The talk I gave at Papers We Love #22 (Singapore) about this academic paper "A2: Analog Malicious Hardware" by a few researchers.
Here is the link to the paper: http://static1.1.sqspcdn.com/static/f/543048/26931843/1464016046717/A2_SP_2016.pdf
Ripple20 is a series of zero-day vulnerabilities discovered in a widely used low-level TCP/IP software library developed by Treck, Inc and disclosed by JSOF in June 2020.
This session focuses on the original research process used to identify and pinpoint the Ripple20 vulnerabilities, their variants, and some attempts to piece together the historical timeline showing how the original software library changed over time. This was a complex process of reverse engineering multiple devices simultaneously, working in parallel on many different levels.
For some of the devices we had to start our research by reverse engineering the firmware update package format such as with HP printers firmware updates. For others, we had to find which processor and memory model was used, and work with architectures seen less often. In total we worked with 6 different devices and multiple versions.
We found that some vendors made changes to the underlying TCP/IP code, compiled it differently, or used different parts resulting in end- products with different vulnerabilities and different versions of the same vulnerabilities.
In this session we will describe how we reverse engineered the devices simultaneously, using comparative techniques to confirm each point. We will explain an interesting outcome of the supply chain ripple effect, and how it is now possible to find a vulnerability affecting hundreds of devices for near zero effort.
This research method, and the Ripple20 research in general highlight the importance of update mechanisms and patches for all devices on the market, no matter where they are located or embedded.
LAS16-300K2: Overview of IoT Zephyr
Speakers: Geoff Thorpe
Date: September 28, 2016
★ Session Description ★
Title: Overview of IoT Zephyr
Bio:
Geoff Thorpe heads up security within the Microcontroller group of NXP, where the intersection of device security and network security gives him a headache commonly known as “IoT”. His early experience with security topics was very software-centric, as a long-standing member of the OpenSSL team and a contributor to related open source projects. After many years veering off into semiconductors and hardware architecture, his software-bias has been domesticated to some extent but not eradicated.
★ Resources ★
Etherpad: pad.linaro.org/p/las16-300k2
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-300k2/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
David Lenwell from Akanda will briefly recap basic Neutron topics around network architecture and common features such as security groups, plugins and agents, then dive in deeper, focusing on advanced services such as Routing and Load Balancing. We will then drill down into typical service provider network designs and the specific technologies in use such as Linuxbridge. We will discuss the Neutron Advanced Services driver model and how it can be useful to Service Providers (and Enterprises) based on our team's experience powering DreamCompute’s networking capabilities using Akanda. We will review Akanda, an open source suite of software, services, orchestration, and tools for providing L3+ services in OpenStack that builds on top of Linux and OpenStack Neutron. Using Akanda, an OpenStack provider can provide tenants with a rich, powerful set of L3+ services. Finally, we will provide an update on the latest discussions heading into Tokyo such as the status of LBaaS, FWaaS as well as the newer Neutron projects such as L2 Gateway, the Neutron Stadium effort and the new Lieutenant system.
Ripple20 is a series of zero-day vulnerabilities discovered in a widely used low-level TCP/IP software library developed by Treck, Inc and disclosed by JSOF in June 2020.
This session focuses on the original research process used to identify and pinpoint the Ripple20 vulnerabilities, their variants, and some attempts to piece together the historical timeline showing how the original software library changed over time. This was a complex process of reverse engineering multiple devices simultaneously, working in parallel on many different levels.
For some of the devices we had to start our research by reverse engineering the firmware update package format such as with HP printers firmware updates. For others, we had to find which processor and memory model was used, and work with architectures seen less often. In total we worked with 6 different devices and multiple versions.
We found that some vendors made changes to the underlying TCP/IP code, compiled it differently, or used different parts resulting in end- products with different vulnerabilities and different versions of the same vulnerabilities.
In this session we will describe how we reverse engineered the devices simultaneously, using comparative techniques to confirm each point. We will explain an interesting outcome of the supply chain ripple effect, and how it is now possible to find a vulnerability affecting hundreds of devices for near zero effort.
This research method, and the Ripple20 research in general highlight the importance of update mechanisms and patches for all devices on the market, no matter where they are located or embedded.
