SlideShare a Scribd company logo

Hardware, and Trust Security: Explain it like I’m 5!

Teddy Reed
Teddy Reed
Technology
1 of 85
Download to read offline
Hardware, and Trust Security: Explain it like I’m 5! Teddy Reed teddy.reed@gmail.com …or maybe 15, 27, 55?? Nicholas Anderson nanderson7@gmail.com
DEFCON 0x17=23 Hardware and Trust Security Objectives 2 To simplify some otherwise complex explanations of hardware security Provide an overview of obscure protocols, technologies, features Satisfy our burning desire for lego & Pokémon references Highlight previously controversial uses of hardware security 1. 2. 4. Inspire hardware security and trust enthusiasm3.
DEFCON 0x17=23 Hardware and Trust Security Outline 3 Designer and administrator goals Failures, uses, and use cases Hardware security building blocks 1. 2. 4. Components; technologies, protocols, features3.
DEFCON 0x17=23 Hardware and Trust Security Outline 4 Designer and administrator goals Failures, uses, and use cases Hardware security building blocks 1. 2. 4. Components; technologies, protocols, features3.
DEFCON 0x17=23 Hardware and Trust Security Outline 5 Designer and administrator goals1. We want to protect processes and code the same way we protect machines on a network Authentication, confidentiality, trust relationships Isolate, reduce attack surface, audit Use: to protect:
DEFCON 0x17=23 Hardware and Trust Security6 unprivileged privileged
DEFCON 0x17=23 Hardware and Trust Security7 unprivileged privileged 0 3
DEFCON 0x17=23 Hardware and Trust Security8 privileged 0 3 unprivileged user root
DEFCON 0x17=23 Hardware and Trust Security9 privileged 0 3 unprivileged user root most privileged -1
DEFCON 0x17=23 Hardware and Trust Security10 privileged 0 3 unprivileged user root most privileged -1
DEFCON 0x17=23 Hardware and Trust Security11 Crossing a protection domain defined by the architecture, not the operating system this is NOT checking capabilities, comparing integers or consulting a bitmask mode of permissions API defined by instruction set architecture operating system implements both domains some instructions [rdmsr] limited to privileged 1. 2. 4. concept should apply to all forms of memory*3. *virtual address translation logic within MMU
DEFCON 0x17=23 Hardware and Trust Security12 Crossing a protection domain defined by the architecture, not the operating system kernel user there are LOTs of ways to cross ‘most’ cause a context switch rippling effects on performance of the process and the system in general! 0 3
DEFCON 0x17=23 Hardware and Trust Security13 static inline long long unsigned time_ns(struct timespec* const ts) { if (clock_gettime(CLOCK_REALTIME, ts)) { exit(1); } return ((long long unsigned) ts->tv_sec) * 1000000000LLU + (long long unsigned) ts->tv_nsec; } int main(void) { const int iterations = 10000000; struct timespec ts; const long long unsigned start_ns = time_ns(&ts); for (int i = 0; i < iterations; i++) { if (syscall(SYS_gettid) <= 1) { exit(2); } } const long long unsigned delta = time_ns(&ts) - start_ns; return 0; } by Benoit Sigoure
 @github.com/tsuna/contextswitch Measure context switch impact
DEFCON 0x17=23 Hardware and Trust Security14 static inline long long unsigned time_ns(struct timespec* const ts) { if (clock_gettime(CLOCK_REALTIME, ts)) { exit(1); } return ((long long unsigned) ts->tv_sec) * 1000000000LLU + (long long unsigned) ts->tv_nsec; } int main(void) { const int iterations = 10000000; struct timespec ts; const long long unsigned start_ns = time_ns(&ts); for (int i = 0; i < iterations; i++) { if (syscall(SYS_gettid) <= 1) { exit(2); } } const long long unsigned delta = time_ns(&ts) - start_ns; return 0; } by Benoit Sigoure
 @github.com/tsuna/contextswitch Measure context switch impact Various cache invalidations, and look- aside buffer trampling, scheduling on different hardware threads (affinity)
DEFCON 0x17=23 Hardware and Trust Security15 Crossing a protection domain kernel user
DEFCON 0x17=23 Hardware and Trust Security16 Crossing a protection domain process net
DEFCON 0x17=23 Hardware and Trust Security17 Crossing a ‘protection’ domain process net TCP/443 your PC LAN You defined a protocol to handle/serve requests that separates two trust domains API defined by protocol and RFC* operating system implements both domains lots of capability limited to service* 1. 2. 4. concept should apply to all forms of memory3.
DEFCON 0x17=23 Hardware and Trust Security18 Hardware and trust security The operating system (software) provides primitives that help us build and secure network services …hardware provides primitives to build and secure operating systems and software Begins at primitives, then forms features and technology often encapsulated into a security-focused capability
DEFCON 0x17=23 Hardware and Trust Security19 Hardware and trust stack primitives features and specifications technologies capability
DEFCON 0x17=23 Hardware and Trust Security20 Hardware and trust stack primitives features and specifications technologies capability
DEFCON 0x17=23 Hardware and Trust Security21 Hardware and trust stack primitives features and specifications technologies capability
DEFCON 0x17=23 Hardware and Trust Security22 primitives features and specifications technologies capability
DEFCON 0x17=23 Hardware and Trust Security23 primitives features and specifications technologies capability or implementation
DEFCON 0x17=23 Hardware and Trust Security Outline 24 Designer and administrator goals Failures, uses, and use cases Hardware security building blocks 1. 2. 4. Components; technologies, protocols, features3.
