Home > Speakers >

Aljoscha Lautenbach

Aljoscha Lautenbach is a consultant at the Swedish engineering company Evidente which focuses on key aspects of embedded systems development. Aljoscha is Evidente's lead engineer in the area of cyber security, and he has worked on topics ranging from risk assessment to security architecture, design and implementation. He also represents Evidente in the Swedish ISO committee for the upcoming joint ISO/SAE standard 21434 on cybersecurity engineering for road vehicles and is a co-author of the HEAVENS risk assessment model mentioned in SAE's cybersecurity guidebook J3061. Aljoscha holds a BSc in Knowledge Engineering from Maastricht University, a MSc in Computer Systems and Networks from Chalmers University of Technology, and he is in the final phase of his PhD in automotive cyber security at Chalmers.

Hardening Linux for Embedded Systems

Status: Coming up in April 2024!

With increasing regulatory requirements on cybersecurity around the world, it is more important than ever to secure the systems you develop. As Linux is an integral part of many embedded systems, we will address how to harden Linux systems, in other words, how to reduce their attack surface by applying appropriate configurations. Linux hardening is a vast topic, so we will give a high-level overview of the topic, and then dive deeper into a few chosen topics.

Among other things, you will learn the following:

  • What is hardening and when is a system sufficiently "hardened"
  • How to weigh trade-offs between security and performance of certain kernel configurations
  • Which Linux Security Modules (LSMs) exist, and which are most useful for embedded use cases
  • How to configure a standard firewall with nftables
  • How to configure SSH for maintenance & diagnostics
  • Which tools can help you with the hardening process

Go to Session

Common cryptography mistakes for software engineers (2020)

Status: Available Now

Most implementations of security mechanisms depend on cryptography, and yet, many vulnerabilities exist because cryptography is used incorrectly. This is partly due to lacking user-friendliness of cryptographic library API designs [1][2], and partly due to a lack of education in the developer community of the underlying mechanisms. As for the API design, we can only lobby for more user-focused design during library development and advocate user-friendly libraries. We can, however, try to improve the communal understanding of how to use cryptography securely. By way of examples, this talk will explore questions such as: What is an IV and why does it matter? Why does entropy matter? Which cipher mode is appropriate for my application? In essence, we highlight points to watch out for when implementing security mechanisms using cryptography.

[1] https://www.cl.cam.ac.uk/~rja14/shb17/fahl.pdf, Comparing the Usability of Cryptographic APIs, IEEE S&P 2017

[2] http://mattsmith.de/pdfs/DevelopersAreNotTheEnemy.pdf, Developers are not the enemy! The need for usable security APIs, IEEE S&P 2016

Go to Session