LAS16-300K2: Overview of IoT Zephyr
Speakers: Geoff Thorpe
Date: September 28, 2016
★ Session Description ★
Title: Overview of IoT Zephyr
Bio:
Geoff Thorpe heads up security within the Microcontroller group of NXP, where the intersection of device security and network security gives him a headache commonly known as “IoT”. His early experience with security topics was very software-centric, as a long-standing member of the OpenSSL team and a contributor to related open source projects. After many years veering off into semiconductors and hardware architecture, his software-bias has been domesticated to some extent but not eradicated.
★ Resources ★
Etherpad: pad.linaro.org/p/las16-300k2
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-300k2/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
David Lenwell from Akanda will briefly recap basic Neutron topics around network architecture and common features such as security groups, plugins and agents, then dive in deeper, focusing on advanced services such as Routing and Load Balancing. We will then drill down into typical service provider network designs and the specific technologies in use such as Linuxbridge. We will discuss the Neutron Advanced Services driver model and how it can be useful to Service Providers (and Enterprises) based on our team's experience powering DreamCompute’s networking capabilities using Akanda. We will review Akanda, an open source suite of software, services, orchestration, and tools for providing L3+ services in OpenStack that builds on top of Linux and OpenStack Neutron. Using Akanda, an OpenStack provider can provide tenants with a rich, powerful set of L3+ services. Finally, we will provide an update on the latest discussions heading into Tokyo such as the status of LBaaS, FWaaS as well as the newer Neutron projects such as L2 Gateway, the Neutron Stadium effort and the new Lieutenant system.
Log and control all service-to-service traffic in one place (Kelvin Wong)London Microservices
When working with microservices, network unreliability brings a new dimension of challenges. Two such challenges are: 1) diagnosing network-related faults that span multiple microservices, and 2) managing pre-emptive fault-handling logic with client libraries.
Some solutions exist already, such as API gateways and service meshes. API gateways are designed primarily for client-server traffic, while service meshes are great for service-to-service traffic, but also highly complex.
We built Apex for small teams that are migrating from a monolith to their first few microservices, and starting to experience the above challenges. Apex is an open-source API proxy that provides one place to log and control all service-to-service traffic.
Key takeaways:
- Solutions already exist (e.g. API gateways, service meshes) for teams who must now also diagnose and pre-empt network faults in their systems
- These solutions come with their own trade-offs, though neither are optimal for small teams that are migrating from a monolith to their first few microservices
- A relatively simple solution, Apex's architecture of API proxy + logs database + configuration store can help small microservices teams handle these challenges
- Apex is recognised as a transitional architecture for microservices teams who don't yet have the expertise or bandwidth to deploy and operate a full service mesh
Kelvin is a full-stack Software Engineer based in London, with experience in Ruby, JavaScript / Node.js, PostgreSQL, Docker, AWS, Rails, and React. Prior to becoming a Software Engineer, Kelvin was a start-up founder in Hong Kong. LinkedIn profile: https://www.linkedin.com/in/kjhwong/.
This talk is an introduction for people looking to assess software within the firmware of a hardware device. Specifically, the talk will discuss the open source project, Damn Vulnerable Router Firmware, provide a brief overview of the MIPS CPU architecture and assembly language, give a brief rundown of MIPS disassembly with tools, as well as demonstrate how to pwn some of the intentionally broken binaries within the DVRF firmware. The firmware for this project can either run on an actual hardware device or be emulated in software. The talk would show how this can all be done in software to provide an easy way into the world of penetration testing of firmware on hardware devices.
As firmware on hardware continues to be more readily available (either from the vendor or by dumping it through hardware access), organizations and individuals need to assess the software within the firmware. Not a lot of attention has been focused on hardware and firmware vulnerabilities as we see with mobile and Web applications. This talk helps to provide more awareness of the vulnerabilities within firmware software and how people can get into this area of infosec.
The Havana release of OpenStack, came out in October 2013, contains several significant changes and new features in the networking component. OpenStack Networking has changed name from 'quantum' to 'neutron'. It lays the foundation for supporting heterogeneous network components with the introduction of the ML2 (modular layer 2) plugin. The first implementations of FireWall as a Service (FWaaS) and VPN as a Service (VPNaaS) are now included. These features were demonstrated by Cisco developers at the OpenStack meetup in Boston in Oct 2013.
Luke Jennings, Countercept
Attackers have been avoiding disk and staying memory resident for over a decade and this has traditionally proven an Achilles heels for security products and the teams that operate them. The boom in both EDR products and memory forensics toolkits in more recent years have helped defenders to fight back but attackers are already adapting their approaches.