DEFCON 0x17=23 Hardware and Trust Security Outline 25 Hardware security building blocks2. Consider building the perfect Pokémon team …pretty much always on our minds
DEFCON 0x17=23 Hardware and Trust Security26 Psychic:
 Poison, Fighting Water/Ice Hybrid:
 Fire, Grass, Dragon, Rock, Ground, Flying
 Grass, Electric Electric: Water, Flying vs. Ground, Grass Dragon:
 Dragon vs. Ice Fire: Grass, Bug, Ice Rock, Ground, Water Normal, or Fighting:
 Creativity The line up is well understood based on a series of attributes each lineup attribute is a primitive
DEFCON 0x17=23 Hardware and Trust Security27 Psychic:
 Poison, Fighting Water/Ice Hybrid:
 Fire, Grass, Dragon, Rock, Ground, Flying
 Grass, Electric Electric: Water, Flying vs. Ground, Grass Dragon:
 Dragon vs. Ice Fire: Grass, Bug, Ice Rock, Ground, Water Normal, or Fighting:
 Creativity
DEFCON 0x17=23 Hardware and Trust Security28 Pro tip: Information security Like balancing your Pokémon team eventually you’ll get beat by a 12 y/o suck it up and always hold grudges
DEFCON 0x17=23 Hardware and Trust Security Reminder 29 Designer and administrator goals Failures, uses, and use cases Hardware security building blocks 1. 2. 4. Components; technologies, protocols, features3.
DEFCON 0x17=23 Hardware and Trust Security Building blocks 30 dedicated storage algorithm implementations tamper resilience extendable trust isolated execution monitoring & auditingstate maintenance dedicated I/O
DEFCON 0x17=23 Hardware and Trust Security Building blocks 31 dedicated storage algorithm implementations tamper resilience extendable trust isolated execution monitoring & auditingstate maintenance dedicated I/O
DEFCON 0x17=23 Hardware and Trust Security Example: Build a TPM 32 dedicated storage algorithm implementations tamper resilience extendable trust isolated execution monitoring & auditingstate maintenance dedicated I/O ✔ ✔ ✔ ✔ ✔ ✔ Trusted Platform Module
DEFCON 0x17=23 Hardware and Trust Security Example: Build a HSM 33 dedicated storage algorithm implementations tamper resilience extendable trust isolated execution monitoring & auditingstate maintenance dedicated I/O ✔ ✔ ✔ ✔ ✔ ✔ ✔ Hardware Security Module
DEFCON 0x17=23 Hardware and Trust Security Building blocks 34 dedicated storage algorithm implementations tamper resilience extendable trust isolated execution monitoring & auditingstate maintenance dedicated I/O
DEFCON 0x17=23 Hardware and Trust Security Building blocks 35 dedicated storage DRAM 0x0 0x7FFFFFFFFFFF… NVRAM 0x0 0x800000 *Memory sizes not to scale
DEFCON 0x17=23 Hardware and Trust Security Building blocks 36 dedicated storage DRAM 0x0 0x7FFFFFFFFFFF… NVRAM 0x0 0x800000 *Memory sizes not to scale open, inw, outw byte transfer over bus (1) (2) (3)
DEFCON 0x17=23 Hardware and Trust Security Building blocks 37 dedicated storage means plus providing a policy enforcement point or limiting transformation
DEFCON 0x17=23 Hardware and Trust Security Building blocks 38 dedicated storage providing a policy enforcement point or limiting transformation plus equals
DEFCON 0x17=23 Hardware and Trust Security Building blocks 39 dedicated storage providing a policy enforcement point or limiting transformation plus equals
DEFCON 0x17=23 Hardware and Trust Security Building blocks 40 dedicated storage providing a policy enforcement point or limiting transformation plus MISTY CANT USE ASH’S POKEMON equals
DEFCON 0x17=23 Hardware and Trust Security Building blocks 41 dedicated storage providing a policy enforcement point or limiting transformation magic
DEFCON 0x17=23 Hardware and Trust Security Building blocks 42 algorithm implementations read/write
DEFCON 0x17=23 Hardware and Trust Security Building blocks 43 algorithm implementations sign, encrypt/decrypt
DEFCON 0x17=23 Hardware and Trust Security Building blocks 44 algorithm implementations sign, encrypt/decrypt provide algorithm in as hardware fast path caller provides all data including keying materials
DEFCON 0x17=23 Hardware and Trust Security Building blocks 45 algorithm implementations
DEFCON 0x17=23 Hardware and Trust Security Building blocks 46 🔑🔐 dedicated storage algorithm implementations dedicated I/O
DEFCON 0x17=23 Hardware and Trust Security Building blocks 47 🔑🔐 💩 💩 💩 💩 dedicated storage algorithm implementations dedicated I/O tamper resilience
DEFCON 0x17=23 Hardware and Trust Security Building blocks 48 🔑🔐 💩 💩 💩 💩 📜📜📜 state maintenance dedicated storage algorithm implementations dedicated I/O tamper resilience
DEFCON 0x17=23 Hardware and Trust Security Building blocks 49 🔑🔐 💩 💩 💩 💩 📜📜📜 state maintenance dedicated storage algorithm implementations dedicated I/O tamper resilience 📜📜📜 📜📜📜 📜📜📜 📜📜📜 📜📜📜 extendable trust monitoring & auditing
DEFCON 0x17=23 Hardware and Trust Security Building blocks 50 🔑🔐 💩 💩 💩 💩 📜📜📜 state maintenance dedicated storage algorithm implementations dedicated I/O tamper resilience 📜📜📜 📜📜📜 📜📜📜 📜📜📜 📜📜📜 extendable trust monitoring & auditing A Pokéball is a Hardware Security Module
DEFCON 0x17=23 Hardware and Trust Security Outline 51 Designer and administrator goals Failures, uses, and use cases Hardware security building blocks 1. 2. 4. Components; technologies, protocols, features3.
DEFCON 0x17=23 Hardware and Trust Security Outline 52 Designer and administrator goals Failures, uses, and use cases Hardware security building blocks 1. 2. 4. Components; technologies, protocols, features3.
DEFCON 0x17=23 Hardware and Trust Security Secure Boot 53 ???
