Talks
Speakers
Events
Topics
Sign in
Home
Talks
Speakers
Events
Topics
Leaderboard
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
Using Ruby In Security Critical Applications by Tom Macklin We’ve worked to improve security in MRI for a variety of security critical applications, and will describe some of our successes and failures in terms of real-world applications and their various runtime environments. We will describe some of the security principles that guide our work, and how they fit in with the ruby culture. We will also introduce some objectives we have moving forward to improve ruby’s security, and ways we’d like to engage the community to help. Help us caption & translate this video! http://amara.org/v/H1hn/
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
The video titled "Using Ruby In Security Critical Applications" by Tom Macklin, presented at RubyConf 2015, delves into the various security measures taken to enhance the Ruby programming language for applications that require high security. Macklin draws from his experiences at the US Naval Research Laboratory and emphasizes the importance of simplicity and effective architectural design in programming and security. Key points discussed include: - **Understanding 'Security Critical':** Macklin opens by clarifying the term "security critical" and sharing his insights from past experiences, stressing that security cannot be guaranteed solely through assurances but instead requires meaningful evidence and effective architecture. - **Assurance Principles (NEAT):** He introduces the NEAT principles—Non-bypassable, Evaluatable, Always invoked, and Tamper-evident—highlighting their importance in establishing robust security frameworks throughout the system's architecture. - **Security Controls:** Emphasizing layers of security, Macklin discusses how integrating the right security controls at appropriate layers is crucial. He advises on utilizing operating system controls that prevent unauthorized access to sensitive data and systems. - **Use Case Examples:** Macklin offers a composite use case to demonstrate security principles in action, showing that secure system architecture can significantly reduce vulnerabilities by adopting simpler design principles. - **Community Engagement for Security Enhancements:** The speaker also shares initiatives aimed at improving Ruby’s security and invites community involvement to bolster these efforts. - **Integration and Isolation:** He discusses the significance of isolating processes within services and emphasizes enterprise integration as a vital aspect to maintain security, particularly with regard to communication protocols and database access. - **Future Aspirations:** Towards the conclusion, Macklin highlights future objectives that include automating security rule sets, employing monads for validation, and exploring tools that can enhance security measures in Ruby applications. Overall, Macklin's presentation emphasizes that thorough architectural thinking, community collaboration, and systematic security measures can enhance Ruby’s applications in environments where security is paramount. His insights encourage developers to adopt a methodical approach to security while fostering collaboration within the Ruby community to tackle security challenges collectively.
Suggest modifications
Cancel