This talk will cover both classic and modern techniques for injecting code into legitimate processes on Microsoft Windows systems, as well as several techniques for detecting them. This will include both system tracing methods, good for proactive detection, as well as memory analysis techniques that have the added benefit of allow detection of pre-existing compromises in real-world incident response scenarios, with a brief case study example. As part of this, practical examples will be given showing how Microsoft’s ATP and Sysmon help in this area as well as other techniques. Finally, the future of this area will be considered, including how the .NET runtime already complicates detection techniques in this area and how this will likely become increasingly challenging as more attackers discover and exploit this.
By the end of the talk, the audience should understand the importance of code injection in the context of memory-resident implants, the key techniques for performing it and detecting it and the challenges of achieving this in the real-world at enterprise scale.
2014 OpenStack Summit - Neutron OVS to LinuxBridge MigrationJames Denton
Presentation titled 'Migrating production workloads from OVS to LinuxBridge'. Presented at the Fall 2014 OpenStack summit in Paris, this slide deck introduced the possibility of migrating live workloads from Open vSwitch to LinuxBridge with minimal downtime.
"One network to rule them all" - OpenStack Summit Austin 2016Phil Estes
Presentation at IBM Client Day by Kyle Mestery and Phil Estes, OpenStack Summit 2016 - Austin, Texas on April 26, 2016. "Open, Scalable and Integrated Networking for Containers and VMs" covering Project Kuryr, Docker's libnetwork, and Neutron & OVS and OVN network stacks
How to write a Neutron Plugin - if you really need tosalv_orlando
Slides for the talk from Salvatore Orlando and Armando Migliaccio at the Openstack Summit - Fall 2013 in Hong Kong
Talk abstract: http://openstacksummitnovember2013.sched.org/event/c6478ecf54d639de3b8b9958bfe9d450#.UnLEI5ROpU0
OpenStack Neutron Advanced Services by AkandaSean Roberts
Sean Roberts, VP Development Akanda, gave this talk on 03 September 2015 at the HP Sunnyvale offices. This talk goes into detail of how Akanda delivers OpenStack Neutron Advanced Services. Event details can be found here http://www.meetup.com/openstack/events/215648162/
Networking with Neutron is one of the most complex subsystems in Openstack. In this talk we shed light on the key components of Neutron networking and the specialities of the relatively new ML2 core plugin.
These are the slides from the webinar "OpenStack networking (Neutron)", which covered the topics:
- OpenStack Networking: the Neutron project (NaaS);
- Main features of Neutron;
- Advanced networking functionalities in OpenStack.
DIY Home Weather Station (Devoxx Poland 2023)Ryan Cuprak
Weather is a fascinating and important aspect of our lives, and with the rise of smart home technology, it has become easier than ever to track and monitor weather conditions in your own backyard. In this presentation, I will explore the process of building a home weather station.
I will discuss the hardware components needed to build a weather station, including sensors for temperature, humidity, pressure, and precipitation, as well as the embedded board itself. I will also cover the programming aspect of the project, including how to read data from the sensors and transmit it wirelessly to the cloud.
By the end of this presentation, you will have a solid understanding of how to build and program a home weather station using Arduino, and how to customize and expand the project to fit your specific needs.
Log and control all service-to-service traffic in one place (Kelvin Wong)London Microservices
When working with microservices, network unreliability brings a new dimension of challenges. Two such challenges are: 1) diagnosing network-related faults that span multiple microservices, and 2) managing pre-emptive fault-handling logic with client libraries.
Some solutions exist already, such as API gateways and service meshes. API gateways are designed primarily for client-server traffic, while service meshes are great for service-to-service traffic, but also highly complex.
We built Apex for small teams that are migrating from a monolith to their first few microservices, and starting to experience the above challenges. Apex is an open-source API proxy that provides one place to log and control all service-to-service traffic.
Key takeaways:
- Solutions already exist (e.g. API gateways, service meshes) for teams who must now also diagnose and pre-empt network faults in their systems
- These solutions come with their own trade-offs, though neither are optimal for small teams that are migrating from a monolith to their first few microservices
- A relatively simple solution, Apex's architecture of API proxy + logs database + configuration store can help small microservices teams handle these challenges
- Apex is recognised as a transitional architecture for microservices teams who don't yet have the expertise or bandwidth to deploy and operate a full service mesh
Kelvin is a full-stack Software Engineer based in London, with experience in Ruby, JavaScript / Node.js, PostgreSQL, Docker, AWS, Rails, and React. Prior to becoming a Software Engineer, Kelvin was a start-up founder in Hong Kong. LinkedIn profile: https://www.linkedin.com/in/kjhwong/.
