SlideShare a Scribd company logo
1 of 36
Download to read offline
從晶片設計角度
看硬體安全
中原大學電子工程學系
黃世旭教授
Outline
• 硬體安全的重要性
• 電路設計與硬體安全的關係
• Meltdown 及 Spectre 之硬體安全問題
• 電路設計考慮硬體安全的困難
• 結語
Outline
• 硬體安全的重要性
• 電路設計與硬體安全的關係
• Meltdown 及 Spectre 之硬體安全問題
• 電路設計考慮硬體安全的困難
• 結語
Hardware Security
• Hardware
– Integrated Circuits (ICs)
– Field Programmable Gate Arrays (FPGAs)
– Embedded Systems
• Security
– Vulnerabilities, threats, attacks from
hardware
– Hardware for security
– The security in hardware design process
參考文獻:G. Qu, "Hardware Security". https://www.coursera.org/learn/hardware-security
重要性
• 隨著物聯網應用持續蓬勃發展,可以預
期市場對於硬體安全的需求日益增⾧。
• 最近有關 CPU 之 out-of-order
execution 及 speculative execution
設計漏洞衍生的 Meltdown與Spectre
兩大攻擊手法,衝擊全球數十億電腦(桌
機、筆電)、伺服器甚至手機的處理器,
恐導致記憶體資料外洩。此新聞事件,
正突顯硬體安全的重要性。
Hardware Security
• Hardware
– Integrated Circuits (ICs)
– Field Programmable Gate Arrays (FPGAs)
– Embedded Systems
• Security
– Vulnerabilities, threats, attacks from
hardware
– Hardware for security
– The security in hardware design process
參考文獻:G. Qu, "Hardware Security". https://www.coursera.org/learn/hardware-security
Outline
• 硬體安全的重要性
• 電路設計與硬體安全的關係
• Meltdown 及 Spectre 之硬體安全問題
• 電路設計考慮硬體安全的困難
• 結語
Sources of Vulnerabilities
• Design Mistakes
– a vulnerability may be unintentionally created
in the hardware implementation
• CAD Tools
– don’t-care conditions can create vulnerability
in the circuit
• Design for Testability (DFT)
– the increased controllability and observability
can create numerous vulnerabilities
參考文獻:P. Mishra, et al. (editors), “Hardware IP Security and Trust”, Springer International Publishing, 2017. (ISBN 978-3-319-49025-0)
Vulnerabilities in
Combinational Logics
參考文獻:G. Qu, "Hardware Security". https://www.coursera.org/learn/hardware-security
Vulnerabilities in
Combinational Logics
參考文獻:G. Qu, "Hardware Security". https://www.coursera.org/learn/hardware-security
Backdoor
ABC = 101
Fault Injection
ABC = 011 or 111
X = B’ Y = C’
Vulnerabilities in
Sequential Logics
參考文獻:G. Qu, "Hardware Security". https://www.coursera.org/learn/hardware-security
Vulnerabilities in
Sequential Logics
參考文獻:G. Qu, "Hardware Security". https://www.coursera.org/learn/hardware-security
Vulnerabilities in
Sequential Logics
參考文獻:G. Qu, "Hardware Security". https://www.coursera.org/learn/hardware-security
Vulnerabilities in
Sequential Logics
參考文獻:G. Qu, "Hardware Security". https://www.coursera.org/learn/hardware-security
Outline
• 硬體安全的重要性
• 電路設計與硬體安全的關係
• Meltdown 及 Spectre 之硬體安全問題
• 電路設計考慮硬體安全的困難
• 結語
Memory Isolation
• In modern processors, the isolation
between the kernel and user processes is
typically realized by a supervisor bit of the
processor that defines whether a memory
page of the kernel can be accessed or not.
• In practice, there is no change of the
memory mapping when switching from a
user process to the kernel.
參考文獻:M. Lipp, et al., "Meltdown". https://arxiv.org/abs/1801.01207
Memory Page Sharing
圖片來源:M. Lipp, et al., "Meltdown". https://arxiv.org/abs/1801.01207
Out-of-order Execution
• Out-of-order execution is an important
feature of modern processors in order to
overcome latencies of busy execution units.
– a memory fetch unit needs to wait for data
arrival from memory
• Instead of stalling the execution, modern
processors run operations out-of-order.
– look ahead and schedule subsequent operations
to idle execution units
參考文獻:M. Lipp, et al., "Meltdown". https://arxiv.org/abs/1801.01207
Out-of-order Execution
參考文獻:https://iis-people.ee.ethz.ch/~gmichi/asocd/addinfo/Out-of-Order_execution.pdf
Intel’s Skylake Microarchitecture
圖片來源:M. Lipp, et al., "Meltdown". https://arxiv.org/abs/1801.01207
Meltdown Attack
