtime) security offering they were based on.  In this talk I will tell you about some the fascinating program analysis problems and solutions that I bumped into, both for static (code) analysis and for runtime analysis.

I’ll describe the the challenges that arise when attempting to scale static analysis to many customers, the unusual uses of dynamic analysis I’ve observed, and how having an a holistic approach that mixes different analysis signals can lead to greater accuracy. The talk won’t be too technical: it’s more experience report than technical novelty, and will mainly contain a mixture of observations and demos.