This talk is an introduction for people looking to assess software within the firmware of a hardware device. Specifically, the talk will discuss the open source project, Damn Vulnerable Router Firmware, provide a brief overview of the MIPS CPU architecture and assembly language, give a brief rundown of MIPS disassembly with tools, as well as demonstrate how to pwn some of the intentionally broken binaries within the DVRF firmware. The firmware for this project can either run on an actual hardware device or be emulated in software. The talk would show how this can all be done in software to provide an easy way into the world of penetration testing of firmware on hardware devices.
As firmware on hardware continues to be more readily available (either from the vendor or by dumping it through hardware access), organizations and individuals need to assess the software within the firmware. Not a lot of attention has been focused on hardware and firmware vulnerabilities as we see with mobile and Web applications. This talk helps to provide more awareness of the vulnerabilities within firmware software and how people can get into this area of infosec.
The Havana release of OpenStack, came out in October 2013, contains several significant changes and new features in the networking component. OpenStack Networking has changed name from 'quantum' to 'neutron'. It lays the foundation for supporting heterogeneous network components with the introduction of the ML2 (modular layer 2) plugin. The first implementations of FireWall as a Service (FWaaS) and VPN as a Service (VPNaaS) are now included. These features were demonstrated by Cisco developers at the OpenStack meetup in Boston in Oct 2013.
Luke Jennings, Countercept
Attackers have been avoiding disk and staying memory resident for over a decade and this has traditionally proven an Achilles heels for security products and the teams that operate them. The boom in both EDR products and memory forensics toolkits in more recent years have helped defenders to fight back but attackers are already adapting their approaches.
This talk will cover both classic and modern techniques for injecting code into legitimate processes on Microsoft Windows systems, as well as several techniques for detecting them. This will include both system tracing methods, good for proactive detection, as well as memory analysis techniques that have the added benefit of allow detection of pre-existing compromises in real-world incident response scenarios, with a brief case study example. As part of this, practical examples will be given showing how Microsoft’s ATP and Sysmon help in this area as well as other techniques. Finally, the future of this area will be considered, including how the .NET runtime already complicates detection techniques in this area and how this will likely become increasingly challenging as more attackers discover and exploit this.
By the end of the talk, the audience should understand the importance of code injection in the context of memory-resident implants, the key techniques for performing it and detecting it and the challenges of achieving this in the real-world at enterprise scale.
2014 OpenStack Summit - Neutron OVS to LinuxBridge MigrationJames Denton
Presentation titled 'Migrating production workloads from OVS to LinuxBridge'. Presented at the Fall 2014 OpenStack summit in Paris, this slide deck introduced the possibility of migrating live workloads from Open vSwitch to LinuxBridge with minimal downtime.
"One network to rule them all" - OpenStack Summit Austin 2016Phil Estes
Presentation at IBM Client Day by Kyle Mestery and Phil Estes, OpenStack Summit 2016 - Austin, Texas on April 26, 2016. "Open, Scalable and Integrated Networking for Containers and VMs" covering Project Kuryr, Docker's libnetwork, and Neutron & OVS and OVN network stacks
How to write a Neutron Plugin - if you really need tosalv_orlando
Slides for the talk from Salvatore Orlando and Armando Migliaccio at the Openstack Summit - Fall 2013 in Hong Kong
Talk abstract: http://openstacksummitnovember2013.sched.org/event/c6478ecf54d639de3b8b9958bfe9d450#.UnLEI5ROpU0
OpenStack Neutron Advanced Services by AkandaSean Roberts
Sean Roberts, VP Development Akanda, gave this talk on 03 September 2015 at the HP Sunnyvale offices. This talk goes into detail of how Akanda delivers OpenStack Neutron Advanced Services. Event details can be found here http://www.meetup.com/openstack/events/215648162/
Networking with Neutron is one of the most complex subsystems in Openstack. In this talk we shed light on the key components of Neutron networking and the specialities of the relatively new ML2 core plugin.
These are the slides from the webinar "OpenStack networking (Neutron)", which covered the topics:
- OpenStack Networking: the Neutron project (NaaS);
- Main features of Neutron;
- Advanced networking functionalities in OpenStack.