DEFCON 0x17=23 Hardware and Trust Security Secure Boot dedicated storage algorithm implementations extendable trust monitoring & auditing state maintenance UEFI 2+ firmware platform 54 (1)
DEFCON 0x17=23 Hardware and Trust Security Secure Boot dedicated storage algorithm implementations extendable trust monitoring & auditing state maintenance UEFI 2+ firmware platform Trusted certificate stores 55 (1) (2)
DEFCON 0x17=23 Hardware and Trust Security Secure Boot dedicated storage algorithm implementations extendable trust monitoring & auditing state maintenance UEFI 2+ firmware platform Signed boot loader Trusted certificate stores 56 (1) (2) (3)
DEFCON 0x17=23 Hardware and Trust Security Secure Boot Trusted certificate stores Platform Key (PK) Signature Database (db) 57 (2) Key enrollment key database (Kek)
DEFCON 0x17=23 Hardware and Trust Security Secure Boot 58 “I choose you Gyarados!!!”
DEFCON 0x17=23 Hardware and Trust Security Secure Boot 59 Secure Boot: Disabled
DEFCON 0x17=23 Hardware and Trust Security Secure Boot 60 Secure Boot: Disabled
DEFCON 0x17=23 Hardware and Trust Security Secure Boot 61 Secure Boot: Enabled Misty runs
 Linux & used MOKutil!
DEFCON 0x17=23 Hardware and Trust Security Boot “trust” 62 Secure Boot: Verify that the firmware has been digitally signed …or the user has manually approved the boot loaders digital signature Trusted Boot: Verify the digital signature of the Windows 8.1 Kernel …including boot drivers, startup files and ELAM Measured Boot: Check measurements against TPM
DEFCON 0x17=23 Hardware and Trust Security63 fetch code and size compute hash and extend:
 H(V1) || H(V0) apply signature check using
 certificate store and blacklist allow signing of extended hashes make decision Boot “trust”
DEFCON 0x17=23 Hardware and Trust Security64 …the leg firmware is connected to the… ______ firmware …the ______ firmware is connected to the… boot-loader Boot “trust”
DEFCON 0x17=23 Hardware and Trust Security Reminder 65 Designer and administrator goals Failures, uses, and use cases Hardware security building blocks 1. 2. 4. Components; technologies, protocols, features3.
DEFCON 0x17=23 Hardware and Trust Security TrustZone 66 Highly configurable hardware and software specifications for SoC on ARM ARM Cortex-A57 ARM Cortex-A53 ARM Cortex-A17 ARM Cortex-A15 ARM Cortex-A9 ARM Cortex-A8 ARM Cortex-A7 ARM Cortex-A5 ARM1176 Hardware layer Software layer
DEFCON 0x17=23 Hardware and Trust Security TrustZone 67 A privilege domain providing an execution environment (TEE) Applications (TA) run in a secure world protected by
 memory controllers and interrupts dedicated storage algorithm implementations tamper resilience extendable trust isolated execution monitoring & auditingstate maintenance dedicated I/O
DEFCON 0x17=23 Hardware and Trust Security TrustZone 68 Implement remaining building blocks using SecureCore dedicated storage algorithm implementations tamper resilience extendable trust isolated execution monitoring & auditingstate maintenance dedicated I/O
DEFCON 0x17=23 Hardware and Trust Security69 Isolated Execution TrustZone Guarantee Confidentiality and Integrity; while also providing standard execution functionality
DEFCON 0x17=23 Hardware and Trust Security TrustZone 70 Image/block diagram from arm.com
DEFCON 0x17=23 Hardware and Trust Security Reminder 71 Designer and administrator goals Failures, uses, and use cases Hardware security building blocks 1. 2. 4. Components; technologies, protocols, features3.
DEFCON 0x17=23 Hardware and Trust Security Hardware Security Tour 72
DEFCON 0x17=23 Hardware and Trust Security TPMs 73 Atmel AC97C204T I2C, SMBus, LPC
DEFCON 0x17=23 Hardware and Trust Security HSMs 74 🔑🔐 💩 💩 💩 💩 📜📜📜 📜📜📜 💩 CACs, Smartcards, YubiHSM
DEFCON 0x17=23 Hardware and Trust Security TrustZone & SecureCore 75 privileged 0 Qualcomm’s SecureMSM Implements custom Secure Boot and TrustZone application API
DEFCON 0x17=23 Hardware and Trust Security TXT, IOMMU 76 privileged 0 Isolate devices on MMU Measure specific executions
 then isolate by CPU & memory Oracle for attestation
DEFCON 0x17=23 Hardware and Trust Security SGX 77 privileged 0 Unprivileged mode bootstrapped protection
DEFCON 0x17=23 Hardware and Trust Security78 Hardware & Trust enabled auditing privileged exec OS X kauth sysent[exec]() Good idea? (y/n) Audit event Log sent
DEFCON 0x17=23 Hardware and Trust Security79 Hardware & Trust enabled auditing privileged exec OS X kauth sysent[exec]() Good idea? (y/n) Audit event to OOB Log sent
DEFCON 0x17=23 Hardware and Trust Security80 Hardware & Trust enabled auditing Audit event to OOB Log sent API defined by hardware features no software trapping required (fast) privileged mode not needed, but helpful 1. 2. 4. signing, buffering, compression supported3.
DEFCON 0x17=23 Hardware and Trust Security IPMI, iLO, DRAC 81 privileged 0 AMT, SecurityEngine (ME)
 Embedded Controllers
DEFCON 0x17=23 Hardware and Trust Security Circuit Heuristics 82 Hardware IDS for Supply-chain threats - Nathan Edwards
DEFCON 0x17=23 Hardware and Trust Security Failures & Uses 83
DEFCON 0x17=23 Hardware and Trust Security Failures & Uses 84 TrustZone Enabled 2015 Android Phones: HTC One M9, LG G4, OnePlus 2, Galaxy S6 Verified boot on Chrome OS UEFI Secure Boot tboot & ‘dynamic’ roots of trust Android security report: Frost & Sullivan Attesting mobile app containers
DEFCON 0x17=23 Hardware and Trust Security ~fin 85 DC23: Remote Exploitation of an Unaltered Passenger Vehicle DC23: ThunderStrike 2: Sith Strike DC23: Attacking Hypervisors Using Firmware and Hardware DC23: NSA Playset: JTAG Implants

