Be the first to like this
The slides of my 'defeating trojans' talk at the OHM2013 festifal in Geesterambacht.
The talk is about how applying encapsulation, decomposition, attenuation and, most important of all, delegation to multiple granularity levels can lead to tighter, more user friendly and more flexible security. How applying these general concepts can help reduce the size of the trusted code-base and why this is essential if we want to defeat Trojans and mitigate the impact of software vulnerabilities.
After laying down some general guidelines for achieving this, the talk goes into how the AppArmor/MinorFS/E stack and to a lesser extend the AppArmor/MinorFS/C++ stack allowed these concept to be applied for building custom high integrity systems by 'taming' the system's persistent mutable state. The talk is than concluded with an outline of how the upcoming MinorFS2, with the help from AppArmor, will try to retrofit this taming of mutable state to programs not explicitly written to use MinorFS, while at the same time providing convenient APIs for interpreters and programs with special needs, thus creating an essential building-block for defeating Trojans and mitigating the effects of software vulnerabilities.