DIY Home Weather Station (Devoxx Poland 2023)Ryan Cuprak
Weather is a fascinating and important aspect of our lives, and with the rise of smart home technology, it has become easier than ever to track and monitor weather conditions in your own backyard. In this presentation, I will explore the process of building a home weather station.
I will discuss the hardware components needed to build a weather station, including sensors for temperature, humidity, pressure, and precipitation, as well as the embedded board itself. I will also cover the programming aspect of the project, including how to read data from the sensors and transmit it wirelessly to the cloud.
By the end of this presentation, you will have a solid understanding of how to build and program a home weather station using Arduino, and how to customize and expand the project to fit your specific needs.
A class to introduce students to designing Printed Circuit Boards (PCBs) using the Eagle software. Reflow soldering with stencil and solder paste will also be covered. This class was originally held by me at One Maker Group.
The lesson should take approximately 6 hours to complete.
The example designs used in this class can be found in the repo here. https://github.com/yeokm1/intro-to-pcb-design-eagle
RTOS based Confidential Area Security Systemajinky gadewar
Project is about to provide security system for confidential area security system.
It uses ARM LPC-1768 as microcontroller and Micro-Controller Operating System as a RTOS. Project consists of identity module as RFID, Fingerprint Scan and numbered password. It also uses different sensors.
This connection or communication of multiple microcontrollers in a network is to a get a desired output. It is widely used in modern automobile industries. More and more microcontrollers are embedded in different kinds of products from industrial environment to domestic area.
A separately excited dc motor is driven from a 240v, 50HZ supply via a HC
SCR-bridge with a fly-wheel diode. The motor has an armature resistance
1Ω, an armature voltage constant Kv of 0.8 V. s/rad. The field current is
constant. Assume steady armature current. Determine the armature current
and torque for 1600 rpm and a firing angle delay of a) 30° b) 60
Automatic Power Factor Correction Using Arduino UnoVineetKumar508
It calculates the power factor of load using ZCD and an Arduino program based on P.F. it determines the
how much compensating element should be added to load to make P.F. near to unity. You can also add IoT to monitor the power consumption, Voltage, Current an P. F. of the load remotely.
BsidesSP: Pentesting in SDN - Owning the ControllersRoberto Soares
Conference:
BsidesSP
Description:
SDN (Software Defined Network) has attracted the attention of many technology giants from various segments such as VMware, Juniper, Cisco, HP, IBM, Google, China Telecom, Huawei and others by providing more virtualized services that can be scheduled, managed and monitored faster, more efficient and in a less costly manner than the usual solutions. Defining routes, switching, QoS treatment and security policies that happened in stocky and specific hardware now has performed his duties in higher layers of software, installed on virtualized machine. But how can we test this? First, we'll address an overview of the SDN architecture, soon after, it will be explained how to find SDN controllers, and if present in our network, steal critical information so that we can proceed with our exploitation. In the end, we will take possession of the controllers and make unexpected. There will be a smattering of codes for metasploit that will be demonstrated. Does a controller can control us? We'll see.
What's inside a Cessna 172 and flying a light planeyeokm1
A talk I gave at Hackware v5.0 on the components inside a Cessna 172, planning and making a flight.
Video of this talk: https://www.youtube.com/watch/?v=GtT5wCYhZBA
The talk I gave at GopherCon Singapore 2018 about this Turing award paper "Reflections on Trusting Trust" by Ken Thompson. I also demoed a rudimentary practical implementation of the ideas in the paper.
My talk also touched briefly on 1 extra paper "Fully Countering Trust through Diverse Double Compiling" by David Wheeler.
The code demos used in the presentation can be found here. https://github.com/yeokm1/reflections-on-trusting-trust-for-go
A talk I gave about Meltdown and Specter to the Papers We Love SG meetup.
https://engineers.sg/v/2302
Meltdown Paper: https://meltdownattack.com/meltdown.pdf
Spectre Paper: https://spectreattack.com/spectre.pdf
A talk I gave about how I managed to get a modern Gentoo Linux installed in a 486 PC in 2018.
Blog Post: http://yeokhengmeng.com/2018/01/make-the-486-great-again/
Instructions: https://github.com/yeokm1/gentoo-on-486
Slides for a full talk I gave at iOS Dev Scout about how to do rudimentary BLE localisation using a couple of Raspberry Pis as beacons.
An overview of this was given as a lightning talk at iOS Conf SG 2017.