Recommended

Hardware Security
Hardware SecurityHardware Security
Hardware SecurityMani Rathnam
 
Hardware security
Hardware securityHardware security
Hardware securityRajKumar4943
 
Security in an embedded system
Security in an embedded system Security in an embedded system
Security in an embedded system UrmilasSrinivasan
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System SecurityAdel Barkam
 
Security in embedded systems
Security in embedded systemsSecurity in embedded systems
Security in embedded systemsRaghav S
 
Hardwar based Security of Systems
Hardwar based Security of SystemsHardwar based Security of Systems
Hardwar based Security of SystemsJamal Jamali
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security Malachi Jones
 
Secure Embedded Systems
Secure Embedded SystemsSecure Embedded Systems
Secure Embedded SystemsInformatik-Forum Stuttgart e.V.
 

Recommended

Hardware Security
Hardware SecurityHardware Security
Hardware SecurityMani Rathnam
 
Hardware security
Hardware securityHardware security
Hardware securityRajKumar4943
 
Security in an embedded system
Security in an embedded system Security in an embedded system
Security in an embedded system UrmilasSrinivasan
 
introduction to Embedded System Security
introduction to Embedded System Securityintroduction to Embedded System Security
introduction to Embedded System SecurityAdel Barkam
 
Security in embedded systems
Security in embedded systemsSecurity in embedded systems
Security in embedded systemsRaghav S
 
Hardwar based Security of Systems
Hardwar based Security of SystemsHardwar based Security of Systems
Hardwar based Security of SystemsJamal Jamali
 
Embedded Systems Security
Embedded Systems Security Embedded Systems Security
Embedded Systems Security Malachi Jones
 
Secure Embedded Systems
Secure Embedded SystemsSecure Embedded Systems
Secure Embedded SystemsInformatik-Forum Stuttgart e.V.
 
Linux Security best Practices with Fedora
Linux Security best Practices with FedoraLinux Security best Practices with Fedora
Linux Security best Practices with FedoraUditha Bandara Wijerathna
 
Development of security architecture
Development of security architectureDevelopment of security architecture
Development of security architectureImran Khan
 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5Alain Charpentier
 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & ControlAdetula Bunmi
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architectureijsrd.com
 
It security
It securityIt security
It securityavi2607
 
Cyber Securing Physical Security May 2015
Cyber Securing Physical Security May 2015Cyber Securing Physical Security May 2015
Cyber Securing Physical Security May 2015mauimarketing
 
Securing embedded systems
Securing embedded systemsSecuring embedded systems
Securing embedded systemsaissa benyahya
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)mike parks
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCommunity Protection Forum
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaAndy Shutka
 
Preventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint SecurityPreventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint SecurityIntel IT Center
 
Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romneywoyaoni
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagramSyed Ubaid Ali Jafri
 
Right-sized security for IoT - ARM
Right-sized security for IoT - ARMRight-sized security for IoT - ARM
Right-sized security for IoT - ARMPhil Hughes
 
File Security System_2
File Security System_2File Security System_2
File Security System_2Dheeraj Kumar Singh
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)shraddha_b
 
Safe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devicesSafe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devicesSoumitra Bhattacharyya
 
Security-by-Design and -Default
Security-by-Design and -Default Security-by-Design and -Default
Security-by-Design and -DefaultMehdi Mirakhorli
 

More Related Content

What's hot

Development of security architecture
Development of security architectureDevelopment of security architecture
Development of security architectureImran Khan
 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & ControlAdetula Bunmi
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architectureijsrd.com
 
It security
It securityIt security
It securityavi2607
 
Cyber Securing Physical Security May 2015
Cyber Securing Physical Security May 2015Cyber Securing Physical Security May 2015
Cyber Securing Physical Security May 2015mauimarketing
 
Securing embedded systems
Securing embedded systemsSecuring embedded systems
Securing embedded systemsaissa benyahya
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)mike parks
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of ComputerFaizan Janjua
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCommunity Protection Forum
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkMarcoAfzali
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaAndy Shutka
 
Preventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint SecurityPreventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint SecurityIntel IT Center
 
Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romneywoyaoni
 
Right-sized security for IoT - ARM
Right-sized security for IoT - ARMRight-sized security for IoT - ARM
Right-sized security for IoT - ARMPhil Hughes
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)shraddha_b
 

What's hot (20)

Linux Security best Practices with Fedora
Linux Security best Practices with FedoraLinux Security best Practices with Fedora
Linux Security best Practices with Fedora
 
Development of security architecture
Development of security architectureDevelopment of security architecture
Development of security architecture
 
Coud discovery chap 5
Coud discovery chap 5Coud discovery chap 5
Coud discovery chap 5
 
Data/File Security & Control
Data/File Security & ControlData/File Security & Control
Data/File Security & Control
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
 
It security
It securityIt security
It security
 
Cyber Securing Physical Security May 2015
Cyber Securing Physical Security May 2015Cyber Securing Physical Security May 2015
Cyber Securing Physical Security May 2015
 
Securing embedded systems
Securing embedded systemsSecuring embedded systems
Securing embedded systems
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
 
Basic Security Concepts of Computer
Basic Security Concepts of ComputerBasic Security Concepts of Computer
Basic Security Concepts of Computer
 
Cyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT ApproachCyber Security: Differences between Industrial Control Systems and ICT Approach
Cyber Security: Differences between Industrial Control Systems and ICT Approach
 
Nist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing FrameworkNist 800 82 ICS Security Auditing Framework
Nist 800 82 ICS Security Auditing Framework
 
IoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfuaIoT security-arrow-roadshow #iotconfua
IoT security-arrow-roadshow #iotconfua
 
Preventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint SecurityPreventing Stealthy Threats with Next Generation Endpoint Security
Preventing Stealthy Threats with Next Generation Endpoint Security
 
Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romney
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
 
Right-sized security for IoT - ARM
Right-sized security for IoT - ARMRight-sized security for IoT - ARM
Right-sized security for IoT - ARM
 
File Security System_2
File Security System_2File Security System_2
File Security System_2
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
 

Similar to Hardware, and Trust Security: Explain it like I’m 5!