• Meltdown are based on the side effects
caused by out-of-order execution.
• Meltdown allows an adversary to obtain a
dump of the entire kernel address space,
including any mapped physical memory.
• Meltdown does not exploit any software
vulnerability.
參考文獻:M. Lipp, et al., "Meltdown". https://arxiv.org/abs/1801.01207
Meltdown Attack
• Out-of-order memory lookups influence the
cache.
– can be detected through the cache side channel.
• An attacker can dump the entire kernel memory
– read privileged memory in an out-of-order execution
stream
– transmit the data from this elusive state via a micro-
architectural covert channel to the outside world.
參考文獻:M. Lipp, et al., "Meltdown". https://arxiv.org/abs/1801.01207
A Toy Example
• Due to the out-of-order execution, the CPU might
have already executed the following instructions
as there is no dependency on the exception.
• During the out-of-order execution, the referenced
memory is fetched into a register and is also
stored in the cache.
參考文獻:M. Lipp, et al., "Meltdown". https://arxiv.org/abs/1801.01207
Exception Handling
圖片來源:M. Lipp, et al., "Meltdown". https://arxiv.org/abs/1801.01207
Meltdown Attack
圖片來源:M. Lipp, et al., "Meltdown". https://arxiv.org/abs/1801.01207
Spectre Attacks
• In modern processors, branch prediction
and speculative execution are used to
maximize performance.
• Spectre attacks involve:
– induce a victim to speculatively execute
operations that would not be performed during
correct program execution
– leak the victim’s confidential information via
a side channel to the adversary.
參考文獻:P. Kocher, et al., "Spectre Attacks: Exploiting Speculative Execution". https://arxiv.org/abs/1801.01203
A Toy Example
參考文獻:P. Kocher, et al., "Spectre Attacks: Exploiting Speculative Execution". https://arxiv.org/abs/1801.01203
• the value of x is maliciously chosen (and out-of- bounds) such
that array1[x] resolves to a secret byte k somewhere in the
victim’s memory.
• array1 size and array2 are not present in the processor’s cache,
but k is cached.
• previous operations received values of x that were valid, leading
the branch predictor to assume the if will likely be true.
Evict+Time
• the state of the cache affects the timing of speculatively executed
code.
• this attack would work even if speculative execution does not
modify the contents of the cache.
參考文獻:P. Kocher, et al., "Spectre Attacks: Exploiting Speculative Execution". https://arxiv.org/abs/1801.01203
Instruction Timing
• Spectre vulnerabilities do not necessarily need to involve caches.
• Instructions whose timing depends on the values of the operands
may leak information on the operands.
參考文獻:P. Kocher, et al., "Spectre Attacks: Exploiting Speculative Execution". https://arxiv.org/abs/1801.01203
Contention on the Register
File
• if condition on R1 in the second ‘if’ is true, then an extra
speculative execution checkpoint will be created than if condition
on R1 is false.
參考文獻:P. Kocher, et al., "Spectre Attacks: Exploiting Speculative Execution". https://arxiv.org/abs/1801.01203
Leveraging arbitrary
observable effects
• the timing of when the observable operation begins will depend on
the cache status of array2.
參考文獻:P. Kocher, et al., "Spectre Attacks: Exploiting Speculative Execution". https://arxiv.org/abs/1801.01203
Outline
• 硬體安全的重要性
• 電路設計與硬體安全的關係
• Meltdown 及 Spectre 之硬體安全問題
• 電路設計考慮硬體安全的困難
• 結語
電路設計考慮硬體安全的困難
• 許多電路設計者不瞭解資安的需求
• 硬體安全增加電路成本
– Timing
– Area
– Power
• 需要 CAD 工具支援
• 硬體安全與電路可測性的本質上矛盾
Outline
• 硬體安全的重要性
• 電路設計與硬體安全的關係
• Meltdown 及 Spectre 之硬體安全問題
• 電路設計考慮硬體安全的困難
• 結語
結語
• Meltdown 及 Spectre 造成的影響,顯
示硬體安全的重要性。
• 隨著物聯網應用持續蓬勃發展,可以預
期市場對於硬體安全的需求日益增⾧。
• 電路設計考慮硬體安全面臨㇐些挑戰,
未來需要電路設計領域專家與資訊安全
領域專家共同努力。
Thank You!

