Conference: Jun 26-28, 2017
Workshops: Jun 29-30, 2017
Presentation: Trusting Mobile Clients with Remote Attestation
Abstract
Everyone knows that in client-server systems, you can't trust the client. However, remote attestation gives us a way to change this. As Square provides financial services on unmanaged mobile devices, building more visibility into the client's runtime environment helps us fight fraud and offer unique features. In this talk I'll describe the systems we've developed to verify that our app is unmodified and running in a secure environment.
Naive client-side tampering checks are relatively easy to circumvent, since attackers can modify both the application and the OS. To counter this, we use a server-driven system that dynamically interrogates the client software. I'll discuss how we manage a rules system with hundreds of interdependent modules, build robust anomaly detection models without having any data from attackers, and support millions of devices running thousands of firmware versions. Our system has parallels with intrusion detection, hardware tamper detection, and systems combating spam, fraud, and abuse.
Similar Talks
Tracks
Monday, 26 June
-
Microservices: Patterns & Practices
Practical experiences and lessons with Microservices.
-
Java - Propelling the Ecosystem Forward
Lessons from Java 8, prepping for Java 9, and looking ahead at Java 10. Innovators in Java.
-
High Velocity Dev Teams
Working Smarter as a team. Improving value delivery of engineers. Lean and Agile principles.
-
Modern Browser-Based Apps
Reactive, cross platform, progressive - webapp tech today.
-
Innovations in Fintech
Technology, tools and techniques supporting modern financial services.
Tuesday, 27 June
-
Architectures You've Always Wondered About
Case studies from the most relevant names in software.
-
Developer Experience: Level up Your Engineering Effectiveness
Trends, tools and projects that we're using to maximally empower your developers.
-
Chaos & Resilience
Failures, edge cases and how we're embracing them.
-
Stream Processing at Large
Rapidly moving data at scale.
-
Building Security Infrastructure
How our industry is being attacked and what you can do about it.
Wednesday, 28 June
-
Next Gen APIs: Designs, Protocols, and Evolution
Practical deep-dives into public and internal API design, tooling and techniques for evolving them, and binary and graph-based protocols.
-
Immutable Infrastructures: Orchestration, Serverless, and More
What's next in infrastructure. How cloud function like lambda are making their way into production.
-
Machine Learning 2.0
Machine Learning 2.0, Deep Learning & Deep Learning Datasets.
-
Modern CS in the Real World
Applied, practical, & real-world dive into industry adoption of modern CS.
-
Optimizing Yourself
Maximizing your impact as an engineer, as a leader, and as a person.
-
Ask Me Anything (AMA)