Safe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devicesSafe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devicesSoumitra Bhattacharyya
 
Security-by-Design and -Default
Security-by-Design and -Default Security-by-Design and -Default
Security-by-Design and -DefaultMehdi Mirakhorli
 
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...MITRE ATT&CK
 
thcon23_The_Android_Security_Model.pdf
thcon23_The_Android_Security_Model.pdfthcon23_The_Android_Security_Model.pdf
thcon23_The_Android_Security_Model.pdfAvulaVenkatesh3
 
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...Area41
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Paula Januszkiewicz
 
2010.hari_kannan.phd_thesis.slides.pdf
2010.hari_kannan.phd_thesis.slides.pdf2010.hari_kannan.phd_thesis.slides.pdf
2010.hari_kannan.phd_thesis.slides.pdfAlexKarasulu1
 
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...iotcloudserve_tein
 
Georgy Nosenko - An introduction to the use SMT solvers for software security
Georgy Nosenko - An introduction to the use SMT solvers for software securityGeorgy Nosenko - An introduction to the use SMT solvers for software security
Georgy Nosenko - An introduction to the use SMT solvers for software securityDefconRussia
 
How to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindHow to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindAndreas Czakaj
 
Solve the colocation conundrum: Performance and density at scale with Kubernetes
Solve the colocation conundrum: Performance and density at scale with KubernetesSolve the colocation conundrum: Performance and density at scale with Kubernetes
Solve the colocation conundrum: Performance and density at scale with KubernetesNiklas Quarfot Nielsen
 
PCDRA Exam Questions Answers 2022
PCDRA Exam Questions Answers 2022PCDRA Exam Questions Answers 2022
PCDRA Exam Questions Answers 2022edwardbella43
 
Track c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -eveTrack c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -evechiportal
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
Protecting data and intellectual property in accelerator-rich architectures w...
Protecting data and intellectual property in accelerator-rich architectures w...Protecting data and intellectual property in accelerator-rich architectures w...
Protecting data and intellectual property in accelerator-rich architectures w...Facultad de Informática UCM
 
dtrace_topics_intro.pdf
dtrace_topics_intro.pdfdtrace_topics_intro.pdf
dtrace_topics_intro.pdfssuser785ce21
 
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...DefconRussia
 
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...Cristian Garcia G.
 
Affordable trustworthy-systems
Affordable trustworthy-systemsAffordable trustworthy-systems
Affordable trustworthy-systemsmicrokerneldude
 

Similar to Hardware, and Trust Security: Explain it like I’m 5! (20)

Safe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devicesSafe and secure programming practices for embedded devices
Safe and secure programming practices for embedded devices
 
Security-by-Design and -Default
Security-by-Design and -Default Security-by-Design and -Default
Security-by-Design and -Default
 
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
 
thcon23_The_Android_Security_Model.pdf
thcon23_The_Android_Security_Model.pdfthcon23_The_Android_Security_Model.pdf
thcon23_The_Android_Security_Model.pdf
 
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
hashdays 2011: Felix 'FX' Lindner - Targeted Industrial Control System Attack...
 
Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018Gartner Security & Risk Management Summit 2018
Gartner Security & Risk Management Summit 2018
 
2010.hari_kannan.phd_thesis.slides.pdf
2010.hari_kannan.phd_thesis.slides.pdf2010.hari_kannan.phd_thesis.slides.pdf
2010.hari_kannan.phd_thesis.slides.pdf
 
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
 
Georgy Nosenko - An introduction to the use SMT solvers for software security
Georgy Nosenko - An introduction to the use SMT solvers for software securityGeorgy Nosenko - An introduction to the use SMT solvers for software security
Georgy Nosenko - An introduction to the use SMT solvers for software security
 
How to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindHow to write clean & testable code without losing your mind
How to write clean & testable code without losing your mind
 
Cisco SecureX.pdf
Cisco SecureX.pdfCisco SecureX.pdf
Cisco SecureX.pdf
 
Solve the colocation conundrum: Performance and density at scale with Kubernetes
Solve the colocation conundrum: Performance and density at scale with KubernetesSolve the colocation conundrum: Performance and density at scale with Kubernetes
Solve the colocation conundrum: Performance and density at scale with Kubernetes
 
PCDRA Exam Questions Answers 2022
PCDRA Exam Questions Answers 2022PCDRA Exam Questions Answers 2022
PCDRA Exam Questions Answers 2022
 
Track c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -eveTrack c-High speed transaction-based hw-sw coverification -eve
Track c-High speed transaction-based hw-sw coverification -eve
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
Protecting data and intellectual property in accelerator-rich architectures w...
Protecting data and intellectual property in accelerator-rich architectures w...Protecting data and intellectual property in accelerator-rich architectures w...
Protecting data and intellectual property in accelerator-rich architectures w...
 
dtrace_topics_intro.pdf
dtrace_topics_intro.pdfdtrace_topics_intro.pdf
dtrace_topics_intro.pdf
 
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
Alexander Timorin, Alexander Tlyapov - SCADA deep inside protocols, security ...
 
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...
CLÍNICA DE RESPUESTAS A INCIDENTES Y THREAT HUNTING - WORKSHOP DAY TÉCNICO DE...
 
Affordable trustworthy-systems
Affordable trustworthy-systemsAffordable trustworthy-systems
Affordable trustworthy-systems
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 

Hardware, and Trust Security: Explain it like I’m 5!