More Related Content

What's hot

Lucas apa pacsec slides
Lucas apa pacsec slidesLucas apa pacsec slides
Lucas apa pacsec slidesPacSecJP
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
Malware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationMalware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationTamas K Lengyel
 
Troopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTroopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTamas K Lengyel
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02PacSecJP
 
Qinghai Tang, pacsec english-version-final
Qinghai Tang, pacsec english-version-finalQinghai Tang, pacsec english-version-final
Qinghai Tang, pacsec english-version-finalPacSecJP
 
Gang gong, escalate privilege by vulnerabilities in android system services
Gang gong, escalate privilege by vulnerabilities in android system servicesGang gong, escalate privilege by vulnerabilities in android system services
Gang gong, escalate privilege by vulnerabilities in android system servicesPacSecJP
 
Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?HackIT Ukraine
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
 
Secure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSecure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSebastien Gioria
 
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Cyphort
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
CyberSEED: Virtual Machine Introspection to Detect and Protect
CyberSEED: Virtual Machine Introspection to Detect and ProtectCyberSEED: Virtual Machine Introspection to Detect and Protect
CyberSEED: Virtual Machine Introspection to Detect and ProtectTamas K Lengyel
 
Trendmicro Security Award 2012 Final Presentation
Trendmicro Security Award 2012 Final PresentationTrendmicro Security Award 2012 Final Presentation
Trendmicro Security Award 2012 Final PresentationHiromu Yakura
 
勒索軟體態勢與應措
勒索軟體態勢與應措勒索軟體態勢與應措
勒索軟體態勢與應措jack51706
 
Dissecting ZeuS malware
Dissecting ZeuS malwareDissecting ZeuS malware
Dissecting ZeuS malwareCyphort
 
Automatiza las detecciones de amenazas y evita falsos positivos
Automatiza las detecciones de amenazas y evita falsos positivosAutomatiza las detecciones de amenazas y evita falsos positivos
Automatiza las detecciones de amenazas y evita falsos positivosImma Valls Bernaus
 
The Rising Threat of Fileless Malware
The Rising Threat of Fileless MalwareThe Rising Threat of Fileless Malware
The Rising Threat of Fileless MalwareChelsea Sisson
 

What's hot (20)

Lucas apa pacsec slides
Lucas apa pacsec slidesLucas apa pacsec slides
Lucas apa pacsec slides
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 
Malware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware VirtualizationMalware Collection and Analysis via Hardware Virtualization
Malware Collection and Analysis via Hardware Virtualization
 
Troopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUFTroopers15 Lightning talk: VMI & DRAKVUF
Troopers15 Lightning talk: VMI & DRAKVUF
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
 
Qinghai Tang, pacsec english-version-final
Qinghai Tang, pacsec english-version-finalQinghai Tang, pacsec english-version-final
Qinghai Tang, pacsec english-version-final
 
Gang gong, escalate privilege by vulnerabilities in android system services
Gang gong, escalate privilege by vulnerabilities in android system servicesGang gong, escalate privilege by vulnerabilities in android system services
Gang gong, escalate privilege by vulnerabilities in android system services
 
Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
Secure Coding for Java - An Introduction
Secure Coding for Java - An IntroductionSecure Coding for Java - An Introduction
Secure Coding for Java - An Introduction
 
Endpoint is not enough
Endpoint is not enoughEndpoint is not enough
Endpoint is not enough
 
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
Malware’s Most Wanted: NightHunter. A Massive Campaign to Steal Credentials R...
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
 