Source code can be found here:
https://github.com/yeokm1/ble-localiser
Slides for a lightning talk I gave at iOS Conf SG 2017. It is about how to do rudimentary BLE localisation using a couple of Raspberry Pi as beacons.
Source code can be found here:
https://github.com/yeokm1/ble-localiser
Video of this talk can be found here:
https://engineers.sg/v/2056
Repair Kopitiam Specialty Tools (Part 2): Short Circuit Limiteryeokm1
A talk I gave at Hackware v3.4 (6 Sept 2017) about the a short-circuit-limiter device I built for Repair Kopitiam.
Relevant links are below:
http://yeokhengmeng.com/2017/07/repair-kopitiam-specialty-electrical-tools-part-2-short-circuit-limiter/
http://yeokhengmeng.com/2017/07/repair-kopitiam-specialty-electrical-tools-part-2-short-circuit-limiter/
Talk I gave about my PCB name card. More detailed information can be found in the links below.
https://github.com/yeokm1/pcb-name-card-sp
http://yeokhengmeng.com/2015/09/pcb-businessname-card/
This is a talk I gave at Hackware v3.0 3 May 2017.
A device at the exit that unlocks the main office door of the Singapore Power Digital Team's office at Keppel Tower 2 with just a hand gesture.
Schematics and code: https://github.com/yeokm1/sp-auto-door-unlocker
This is a talk I gave at Hackware v3.0 3 May 2017.
An IoT doorbell at Singapore Power's Digital Tech office that will take a picture of a visitor and notify a Slack channel when the button pressed.
Schematics and code: https://github.com/yeokm1/sp-iot-doorbell
A system that locks your computer the moment you move away from it. Details can be found in my Github repo here. https://github.com/yeokm1/distance-machine-locker
A Science Project: Building a sound card based on the Covox Speech Thingyeokm1
A talk I gave at Hackware v2.6 on 4 Jan 2016 about how I recreated the Covox Speech Thing. I also wrote a music player software for modern Linux systems to play to this hardware.
Relevant links are below:
http://yeokhengmeng.com/2017/01/a-science-project-bringing-the-covox-speech-thing-to-2017/
https://github.com/yeokm1/pcb-covox
https://github.com/yeokm1/pcb-covox-amp
https://github.com/yeokm1/pcb-covox-amp-v2
https://github.com/yeokm1/covox-music-player
A talk I gave at iOS Dev Scout on 23 Nov 2016 about a desktop Swift chat app I wrote that uses the Serial Port. It uses the Swift Serial library which I also wrote.
Code for both library and the example app can be found here: https://github.com/yeokm1/SwiftSerial
Video of my talk can be found here: https://engineers.sg/v/1275
Windows 3.1 (WFW) on vintage and modern hardwareyeokm1
A talk I gave at Hackware v2.2 about my efforts in installing Windows for Workgroups 3.11 on vintage and modern systems.
More detais can be found in my blog post here: http://yeokhengmeng.com/2016/09/windows-for-workgroups-3-11-on-vintage-and-modern-hardware-in-2016/
These are the slides used in training new electrical coaches of Repair Kopitiam in the use of our special circuit breaker setup. More details can be found in the following links.
http://yeokhengmeng.com/2017/07/repair-kopitiam-specialty-electrical-tools-part-2-short-circuit-limiter/
https://github.com/yeokm1/repair-kopitiam-training-and-equipment
http://yeokhengmeng.com/2016/05/repair-kopitiam-speciality-electrical-tools/
http://yeokhengmeng.com/2017/07/repair-kopitiam-specialty-electrical-tools-part-2-short-circuit-limiter/
A talk I gave at Creative Crew (Singapore) on 12 August 2016 to introduce newcomers to the Raspberry Pi.
Video link of this talk can be found here: https://engineers.sg/v/955
Code used in the talk can be found here: https://github.com/yeokm1/getting-started-with-rpi
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
A2: Analog Malicious Hardware
1. A2: Analog Malicious Hardware
Authored by:
1. Kaiyuan Yang
2. Matthew Hicks
3. Qing Dong
4. Todd Austin
5. Dennis Sylvester
Department of Electrical Engineering and Computer Science
University of Michigan
Ann Arbor, MI, USA
Paper: http://static1.1.sqspcdn.com/static/f/543048/26931843/1464016046717/A2_SP_2016.pdf
1
Papers We Love #22 (29 Aug 2016) By: Yeo Kheng Meng (yeokm1@gmail.com)