  • 1. Hardware, and Trust Security: Explain it like I’m 5! Teddy Reed teddy.reed@gmail.com …or maybe 15, 27, 55?? Nicholas Anderson nanderson7@gmail.com
  • 2. DEFCON 0x17=23 Hardware and Trust Security Objectives 2 To simplify some otherwise complex explanations of hardware security Provide an overview of obscure protocols, technologies, features Satisfy our burning desire for lego & Pokémon references Highlight previously controversial uses of hardware security 1. 2. 4. Inspire hardware security and trust enthusiasm3.
  • 3. DEFCON 0x17=23 Hardware and Trust Security Outline 3 Designer and administrator goals Failures, uses, and use cases Hardware security building blocks 1. 2. 4. Components; technologies, protocols, features3.
  • 4. DEFCON 0x17=23 Hardware and Trust Security Outline 4 Designer and administrator goals Failures, uses, and use cases Hardware security building blocks 1. 2. 4. Components; technologies, protocols, features3.
  • 5. DEFCON 0x17=23 Hardware and Trust Security Outline 5 Designer and administrator goals1. We want to protect processes and code the same way we protect machines on a network Authentication, confidentiality, trust relationships Isolate, reduce attack surface, audit Use: to protect:
  • 6. DEFCON 0x17=23 Hardware and Trust Security6 unprivileged privileged
  • 7. DEFCON 0x17=23 Hardware and Trust Security7 unprivileged privileged 0 3
  • 8. DEFCON 0x17=23 Hardware and Trust Security8 privileged 0 3 unprivileged user root
  • 9. DEFCON 0x17=23 Hardware and Trust Security9 privileged 0 3 unprivileged user root most privileged -1
  • 10. DEFCON 0x17=23 Hardware and Trust Security10 privileged 0 3 unprivileged user root most privileged -1
  • 11. DEFCON 0x17=23 Hardware and Trust Security11 Crossing a protection domain defined by the architecture, not the operating system this is NOT checking capabilities, comparing integers or consulting a bitmask mode of permissions API defined by instruction set architecture operating system implements both domains some instructions [rdmsr] limited to privileged 1. 2. 4. concept should apply to all forms of memory*3. *virtual address translation logic within MMU
  • 12. DEFCON 0x17=23 Hardware and Trust Security12 Crossing a protection domain defined by the architecture, not the operating system kernel user there are LOTs of ways to cross ‘most’ cause a context switch rippling effects on performance of the process and the system in general! 0 3
  • 13. DEFCON 0x17=23 Hardware and Trust Security13 static inline long long unsigned time_ns(struct timespec* const ts) { if (clock_gettime(CLOCK_REALTIME, ts)) { exit(1); } return ((long long unsigned) ts->tv_sec) * 1000000000LLU + (long long unsigned) ts->tv_nsec; } int main(void) { const int iterations = 10000000; struct timespec ts; const long long unsigned start_ns = time_ns(&ts); for (int i = 0; i < iterations; i++) { if (syscall(SYS_gettid) <= 1) { exit(2); } } const long long unsigned delta = time_ns(&ts) - start_ns; return 0; } by Benoit Sigoure
 @github.com/tsuna/contextswitch Measure context switch impact
  • 14. DEFCON 0x17=23 Hardware and Trust Security14 static inline long long unsigned time_ns(struct timespec* const ts) { if (clock_gettime(CLOCK_REALTIME, ts)) { exit(1); } return ((long long unsigned) ts->tv_sec) * 1000000000LLU + (long long unsigned) ts->tv_nsec; } int main(void) { const int iterations = 10000000; struct timespec ts; const long long unsigned start_ns = time_ns(&ts); for (int i = 0; i < iterations; i++) { if (syscall(SYS_gettid) <= 1) { exit(2); } } const long long unsigned delta = time_ns(&ts) - start_ns; return 0; } by Benoit Sigoure
 @github.com/tsuna/contextswitch Measure context switch impact Various cache invalidations, and look- aside buffer trampling, scheduling on different hardware threads (affinity)
  • 15. DEFCON 0x17=23 Hardware and Trust Security15 Crossing a protection domain kernel user
  • 16. DEFCON 0x17=23 Hardware and Trust Security16 Crossing a protection domain process net
  • 17. DEFCON 0x17=23 Hardware and Trust Security17 Crossing a ‘protection’ domain process net TCP/443 your PC LAN You defined a protocol to handle/serve requests that separates two trust domains API defined by protocol and RFC* operating system implements both domains lots of capability limited to service* 1. 2. 4. concept should apply to all forms of memory3.
  • 18. DEFCON 0x17=23 Hardware and Trust Security18 Hardware and trust security The operating system (software) provides primitives that help us build and secure network services …hardware provides primitives to build and secure operating systems and software Begins at primitives, then forms features and technology often encapsulated into a security-focused capability
  • 19. DEFCON 0x17=23 Hardware and Trust Security19 Hardware and trust stack primitives features and specifications technologies capability
  • 20. DEFCON 0x17=23 Hardware and Trust Security20 Hardware and trust stack primitives features and specifications technologies capability
  • 21. DEFCON 0x17=23 Hardware and Trust Security21 Hardware and trust stack primitives features and specifications technologies capability
  • 22. DEFCON 0x17=23 Hardware and Trust Security22 primitives features and specifications technologies capability
  • 23. DEFCON 0x17=23 Hardware and Trust Security23 primitives features and specifications technologies capability or implementation
  • 24. DEFCON 0x17=23 Hardware and Trust Security Outline 24 Designer and administrator goals Failures, uses, and use cases Hardware security building blocks 1. 2. 4. Components; technologies, protocols, features3.
  • 25. DEFCON 0x17=23 Hardware and Trust Security Outline 25 Hardware security building blocks2. Consider building the perfect Pokémon team …pretty much always on our minds