CyberSEED: Virtual Machine Introspection to Detect and Protect
CyberSEED: Virtual Machine Introspection to Detect and ProtectCyberSEED: Virtual Machine Introspection to Detect and Protect
CyberSEED: Virtual Machine Introspection to Detect and Protect
 
Trendmicro Security Award 2012 Final Presentation
Trendmicro Security Award 2012 Final PresentationTrendmicro Security Award 2012 Final Presentation
Trendmicro Security Award 2012 Final Presentation
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
 
勒索軟體態勢與應措
勒索軟體態勢與應措勒索軟體態勢與應措
勒索軟體態勢與應措
 
Dissecting ZeuS malware
Dissecting ZeuS malwareDissecting ZeuS malware
Dissecting ZeuS malware
 
Automatiza las detecciones de amenazas y evita falsos positivos
Automatiza las detecciones de amenazas y evita falsos positivosAutomatiza las detecciones de amenazas y evita falsos positivos
Automatiza las detecciones de amenazas y evita falsos positivos
 
The Rising Threat of Fileless Malware
The Rising Threat of Fileless MalwareThe Rising Threat of Fileless Malware
The Rising Threat of Fileless Malware
 

Similar to 【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】

[若渴計畫] Studying Concurrency
[若渴計畫] Studying Concurrency[若渴計畫] Studying Concurrency
[若渴計畫] Studying ConcurrencyAj MaChInE
 
Automating the Hunt for Non-Obvious Sources of Latency Spreads
Automating the Hunt for Non-Obvious Sources of Latency SpreadsAutomating the Hunt for Non-Obvious Sources of Latency Spreads
Automating the Hunt for Non-Obvious Sources of Latency SpreadsScyllaDB
 
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...Priyanka Aash
 
A2: Analog Malicious Hardware
A2: Analog Malicious HardwareA2: Analog Malicious Hardware
A2: Analog Malicious Hardwareyeokm1
 
Micro-Architectural Attacks on Cyber-Physical Systems
Micro-Architectural Attacks on Cyber-Physical SystemsMicro-Architectural Attacks on Cyber-Physical Systems
Micro-Architectural Attacks on Cyber-Physical SystemsHeechul Yun
 
Meltdown & Spectre attacks
Meltdown & Spectre attacksMeltdown & Spectre attacks
Meltdown & Spectre attacksMarian Marinov
 
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kuniyasu Suzaki
 
Defcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesDefcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesMarina Krotofil
 
[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices
[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices
[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devicessrkedmi
 
Lightweight cryptography
Lightweight cryptographyLightweight cryptography
Lightweight cryptographyShivam Singh
 
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecksKernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecksAnne Nicolas
 
Anomaly Detection at Scale
Anomaly Detection at ScaleAnomaly Detection at Scale
Anomaly Detection at ScaleJeff Henrikson
 
The trials and tribulations of providing engineering infrastructure
 The trials and tribulations of providing engineering infrastructure  The trials and tribulations of providing engineering infrastructure
The trials and tribulations of providing engineering infrastructure TechExeter
 
Introduction to OpenStack.
Introduction to OpenStack.Introduction to OpenStack.
Introduction to OpenStack.Eggy Cheng
 
Meltdown and Spectre
Meltdown and SpectreMeltdown and Spectre
Meltdown and Spectreyeokm1
 
Project Tungsten Phase II: Joining a Billion Rows per Second on a Laptop
Project Tungsten Phase II: Joining a Billion Rows per Second on a LaptopProject Tungsten Phase II: Joining a Billion Rows per Second on a Laptop
Project Tungsten Phase II: Joining a Billion Rows per Second on a LaptopDatabricks
 
Nelson: Rigorous Deployment for a Functional World
Nelson: Rigorous Deployment for a Functional WorldNelson: Rigorous Deployment for a Functional World
Nelson: Rigorous Deployment for a Functional WorldTimothy Perrett
 
Affect of parallel computing on multicore processors
Affect of parallel computing on multicore processorsAffect of parallel computing on multicore processors
Affect of parallel computing on multicore processorscsandit
 

Similar to 【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】 (20)

[若渴計畫] Studying Concurrency
[若渴計畫] Studying Concurrency[若渴計畫] Studying Concurrency
[若渴計畫] Studying Concurrency
 
Automating the Hunt for Non-Obvious Sources of Latency Spreads
Automating the Hunt for Non-Obvious Sources of Latency SpreadsAutomating the Hunt for Non-Obvious Sources of Latency Spreads
Automating the Hunt for Non-Obvious Sources of Latency Spreads
 
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation...
 
