Building a trustworthy computer OSCON talk by Matthew Garrett
Seth
list at sysfu.com
Fri Jul 24 15:45:10 PDT 2015
Not sure if anyone was attending OSCON today and caught this talk earlier,
but if have audio or video please post.
http://www.oscon.com/open-source-2015/public/schedule/detail/41536
Building a trustworthy computer
Matthew Garrett (CoreOS)
11:10am–11:50am Friday, 07/24/2015
Protect D139/140
Tags: Open hardware, Tools and techniques, Geek life lifestyle
Average rating: ***** (5.00, 1 rating)
Rate This Session
Slides:
http://cdn.oreillystatic.com/en/assets/1/event/129/Building%20a%20trustworthy%20computer%20Presentation.odp
Prerequisite Knowledge
Some knowledge of the major components of a modern computer and how they
fit together, but no detailed knowledge of firmware or hardware design is
required.
Description
The Snowden revelations demonstrated the lengths that government agencies
were willing and able to go to in order to subvert computers. But these
attacks aren’t limited to state-level actors – security researchers
continue to demonstrate new vulnerabilities and weaknesses that would
permit sophisticated criminals to achieve the same goals.
In the face of these advanced attacks, what can we do to detect and
mitigate them? How can we make use of existing security features, and what
changes can we make to system design? In short, how can we ensure that a
user can trust that their computer is acting in their interests rather
than somebody else’s?
This presentation will cover some of the existing security features and
recent design changes in systems that can make it easier to detect
attacks, and provide mechanisms for defending against them in the first
place, along with simple design changes that would make it easier for
users to ensure that components haven’t been backdoored. In addition it
will discuss some of the remaining challenges that don’t have solid
answers as yet. Topics covered will include:
Firmware security
Trusted platform modules, attestation, and associated privacy risks
Hardware design to support offline verification
Remaining components that could act against the interests of the
hardware owner
Photo of Matthew Garrett
Matthew Garrett
CoreOS
Matthew Garrett is a security developer at CoreOS, specializing in the
areas where software starts knowing a little more about hardware than
you’d like. He implemented much of Linux’s support for UEFI Secure Boot,
does things with TPMs and has found more bugs in system firmware than he’s
entirely comfortable with.
More information about the Testlist
mailing list