2. Remember “Reflections on Trusting Trust”?
1984 Turing award lecture by Ken Thompson
• Hack compilers to inject malicious code into output binaries
• Conclusion
• “You can’t trust code that you did not totally create yourself”
• “We can go lower to avoid detection like assembler, loader
or hardware microcode”
2
3. Threat Model/Paper Abstract
• “we show how a fabrication-time attacker can leverage analog circuits to create a hardware attack
that is small and stealthy
1. “we construct a circuit that uses capacitors to siphon charge from nearby wires as they
transition between digital values. “
2. “When the capacitors fully charge, they deploy an attack that forces a victim flip-flop to a
desired value.”
3. “We weaponize this attack into a remotely-controllable privilege escalation by attaching the
capacitor to a wire controllable and by selecting a victim flip-flop that holds the privilege bit for
our processor.”
4. We implement this attack in an OR1200 processor and fabricate a chip
3
Privilege escalation with maliciously-modified hardware
5. Analog vs Digital Circuits
• Analog
• Continuous Signal
• Signal is a fraction of logic level voltage
• Digital
• Discrete
• Usually binary 0 or 1
• 1: High logic voltage
• 0: Low logic voltage
5
Image from:
https://www.renesas.com/en-us/support/technical-resources/engineer-school/digital-circuits-01-and-circuit-or-circuit-not-circuit.html
6. What is a Capacitor?
https://en.wikipedia.org/wiki/Capacitor
• A capacitor is a passive two-terminal electrical component used to store electrical energy
temporarily in an electrostatic field.
• AKA temporary small-capacity battery
• Capacitor “leaks”
6
7. Charge Pump Design
• A charge pump is a kind of DC to DC converter that uses capacitors as energy-storage
elements to create either a higher- or lower-voltage power source.
• Clock/Pulse at regular intervals build up a charge in capacitor
7
8. What is a flip-flop/latch?
• Circuit that has two stable states and can
be used to store state information.
• Example Set-Reset (SR) latch
• 2 Interconnected NOR Gates
An animated SR latch. Black = 1, White = 0
Value is stored in Q, Q’ is the compliment.
https://en.wikipedia.org/wiki/Flip-flop_(electronics)#SR_NOR_latch
https://en.wikipedia.org/wiki/NOR_gate 8
SR Latch Truth table
S R Q Action Qnext
0 0 Q Hold Q
0 1 0 Reset 0
0 1 1 Reset 0
1 0 0 Set 1
1 0 1 Set 1
1 1 X NA NA
NOR Gate Operation
Input Output
A B A NOR B
0 0 1
0 1 0
1 0 0
1 1 0
9. Integrated Circuit (IC)
Design Process
• Similar to Printed Circuit Board Design
1. Digital Design Phase
• Logic Simulation with HDL: VHDL/Verilog
• Circuit schematic design
2. Backend Design
• Routing, layout
• Design Rule Check (DRC)
• Graphic Database System II (GDSII) file is generated
• GDSII to ICs, Gerbels to PCBs
3. Fabrication
4. Verification
9
10. Chip Fabrication Processlayers
• Front End Of Line (FEOL) contains
• Transistors, Capacitors, Resistors, Flip-Flops
• PCB Analogy: Board Components
• Back End Of Line (BEOL) contains
• Layers of tiny Copper Wiring
• PCB Analogy: Trace layers
• Solder-Bump
• Attachment to host PCB or motherboard
10
https://upload.wikimedia.org/wikipedia/commons/e/ee/Cmos-chip_structure_in_2000s_%28en%29.svg
11. Attack Components
• Trigger
• Monitors wires and states till the moment to activate payload
• Payload
• Malicious action accomplished when triggered
11
12. Target Platform
• OpenRISC 1200 processor
• Open source CPU
• Uses 32-bit OR1K instruction set
• 128KB instruction cache
• Implemented as FPGA using VHDL
12
13. OR1200 Supervision Register
• SM bit
• Determines if current process is user or supervisor
• 0 for usermode, 1 for supervisor mode
• OV bit
• If overflow occurred during last arithmetic operation
• 0 for no overflow, 1 for overflow
13
Page 29-30 of OpenRISC 1000 Architecture Manual, Architecture Version 1.1, Document Revision 0
https://github.com/openrisc/doc/blob/master/openrisc-arch-1.1-rev0.pdf
14. Attack model
1. Show Analog Circuits with a capacitor can create attacks
2. Pick victim wires that will trigger attacks