  • 26. DEFCON 0x17=23 Hardware and Trust Security26 Psychic:
 Poison, Fighting Water/Ice Hybrid:
 Fire, Grass, Dragon, Rock, Ground, Flying
 Grass, Electric Electric: Water, Flying vs. Ground, Grass Dragon:
 Dragon vs. Ice Fire: Grass, Bug, Ice Rock, Ground, Water Normal, or Fighting:
 Creativity The line up is well understood based on a series of attributes each lineup attribute is a primitive
  • 27. DEFCON 0x17=23 Hardware and Trust Security27 Psychic:
 Poison, Fighting Water/Ice Hybrid:
 Fire, Grass, Dragon, Rock, Ground, Flying
 Grass, Electric Electric: Water, Flying vs. Ground, Grass Dragon:
 Dragon vs. Ice Fire: Grass, Bug, Ice Rock, Ground, Water Normal, or Fighting:
 Creativity
  • 28. DEFCON 0x17=23 Hardware and Trust Security28 Pro tip: Information security Like balancing your Pokémon team eventually you’ll get beat by a 12 y/o suck it up and always hold grudges
  • 29. DEFCON 0x17=23 Hardware and Trust Security Reminder 29 Designer and administrator goals Failures, uses, and use cases Hardware security building blocks 1. 2. 4. Components; technologies, protocols, features3.
  • 30. DEFCON 0x17=23 Hardware and Trust Security Building blocks 30 dedicated storage algorithm implementations tamper resilience extendable trust isolated execution monitoring & auditingstate maintenance dedicated I/O
  • 31. DEFCON 0x17=23 Hardware and Trust Security Building blocks 31 dedicated storage algorithm implementations tamper resilience extendable trust isolated execution monitoring & auditingstate maintenance dedicated I/O
  • 32. DEFCON 0x17=23 Hardware and Trust Security Example: Build a TPM 32 dedicated storage algorithm implementations tamper resilience extendable trust isolated execution monitoring & auditingstate maintenance dedicated I/O ✔ ✔ ✔ ✔ ✔ ✔ Trusted Platform Module
  • 33. DEFCON 0x17=23 Hardware and Trust Security Example: Build a HSM 33 dedicated storage algorithm implementations tamper resilience extendable trust isolated execution monitoring & auditingstate maintenance dedicated I/O ✔ ✔ ✔ ✔ ✔ ✔ ✔ Hardware Security Module
  • 34. DEFCON 0x17=23 Hardware and Trust Security Building blocks 34 dedicated storage algorithm implementations tamper resilience extendable trust isolated execution monitoring & auditingstate maintenance dedicated I/O
  • 35. DEFCON 0x17=23 Hardware and Trust Security Building blocks 35 dedicated storage DRAM 0x0 0x7FFFFFFFFFFF… NVRAM 0x0 0x800000 *Memory sizes not to scale
  • 36. DEFCON 0x17=23 Hardware and Trust Security Building blocks 36 dedicated storage DRAM 0x0 0x7FFFFFFFFFFF… NVRAM 0x0 0x800000 *Memory sizes not to scale open, inw, outw byte transfer over bus (1) (2) (3)
  • 37. DEFCON 0x17=23 Hardware and Trust Security Building blocks 37 dedicated storage means plus providing a policy enforcement point or limiting transformation
  • 38. DEFCON 0x17=23 Hardware and Trust Security Building blocks 38 dedicated storage providing a policy enforcement point or limiting transformation plus equals
  • 39. DEFCON 0x17=23 Hardware and Trust Security Building blocks 39 dedicated storage providing a policy enforcement point or limiting transformation plus equals
  • 40. DEFCON 0x17=23 Hardware and Trust Security Building blocks 40 dedicated storage providing a policy enforcement point or limiting transformation plus MISTY CANT USE ASH’S POKEMON equals
  • 41. DEFCON 0x17=23 Hardware and Trust Security Building blocks 41 dedicated storage providing a policy enforcement point or limiting transformation magic
  • 42. DEFCON 0x17=23 Hardware and Trust Security Building blocks 42 algorithm implementations read/write
  • 43. DEFCON 0x17=23 Hardware and Trust Security Building blocks 43 algorithm implementations sign, encrypt/decrypt
  • 44. DEFCON 0x17=23 Hardware and Trust Security Building blocks 44 algorithm implementations sign, encrypt/decrypt provide algorithm in as hardware fast path caller provides all data including keying materials
  • 45. DEFCON 0x17=23 Hardware and Trust Security Building blocks 45 algorithm implementations
  • 46. DEFCON 0x17=23 Hardware and Trust Security Building blocks 46 🔑🔐 dedicated storage algorithm implementations dedicated I/O
  • 47. DEFCON 0x17=23 Hardware and Trust Security Building blocks 47 🔑🔐 💩 💩 💩 💩 dedicated storage algorithm implementations dedicated I/O tamper resilience
  • 48. DEFCON 0x17=23 Hardware and Trust Security Building blocks 48 🔑🔐 💩 💩 💩 💩 📜📜📜 state maintenance dedicated storage algorithm implementations dedicated I/O tamper resilience
  • 49. DEFCON 0x17=23 Hardware and Trust Security Building blocks 49 🔑🔐 💩 💩 💩 💩 📜📜📜 state maintenance dedicated storage algorithm implementations dedicated I/O tamper resilience 📜📜📜 📜📜📜 📜📜📜 📜📜📜 📜📜📜 extendable trust monitoring & auditing
  • 50. DEFCON 0x17=23 Hardware and Trust Security Building blocks 50 🔑🔐 💩 💩 💩 💩 📜📜📜 state maintenance dedicated storage algorithm implementations dedicated I/O tamper resilience 📜📜📜 📜📜📜 📜📜📜 📜📜📜 📜📜📜 extendable trust monitoring & auditing A Pokéball is a Hardware Security Module
  • 51. DEFCON 0x17=23 Hardware and Trust Security Outline 51 Designer and administrator goals Failures, uses, and use cases Hardware security building blocks 1. 2. 4. Components; technologies, protocols, features3.
  • 52. DEFCON 0x17=23 Hardware and Trust Security Outline 52 Designer and administrator goals Failures, uses, and use cases Hardware security building blocks 1. 2. 4. Components; technologies, protocols, features3.
  • 53. DEFCON 0x17=23 Hardware and Trust Security Secure Boot 53 ???
  • 54. DEFCON 0x17=23 Hardware and Trust Security Secure Boot dedicated storage algorithm implementations extendable trust monitoring & auditing state maintenance UEFI 2+ firmware platform 54 (1)
