The document discusses security implications for game consoles. It notes that modern attacks can target shaders through unified memory, use side-channels, or leverage machine learning to find flaws in drivers. The document recommends defending consoles by making attacks more costly than compliance, ensuring attempted hacks are visible, moving security functions to FPGAs on the same die as the CPU, isolating components with micro-kernels, and using formal validation tools to model kernels and other software.

1. Console Security & Implications
Boyd Multerer
Shift Dev 2019

3. vs

4. unknown remote attacker
vs.
owner colludes with attacker

5. play for free

6. cheat to win

7. alternate use

12. modern attacks
• attack shaders via unified memory
• side-channels
• ML to find flaws in drivers
• signed code constructions

14. Hardware
• Don’t trust the circuit board
• Don’t trust memory or even registers
• Can’t trust any secrets in the CPU

15. Software
• Assume memory is compromised.
• Assume data on busses have leaked
• Every driver is an attack vector

17. defense goals
• cost of attack higher than compliance
• attacking one doesn’t help the next
• attempted hacks visible to network

18. FPGAs
• Move all security here
• PUFs
• Must be in same die as CPU

19. Micro-Kernels
• Move forward to the 90’s!
• All drivers must be in user mode
• Isolate logic as much as possible

20. Formal Validation
• Isabelle https://www.cl.cam.ac.uk/research/hvg/Isabelle/
• Kernels must be modeled
• Model further up the stack

21. boydm@kry10.com
Wellington, New Zealand