A2: Analog Malicious Hardware
A2: Analog Malicious HardwareA2: Analog Malicious Hardware
A2: Analog Malicious Hardware
 
Micro-Architectural Attacks on Cyber-Physical Systems
Micro-Architectural Attacks on Cyber-Physical SystemsMicro-Architectural Attacks on Cyber-Physical Systems
Micro-Architectural Attacks on Cyber-Physical Systems
 
Meltdown & Spectre attacks
Meltdown & Spectre attacksMeltdown & Spectre attacks
Meltdown & Spectre attacks
 
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
 
Defcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slidesDefcon through the_eyes_of_the_attacker_2018_slides
Defcon through the_eyes_of_the_attacker_2018_slides
 
[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices
[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices
[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices
 
Lightweight cryptography
Lightweight cryptographyLightweight cryptography
Lightweight cryptography
 
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecksKernel Recipes 2015: Solving the Linux storage scalability bottlenecks
Kernel Recipes 2015: Solving the Linux storage scalability bottlenecks
 
Memory model
Memory modelMemory model
Memory model
 
Anomaly Detection at Scale
Anomaly Detection at ScaleAnomaly Detection at Scale
Anomaly Detection at Scale
 
The trials and tribulations of providing engineering infrastructure
 The trials and tribulations of providing engineering infrastructure  The trials and tribulations of providing engineering infrastructure
The trials and tribulations of providing engineering infrastructure
 
Introduction to OpenStack.
Introduction to OpenStack.Introduction to OpenStack.
Introduction to OpenStack.
 
ZERO WIRE LOAD MODEL.pptx
ZERO WIRE LOAD MODEL.pptxZERO WIRE LOAD MODEL.pptx
ZERO WIRE LOAD MODEL.pptx
 
Meltdown and Spectre
Meltdown and SpectreMeltdown and Spectre
Meltdown and Spectre
 
Project Tungsten Phase II: Joining a Billion Rows per Second on a Laptop
Project Tungsten Phase II: Joining a Billion Rows per Second on a LaptopProject Tungsten Phase II: Joining a Billion Rows per Second on a Laptop
Project Tungsten Phase II: Joining a Billion Rows per Second on a Laptop
 
Nelson: Rigorous Deployment for a Functional World
Nelson: Rigorous Deployment for a Functional WorldNelson: Rigorous Deployment for a Functional World
Nelson: Rigorous Deployment for a Functional World
 
Affect of parallel computing on multicore processors
Affect of parallel computing on multicore processorsAffect of parallel computing on multicore processors
Affect of parallel computing on multicore processors
 

More from Hacks in Taiwan (HITCON)

HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題二:Cyber War - 網路戰與地緣政治】
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題二:Cyber War - 網路戰與地緣政治】HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題二:Cyber War - 網路戰與地緣政治】
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題二:Cyber War - 網路戰與地緣政治】Hacks in Taiwan (HITCON)
 
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題一:資安地圖 - 資安領域與趨勢介紹】
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題一:資安地圖 - 資安領域與趨勢介紹】HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題一:資安地圖 - 資安領域與趨勢介紹】
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題一:資安地圖 - 資安領域與趨勢介紹】Hacks in Taiwan (HITCON)
 
HITCON FreeTalk 2022 - 自己的SOC自己管-- SOC建置的心路歷程分享
HITCON FreeTalk 2022 - 自己的SOC自己管-- SOC建置的心路歷程分享HITCON FreeTalk 2022 - 自己的SOC自己管-- SOC建置的心路歷程分享
HITCON FreeTalk 2022 - 自己的SOC自己管-- SOC建置的心路歷程分享Hacks in Taiwan (HITCON)
 
HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記
 HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記  HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記
HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記 Hacks in Taiwan (HITCON)
 
HITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You Think
HITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You ThinkHITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You Think
HITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You ThinkHacks in Taiwan (HITCON)
 