  • 55. DEFCON 0x17=23 Hardware and Trust Security Secure Boot dedicated storage algorithm implementations extendable trust monitoring & auditing state maintenance UEFI 2+ firmware platform Trusted certificate stores 55 (1) (2)
  • 56. DEFCON 0x17=23 Hardware and Trust Security Secure Boot dedicated storage algorithm implementations extendable trust monitoring & auditing state maintenance UEFI 2+ firmware platform Signed boot loader Trusted certificate stores 56 (1) (2) (3)
  • 57. DEFCON 0x17=23 Hardware and Trust Security Secure Boot Trusted certificate stores Platform Key (PK) Signature Database (db) 57 (2) Key enrollment key database (Kek)
  • 58. DEFCON 0x17=23 Hardware and Trust Security Secure Boot 58 “I choose you Gyarados!!!”
  • 59. DEFCON 0x17=23 Hardware and Trust Security Secure Boot 59 Secure Boot: Disabled
  • 60. DEFCON 0x17=23 Hardware and Trust Security Secure Boot 60 Secure Boot: Disabled
  • 61. DEFCON 0x17=23 Hardware and Trust Security Secure Boot 61 Secure Boot: Enabled Misty runs
 Linux & used MOKutil!
  • 62. DEFCON 0x17=23 Hardware and Trust Security Boot “trust” 62 Secure Boot: Verify that the firmware has been digitally signed …or the user has manually approved the boot loaders digital signature Trusted Boot: Verify the digital signature of the Windows 8.1 Kernel …including boot drivers, startup files and ELAM Measured Boot: Check measurements against TPM
  • 63. DEFCON 0x17=23 Hardware and Trust Security63 fetch code and size compute hash and extend:
 H(V1) || H(V0) apply signature check using
 certificate store and blacklist allow signing of extended hashes make decision Boot “trust”
  • 64. DEFCON 0x17=23 Hardware and Trust Security64 …the leg firmware is connected to the… ______ firmware …the ______ firmware is connected to the… boot-loader Boot “trust”
  • 65. DEFCON 0x17=23 Hardware and Trust Security Reminder 65 Designer and administrator goals Failures, uses, and use cases Hardware security building blocks 1. 2. 4. Components; technologies, protocols, features3.
  • 66. DEFCON 0x17=23 Hardware and Trust Security TrustZone 66 Highly configurable hardware and software specifications for SoC on ARM ARM Cortex-A57 ARM Cortex-A53 ARM Cortex-A17 ARM Cortex-A15 ARM Cortex-A9 ARM Cortex-A8 ARM Cortex-A7 ARM Cortex-A5 ARM1176 Hardware layer Software layer
  • 67. DEFCON 0x17=23 Hardware and Trust Security TrustZone 67 A privilege domain providing an execution environment (TEE) Applications (TA) run in a secure world protected by
 memory controllers and interrupts dedicated storage algorithm implementations tamper resilience extendable trust isolated execution monitoring & auditingstate maintenance dedicated I/O
  • 68. DEFCON 0x17=23 Hardware and Trust Security TrustZone 68 Implement remaining building blocks using SecureCore dedicated storage algorithm implementations tamper resilience extendable trust isolated execution monitoring & auditingstate maintenance dedicated I/O
  • 69. DEFCON 0x17=23 Hardware and Trust Security69 Isolated Execution TrustZone Guarantee Confidentiality and Integrity; while also providing standard execution functionality
  • 70. DEFCON 0x17=23 Hardware and Trust Security TrustZone 70 Image/block diagram from arm.com
  • 71. DEFCON 0x17=23 Hardware and Trust Security Reminder 71 Designer and administrator goals Failures, uses, and use cases Hardware security building blocks 1. 2. 4. Components; technologies, protocols, features3.
  • 72. DEFCON 0x17=23 Hardware and Trust Security Hardware Security Tour 72
  • 73. DEFCON 0x17=23 Hardware and Trust Security TPMs 73 Atmel AC97C204T I2C, SMBus, LPC
  • 74. DEFCON 0x17=23 Hardware and Trust Security HSMs 74 🔑🔐 💩 💩 💩 💩 📜📜📜 📜📜📜 💩 CACs, Smartcards, YubiHSM
  • 75. DEFCON 0x17=23 Hardware and Trust Security TrustZone & SecureCore 75 privileged 0 Qualcomm’s SecureMSM Implements custom Secure Boot and TrustZone application API
  • 76. DEFCON 0x17=23 Hardware and Trust Security TXT, IOMMU 76 privileged 0 Isolate devices on MMU Measure specific executions
 then isolate by CPU & memory Oracle for attestation
  • 77. DEFCON 0x17=23 Hardware and Trust Security SGX 77 privileged 0 Unprivileged mode bootstrapped protection
  • 78. DEFCON 0x17=23 Hardware and Trust Security78 Hardware & Trust enabled auditing privileged exec OS X kauth sysent[exec]() Good idea? (y/n) Audit event Log sent
  • 79. DEFCON 0x17=23 Hardware and Trust Security79 Hardware & Trust enabled auditing privileged exec OS X kauth sysent[exec]() Good idea? (y/n) Audit event to OOB Log sent
  • 80. DEFCON 0x17=23 Hardware and Trust Security80 Hardware & Trust enabled auditing Audit event to OOB Log sent API defined by hardware features no software trapping required (fast) privileged mode not needed, but helpful 1. 2. 4. signing, buffering, compression supported3.
  • 81. DEFCON 0x17=23 Hardware and Trust Security IPMI, iLO, DRAC 81 privileged 0 AMT, SecurityEngine (ME)
 Embedded Controllers
  • 82. DEFCON 0x17=23 Hardware and Trust Security Circuit Heuristics 82 Hardware IDS for Supply-chain threats - Nathan Edwards
  • 83. DEFCON 0x17=23 Hardware and Trust Security Failures & Uses 83
  • 84. DEFCON 0x17=23 Hardware and Trust Security Failures & Uses 84 TrustZone Enabled 2015 Android Phones: HTC One M9, LG G4, OnePlus 2, Galaxy S6 Verified boot on Chrome OS UEFI Secure Boot tboot & ‘dynamic’ roots of trust Android security report: Frost & Sullivan Attesting mobile app containers
  • 85. DEFCON 0x17=23 Hardware and Trust Security ~fin 85 DC23: Remote Exploitation of an Unaltered Passenger Vehicle DC23: ThunderStrike 2: Sith Strike DC23: Attacking Hypervisors Using Firmware and Hardware DC23: NSA Playset: JTAG Implants