Zero-trust security dictates that every access control right be a privilege that is unambiguously granted, and is similar in spirit to whitelisting-based security design, which allows only those actions that are explicitly enumerated and disallows the rest. When applied to enterprise security, this requires the security system designer to exhaustively think through who is allowed to access what under which conditions. Although conceptually straightforward, whitelisting presents many practical implementation barriers in its application to securing real-world enterprise networks and systems, particularly with respect to how to accurately and easily capture the allowed list of resource access actions in a given enterprise system, and to maintain it in the face of constant system updates. In this presentation, I will talk about how to apply whitelisting to achieving zero-trust enterprise security, the main practical implementation challenges associated with whitelisting, and how we are addressing them.
Dr. Tzi-cker Chiueh is currently the General Director of Information and Communications Labs at ITRI, and Research Professor in the Computer Science Department of Stony Brook University and National Tsing Hua University. Before joining ITRI, Dr. Chiueh served as the director of Core Research in Symantec Research Labs. He received his BSEE from National Taiwan University, MSCS from Stanford University, and Ph.D. in CS from University of California at Berkeley in 1984,1988, and 1992, respectively. He received an NSF CAREER award, numerous best paper awards including 2008 IEEE International Conference on Data Engineering (ICDE), 2013 ACM Systems and Storage (SYSTOR) conference, 2015 ACM Virtual Execution Environment (VEE) Conference., 2016 IEEE Infocom Test of Time Paper Award, and 2016 ACM CGO Test of Time Paper Award, 2013 東元獎, 2017 潘文淵傑出研究獎 and 2019 中國電機工程獎章.
Dr. Chiueh has published over 200 technical papers in referred conferences and journals. His current research interest lies in AI systems/applications, data/energy storage systems, and software security.