【HITCON FreeTalk 2022 - 我把在網頁框架發現的密碼學漏洞變成 CTF 題了】
【HITCON FreeTalk 2022 - 我把在網頁框架發現的密碼學漏洞變成 CTF 題了】【HITCON FreeTalk 2022 - 我把在網頁框架發現的密碼學漏洞變成 CTF 題了】
【HITCON FreeTalk 2022 - 我把在網頁框架發現的密碼學漏洞變成 CTF 題了】Hacks in Taiwan (HITCON)
 
【HITCON FreeTalk 2021 - From fakespy to Guerilla: Understanding Android malw...
【HITCON FreeTalk 2021 -  From fakespy to Guerilla: Understanding Android malw...【HITCON FreeTalk 2021 -  From fakespy to Guerilla: Understanding Android malw...
【HITCON FreeTalk 2021 - From fakespy to Guerilla: Understanding Android malw...Hacks in Taiwan (HITCON)
 
【HITCON FreeTalk】HITCON 2017 下半年活動介紹
【HITCON FreeTalk】HITCON 2017 下半年活動介紹【HITCON FreeTalk】HITCON 2017 下半年活動介紹
【HITCON FreeTalk】HITCON 2017 下半年活動介紹Hacks in Taiwan (HITCON)
 
HITCON TALK 技術解析 SWIFT Network 攻擊
HITCON TALK 技術解析 SWIFT Network 攻擊 HITCON TALK 技術解析 SWIFT Network 攻擊
HITCON TALK 技術解析 SWIFT Network 攻擊 Hacks in Taiwan (HITCON)
 
HITCON TALK 台灣駭客協會年度活動簡介
HITCON TALK 台灣駭客協會年度活動簡介HITCON TALK 台灣駭客協會年度活動簡介
HITCON TALK 台灣駭客協會年度活動簡介Hacks in Taiwan (HITCON)
 
Hacker as a maker 如何利用 mtk 7688 設計出超炫的 ctf 決賽戰場燈控效果
Hacker as a maker 如何利用 mtk 7688 設計出超炫的 ctf 決賽戰場燈控效果Hacker as a maker 如何利用 mtk 7688 設計出超炫的 ctf 決賽戰場燈控效果
Hacker as a maker 如何利用 mtk 7688 設計出超炫的 ctf 決賽戰場燈控效果Hacks in Taiwan (HITCON)
 
2015 資安從業人員的寶(鬼)島求生
2015 資安從業人員的寶(鬼)島求生2015 資安從業人員的寶(鬼)島求生
2015 資安從業人員的寶(鬼)島求生Hacks in Taiwan (HITCON)
 

More from Hacks in Taiwan (HITCON) (20)

HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題二:Cyber War - 網路戰與地緣政治】
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題二:Cyber War - 網路戰與地緣政治】HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題二:Cyber War - 網路戰與地緣政治】
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題二:Cyber War - 網路戰與地緣政治】
 
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題一:資安地圖 - 資安領域與趨勢介紹】
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題一:資安地圖 - 資安領域與趨勢介紹】HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題一:資安地圖 - 資安領域與趨勢介紹】
HITCON FreeTalk 2024 台灣駭客協會媒體小聚【議題一:資安地圖 - 資安領域與趨勢介紹】
 
HITCON CISO Summit 2023 - Closing
HITCON CISO Summit 2023 - ClosingHITCON CISO Summit 2023 - Closing
HITCON CISO Summit 2023 - Closing
 
HITCON FreeTalk 2022 - 自己的SOC自己管-- SOC建置的心路歷程分享
HITCON FreeTalk 2022 - 自己的SOC自己管-- SOC建置的心路歷程分享HITCON FreeTalk 2022 - 自己的SOC自己管-- SOC建置的心路歷程分享
HITCON FreeTalk 2022 - 自己的SOC自己管-- SOC建置的心路歷程分享
 
HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記
 HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記  HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記
HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記
 
HITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You Think
HITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You ThinkHITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You Think
HITCON FreeTalk 2022 - Defeat 0day is not as Difficult as You Think
 
