Keynote Speakers

Her kan du læse mere om vores Keynote speakers på Driving IT.

Thomas Dullien, Optimyze: Security, Moore's Law, and the anomaly of cheap complexity
It is fashionable to speak about a "digital transformation"- but what are the factors that drive this transformation? One is Moore's law - the clockwork-like regularity with which transistors are shrunk further and further -- and one is universal computing. Universal computing implies (among other things) that one can easily specialize an existing complicated device (a CPU) to simulate a much simpler device. Moore's law means one can build an ever-more complicated device, ever-more cheaply. Both factors have led to an exponential increase in complexity - which is generally regarded as bad for security: It is often cheaper to use a very complicated device to simulate a simple device than to build the simple device - and the code to simulate this simple device needs to be written only once, and can be re-used at essentially zero cost. Adding more software complexity does not impact unit costs - but adds to the security burden.

This keynote discusses how these two underlying factors drive many of the problems in security:

  • Hardware supply-chain issues and the impossibility of inspecting modern ICs
  • Software security problems, or the difficulty of making sure the simulated
    simple device stays simple
  • Software supply-chain issues, or how somebody's hobby project ends up in a
    billion devices

The takeaway will be better understanding of the magnitude of the complexity we are facing, how the same factors that drive digitization drive this complexity, and how much of security is a (somewhat desperate) attempt to contain complexity.

Thomas Dullien is a security researcher and ex-entrepreneur well-known for his contributions to the theory and practice of vulnerability development and software reverse engineering. While studying for his MSc in mathematics, his research on graph-based code similarity won the Horst-Goertz Prize in 2006 - then Germany's biggest privately financed research prize in the natural sciences. He commercialized this research in a company called zynamics which got acquired by Google, leading to him aborting his PhD studies. He has worked on topics from the very practical (turning security patches into attacks) and concrete (turning physics-induced DRAM bitflips into useful attacks) to the theoretical (attempting to clarify the theoretical foundations of exploitation). After 7 years of Google - 5 in their threat analysis department, and two years at Google Project Zero, he recently left to start a new venture focused on efficient computation in the cloud,


Bekræftede Keynote:
Per Thorsheim, CSO Nordic Choice Hotels
Keld Norman, Dubex