PKI Trust Models: Whom do you trust?
- Blaine Hein - Master's Degree Candidate
- Tuesday, March 15th, 8:15pm - 8:55pm
The media has given PKI a lot of attention recently. Secure web server exploits and signed malware erode trust in PKI. Despite this negative media attention, little detailed discussion occurs regarding PKI Trust proliferation. PKI is an integral part of our daily lives even though, for the most part, we never notice it. Europe is several years ahead of North America in the ubiquitous deployment of PKI to its citizens, but North America has begun to catch up. This paper covers four major areas including the definition of trust and trust models, implementation of trust, auditing of trust, and managing trust. The paper provides proof of concept tools to allow administrators to understand their current level of PKI trust and techniques manage trust.
Speaker Bio: Mr Blaine Hein is a Principal Scientist and Project Manager working for the NATO Communications and Information Agency. He has over 23 years of experience working in the areas of INFOSEC, Information Assurance, and Cyber Defence. Mr Hein started his IT Security career working for the Communications Security Establishment Canada as an INFOSEC engineer in 1992. His responsibilities included fibre optic distribution systems, cryptographic engineering and evaluation, international standards, and computer and network vulnerability education programs. Since moving to NATO he has been involved with the development of Information Assurance policy and in November 2006 Blaine deployed the first interim NATO PKI capability. From 1990 to 1992 he worked in both the telecommunications and aerospace engineering fields.
Mr Hein completed a Bachelor of Computer Engineering from the University of Manitoba in Winnipeg, Canada in 1990. Blaine is a candidate in the Master of Science Degree Program of SANS Technology Institute, and holds several GIAC Certifications.
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
- Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Saturday, March 12
| Session | Speaker | Time | Type |
|---|---|---|---|
| GSE Lab Examination | — | Saturday, March 12th, 8:00am - 5:30pm | Special Events |
Sunday, March 13
| Session | Speaker | Time | Type |
|---|---|---|---|
| GSE Lab Examination | — | Sunday, March 13th, 8:00am - 5:30pm | Special Events |
| Securing Your Kids | Lance Spitzner | Sunday, March 13th, 7:00pm - 8:00pm | SANS@Night |
Monday, March 14
| Session | Speaker | Time | Type |
|---|---|---|---|
| General Session - Welcome to SANS | Bryan Simon | Monday, March 14th, 8:15am - 8:45am | Special Events |
| Women in Technology Meet and Greet | — | Monday, March 14th, 6:00pm - 7:00pm | Special Events |
| Analyzing the Ukrainian Power Grid Cyber-Attacks | Jake Williams | Monday, March 14th, 7:15pm - 9:15pm | Keynote |
Tuesday, March 15
| Session | Speaker | Time | Type |
|---|---|---|---|
| SSL & TLS Nuts, Bolts, and Best Practices | Brian McHenry, Security Solutions Architect | Tuesday, March 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Applying the Cyber Kill Chain to Enterprise Defense | George Ressopoulos, Senior Security Consultant | Tuesday, March 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Navigating Today's Threat Landscape | Matt Hickey, Director, Sales Engineering | Tuesday, March 15th, 12:30pm - 1:15pm | Lunch and Learn |
| Improving the Threat Intelligence Management Process | Trevor Welsh, Director of Sales Engineering | Tuesday, March 15th, 12:30pm - 1:15pm | Lunch and Learn |
| How to Become a SANS Instructor | Eric Conrad | Tuesday, March 15th, 12:30pm - 1:15pm | Special Events |
| SANS Technology Institute Lunch and Learn | — | Tuesday, March 15th, 12:30pm - 1:15pm | Lunch and Learn |
| The PC-Malware Zoo: We Promise You Won't Like It | Speaker: Paul Schofield, Director of Customer Experience | Tuesday, March 15th, 12:30pm - 1:15pm | Lunch and Learn |