3. When the capacitors fully charge, they deploy an attack that
changes the flip-flop that holds the privilege bit
4. Stealthily implement this attack in an OR1200 processor
5. Run malicious code to activate the attack
14
15. 15
1. Single-stage Analog trigger circuit behaviour model
• Based on charge-pump design
• When Cap Voltage > Threshold, trigger output
• Trigger Input: Victim Wire
• Trigger Time: Time taken to
activate trigger at certain
trigger frequency
• Retention Time: Time taken
to reset trigger after input
stops
16. 16
1. Multi-stage Analog trigger circuit behaviour model
• Lower probability of false trigger activation
• Normal operations/benchmarks can “accidentally” trigger a wire
• Software flexibility
• Multiple attack vectors
17. 2. Single-stage trigger
victim wire selection
• We use the overflow flag wire as trigger
17
Page 29-30 of OpenRISC 1000 Architecture Manual, Architecture Version 1.1, Document Revision 0
https://github.com/openrisc/doc/blob/master/openrisc-arch-1.1-rev0.pdf
19. 3. The Attack Payload
• Overwrite register value containing “privilege/supervisor bit”
• Usermode process now given superuser privileges
19
Reset Latch (Active-Low) Set Latch (Active-High)
20. 4. Attack insertion vector?
• Can be done anywhere along the chain
• Adding in Digital Design Phase?
• Easiest to implement on schematic level
• Easily detected during verification checks
• Tight security of designer’s machines
• Backend?
• Moderate difficulty but still able to find insertion location
• Can be discovered by SPICE simulation
• Tight security of designer’s machines
• Final choice: Fabrication
• Relatively lower security at foundry level
• Requires insider access to GDSII between backend and fabrication
• Tough to detect
20
21. 4. Stealth implementation on OR1200
21
• CPU die size is 2.1mm2
• A2 Analog attack
• 1 gate, 13.4um2
• Digital counter-based equivalent of A2
• 91 cells or gates, 382um2
22. 5. Pseudocode for single-stage trigger attack
22Page 54 of OpenRISC 1000 Architecture Manual, Architecture Version 1.1, Document Revision 0
https://github.com/openrisc/doc/blob/master/openrisc-arch-1.1-rev0.pdf
Divide by 0
24. Test Results
• It works!
• Voltage range: 0.8V to 1.2V
• Temperature range: -25°C to 100°C
• Result Trends
• ↑ temperature -> ↑ capacitor leakage -> ↑ trigger cycles
• ↑ voltage -> ↑ rate of capacitor accumulation -> ↓ trigger cycles
24
25. Possible Defences?
• Side Channel?
• Power difference of extra gate in 100000 gates is negligible
• Visual inspection?
• Detecting anomalous 13.4um2 circuitry in 2.1mm2 die size is impractical
• Split Manufacturing?
• Trusted and expensive
• Untrusted and cheaper
25
26. Intuitive Split Manufacturing strategy
• Goal: Obfuscate design from untrusted fabricator by
withholding some wires on upper layers
• BUT possible to reverse engineer 96% of “some wires” using
knowledge of layout tools
• J. Rajendran, O. Sinanoglu, and R. Karri, “Is split manufacturing secure?” in
Design, Automation and Test in Europe, ser. DATE, 2013, pp. 1259–1264. 26
Trusted Fabricator
And
Assembler
Untrusted/Cheaper
Fabricator
Design
House
GDSII of gates and other wires
GDSII of some wires
Assembled chip
Unfinished bottom portion
27. Proposed Split Manufacturing strategy
• Split at Level 1
• Untrusted Manufacturer does not make any gates
• However…
• Expensive $$$ to join two copper layers at low layers
• No such process exists 27
Trusted Fabricator
And
Assembler
Untrusted/Cheaper
Fabricator
Design
House
Assembled chip
FEOL + Metal Level 1
BEOL – Metal Level 1
Unfinished top portion
28. Potential for x86 attacks?
• Much harder to detect and easier to implement than on OR1200
• x86 has more registers, A2 only needs one
• x86 has more victim wires
• “The only aspect of scaling to an x86-class processor that we anticipate as a
challenge is maintaining controllability as there are many redundant functional
units inside an x86, so a trigger would either need to tap equivalent wires in all
functional units or be open to some probabilistic effects.”
28