【HITCON FreeTalk 2022 - 我把在網頁框架發現的密碼學漏洞變成 CTF 題了】
【HITCON FreeTalk 2022 - 我把在網頁框架發現的密碼學漏洞變成 CTF 題了】【HITCON FreeTalk 2022 - 我把在網頁框架發現的密碼學漏洞變成 CTF 題了】
【HITCON FreeTalk 2022 - 我把在網頁框架發現的密碼學漏洞變成 CTF 題了】
 
【HITCON FreeTalk 2021 - From fakespy to Guerilla: Understanding Android malw...
【HITCON FreeTalk 2021 -  From fakespy to Guerilla: Understanding Android malw...【HITCON FreeTalk 2021 -  From fakespy to Guerilla: Understanding Android malw...
【HITCON FreeTalk 2021 - From fakespy to Guerilla: Understanding Android malw...
 
【HITCON FreeTalk】Supply Chain Attack
【HITCON FreeTalk】Supply Chain Attack【HITCON FreeTalk】Supply Chain Attack
【HITCON FreeTalk】Supply Chain Attack
 
【HITCON FreeTalk】HITCON 2017 下半年活動介紹
【HITCON FreeTalk】HITCON 2017 下半年活動介紹【HITCON FreeTalk】HITCON 2017 下半年活動介紹
【HITCON FreeTalk】HITCON 2017 下半年活動介紹
 
HITCON TALK 技術解析 SWIFT Network 攻擊
HITCON TALK 技術解析 SWIFT Network 攻擊 HITCON TALK 技術解析 SWIFT Network 攻擊
HITCON TALK 技術解析 SWIFT Network 攻擊
 
HITCON TALK ATM 金融攻擊事件解析
HITCON TALK ATM 金融攻擊事件解析HITCON TALK ATM 金融攻擊事件解析
HITCON TALK ATM 金融攻擊事件解析
 
HITCON TALK 產業視野下的 InfoSec
HITCON TALK 產業視野下的 InfoSecHITCON TALK 產業視野下的 InfoSec
HITCON TALK 產業視野下的 InfoSec
 
HITCON TALK 台灣駭客協會年度活動簡介
HITCON TALK 台灣駭客協會年度活動簡介HITCON TALK 台灣駭客協會年度活動簡介
HITCON TALK 台灣駭客協會年度活動簡介
 
HITCON CTF 導覽
HITCON CTF 導覽HITCON CTF 導覽
HITCON CTF 導覽
 
Ctf hello,world!
Ctf hello,world! Ctf hello,world!
Ctf hello,world!
 
Hacker as a maker 如何利用 mtk 7688 設計出超炫的 ctf 決賽戰場燈控效果
Hacker as a maker 如何利用 mtk 7688 設計出超炫的 ctf 決賽戰場燈控效果Hacker as a maker 如何利用 mtk 7688 設計出超炫的 ctf 決賽戰場燈控效果
Hacker as a maker 如何利用 mtk 7688 設計出超炫的 ctf 決賽戰場燈控效果
 
2015 資安從業人員的寶(鬼)島求生
2015 資安從業人員的寶(鬼)島求生2015 資安從業人員的寶(鬼)島求生
2015 資安從業人員的寶(鬼)島求生
 
CTF 經驗分享
CTF 經驗分享CTF 經驗分享
CTF 經驗分享
 
台灣資安人才培育現況
台灣資安人才培育現況台灣資安人才培育現況
台灣資安人才培育現況
 

Recently uploaded

Fact vs. Fiction: Autodetecting Hallucinations in LLMs
Fact vs. Fiction: Autodetecting Hallucinations in LLMsFact vs. Fiction: Autodetecting Hallucinations in LLMs
Fact vs. Fiction: Autodetecting Hallucinations in LLMsZilliz
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your QueriesExploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your QueriesSanjay Willie
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 

Recently uploaded (20)

Fact vs. Fiction: Autodetecting Hallucinations in LLMs
Fact vs. Fiction: Autodetecting Hallucinations in LLMsFact vs. Fiction: Autodetecting Hallucinations in LLMs
Fact vs. Fiction: Autodetecting Hallucinations in LLMs
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dash
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your QueriesExploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 

【HITCON FreeTalk 2018 - 從晶片設計角度看硬體安全】