| GIAC Program Reception | Presented by Jeff Frisk | Tuesday, March 15th, 6:15pm - 7:15pm | Special Events |
| Using an Open Source Threat Model for Prioritized Defense | James Tarala | Tuesday, March 15th, 7:15pm - 8:15pm | SANS@Night |
| Data Theft in the 21st Century | Mike Poor | Tuesday, March 15th, 7:15pm - 8:15pm | SANS@Night |
| Making Awareness Stick | Lance Spitzner | Tuesday, March 15th, 7:15pm - 8:15pm | SANS@Night |
| Next Gen Patch Management for Microsoft Windows - A Call for Improved Tools | Jason Simsay - Master's Degree Candidate | Tuesday, March 15th, 7:15pm - 7:55pm | Master's Degree Presentation |
| The Current State of Cyber Security | Justin Searle | Tuesday, March 15th, 7:15pm - 8:15pm | Special Events |
| Making Deception a Thing for Things | Dr. Johannes Ullrich | Tuesday, March 15th, 8:15pm - 9:15pm | SANS@Night |
| Windows Exploratory Surgery with Process Hacker | Jason Fossen | Tuesday, March 15th, 8:15pm - 9:15pm | SANS@Night |
| PKI Trust Models: Whom do you trust? | Blaine Hein - Master's Degree Candidate | Tuesday, March 15th, 8:15pm - 8:55pm | Master's Degree Presentation |
Wednesday, March 16
| Session | Speaker | Time | Type |
|---|---|---|---|
| Solutions Expo | — | Wednesday, March 16th, 12:00pm - 1:30pm | Vendor Event |
| Solutions Expo | — | Wednesday, March 16th, 5:30pm - 7:30pm | Vendor Event |
| Smartphone and Network Forensics Goes Together Like Peas and Carrots | Heather Mahalik and Phil Hagen | Wednesday, March 16th, 7:15pm - 8:15pm | SANS@Night |
| The Crazy New World of Cyber Investigations: Law, Ethics and Evidence | Ben Wright | Wednesday, March 16th, 7:15pm - 8:15pm | SANS@Night |
| Enforcing Application Security | Michael Matthee - Master's Degree Candidate | Wednesday, March 16th, 7:15pm - 7:55pm | Master's Degree Presentation |
| The 14 Absolute Truths of Security | Keith Palmgren | Wednesday, March 16th, 8:15pm - 9:15pm | SANS@Night |
| Beyond the Pentest: How C2, Internal Pivoting, and Data Exfiltration Show True Risk | Beau Bullock | Wednesday, March 16th, 8:15pm - 9:15pm | SANS@Night |
| Intrusion Detection with PowerShell | Michael Weeks - Master's Degree Candidate | Wednesday, March 16th, 8:15pm - 8:55pm | Master's Degree Presentation |
Thursday, March 17
| Session | Speaker | Time | Type |
|---|---|---|---|
| Automating the Hunt for Attackers | Dan Mitchell, Solutions Engineer | Thursday, March 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Beyond Who is: See Threats Coming | Steve Butt, Technical Sales Engineer | Thursday, March 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Flipping the Economics of Attacks | Etay Nir, Malware and Threat Intelligence CE | Thursday, March 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Using Splunk to visualize Vulnerability data | Jeff Leggett, Director, Cloud Services, API, and Integrations for Qualys | Thursday, March 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Inventive and Productive Ways to Engage Employees on Cyber Skills Development | Aaron Cohen, Director of Product Management | Thursday, March 17th, 12:30pm - 1:15pm | Lunch and Learn |
| Malware Analysis for Incident Responders: Getting Started | Lenny Zeltser | Thursday, March 17th, 7:15pm - 9:15pm | SANS@Night |
| Card Fraud 101 | G. Mark Hardy | Thursday, March 17th, 7:15pm - 8:15pm | SANS@Night |
| Custom Digital Forensics Tools in Python | Evan Dygert | Thursday, March 17th, 7:15pm - 8:15pm | SANS@Night |
| Exploits of Yesteryear Are Never Truly Gone | Marsha Miller - Master's Degree Candidate | Thursday, March 17th, 7:15pm - 7:55pm | Master's Degree Presentation |
| Debunking the Complex Password Myth | Keith Palmgren | Thursday, March 17th, 8:15pm - 9:15pm | SANS@Night |
| Uncovering Indicators of Compromise (IoC) Using PowerShell, Event Logs, and Nagios | Dallas Haselhorst - Master's Degree Candidate | Thursday, March 17th, 8:15pm - 8:55pm | Master's Degree Presentation |
