Workshop: Deep down the rabbit hole - Low-Level Security lounge
An open and broad discussion about deep security problems and possible solutions (i.e. defensive strategies): #badBIOS #PRISM #DMAexploit #TrustedComputing #TEE #TrustZone #Hypervisor.
What’s badBIOS? Presumably - low-level multi-OS malware resistant to file-system format and BIOS reflash, USB firmware infection, airgap hopping (speaker/mic command and control)
Could badBIOS be real? Ultrasonic communication, firmware infector, blue-pill, etc
What’s the impact on current Systems Architecture and Design? Secure Boot, Trusted Boot, IOMMU (e.g. VT-d), Security by Isolation (e.g. QubesOS), Trusted supply chain, etc
What’s the fundamental security problem behind BYOD? Root of Trust
What options do we have to mitigate the BYOD problem? BlackBerry Dual-Persona, Samsung’s KNOX (TEE on Android), etc
What’s the fundamental security problem behind Cloud Computing? Root of Trust
What could mitigate Cloud Computing problems? PrivateCore (i.e. CPU cache L3 resident hypervisor and Remote Attestation), Intel’s SGX (enclave)
How could we protect ourselves from NSA backdoor?
Join us if you wish to share about those topics or simply to learn about it. Danny will lead the discussions but the goal is to share, debate, learn from each other’s and build a community around such subjects.
Danny Fullerton is the founder and Security Researcher at Mantor Organization, Enterprise Security Architect at CN and formerly IT Security Specialist and Ethical Hacker at IBM Canada. He is also an active member of the open source community. @dfullerto
His interests are at both end of the extremes: his day-to-day job and main research is about Security Governance (i.e. very high level) and on the other hand, he’s involved in secure system architecture and design (i.e. very low level - Trusted Computing, Trusted Execution Environment, Hypervisor, etc or more precisely, Intel TXT, TrustZone, etc).
November 9th, Saturday night, 21h