Secure boot under attack: Simulation to enhance fault injection & defenses
|
|
- Dustin Miles
- 5 years ago
- Views:
Transcription
1 Secure boot under attack: Simulation to enhance fault injection & defenses Martijn Bogaard Senior Security Analyst Niek Timmers Principal Security Analyst 1
2 Today s agenda 2
3 Today s agenda Crash course secure boot on embedded devices 3
4 Today s agenda Crash course secure boot on embedded devices Crash course fault injection (FI) attacks 4
5 Today s agenda Crash course secure boot on embedded devices Crash course fault injection (FI) attacks Using simulation to identify FI vulnerabilities 5
6 Why do we need secure boot? System-on-Chip Boot code Processor Kernel SRAM ROM OTP Flash DDR 6
7 Why do we need secure boot? System-on-Chip Boot code Processor Kernel SRAM ROM OTP Flash 1 DDR 7
8 Why do we need secure boot? System-on-Chip Boot code Processor Kernel SRAM ROM OTP Flash Boot code 2 1 DDR 8
9 Why do we need secure boot? System-on-Chip Boot code Processor Kernel Flash SRAM Boot code ROM 2 1 OTP Kernel 3 DDR 9
10 Threat 1: Hardware Hacker Why do we need secure boot? System-on-Chip Boot code Processor Kernel Flash SRAM Boot code ROM 2 1 OTP Kernel 3 DDR 10
11 Threat 1: Hardware Hacker Why do we need secure boot? System-on-Chip Threat 2: Malware Boot code Processor Kernel Flash SRAM Boot code ROM 2 1 OTP Kernel 3 DDR 11
12 Threat 1: Hardware Hacker Why do we need secure boot? System-on-Chip Threat 2: Malware Boot code Processor Kernel Flash SRAM Boot code ROM 2 1 OTP Kernel 3 DDR Secure boot assures integrity of code/data in cold storage! 12
13 The real world is more complex! 13
14 The real world is more complex! Higher privileges ROM Secure World Lower privileges EL3 14
15 The real world is more complex! Higher privileges ROM BLx Secure World Lower privileges EL3 EL1 15
16 The real world is more complex! Higher privileges ROM EL3 EL1 BLx Secure World EL3 ATF Lower privileges 16
17 The real world is more complex! Higher privileges ROM BLx Secure World ATF Lower privileges EL3 EL1 EL3 EL1 U-Boot Non-Secure World 17
18 The real world is more complex! Higher privileges ROM BLx Secure World ATF TEE OS TEE Apps Lower privileges EL3 EL1 EL3 EL1 EL0 EL1 EL1 EL0 Boot finished! U-Boot Non-Secure World Linux Kernel Linux Apps The chain can break at any stage. Early is better! 18
19 Breaking Secure Boot early 19
20 Breaking Secure Boot early Early boot stage run at the highest privilege E.g. unrestricted access 20
21 Breaking Secure Boot early Early boot stage run at the highest privilege E.g. unrestricted access Security features often not initialized yet E.g. access control 21
22 Breaking Secure Boot early Early boot stage run at the highest privilege E.g. unrestricted access Security features often not initialized yet E.g. access control Access assets that are not accessible after boot E.g. ROM code and keys 22
23 What makes Secure Boot secure? 23
24 What makes Secure Boot secure? Unbreakable cryptography Right? 24
25 Flow of a typical boot stage 25
26 Flow of a typical boot stage Start 26
27 Flow of a typical boot stage Start Check this 27
28 Flow of a typical boot stage Start Check that Check this 28
29 Flow of a typical boot stage Start Check that Check this Configure this 29
30 Flow of a typical boot stage Start Check that Configure that Check this Configure this 30
31 Flow of a typical boot stage Start Check that Configure that Check this Configure this Load next stage 31
32 Flow of a typical boot stage Start Check that Configure that Decrypt next stage Check this Configure this Load next stage 32
33 Flow of a typical boot stage Start Check that Configure that Decrypt next stage Check this Configure this Load next stage Authenticate next stage 33
34 Flow of a typical boot stage Start Check that Configure that Decrypt next stage Jump to next stage? Check this Configure this Load next stage Authenticate next stage 34
35 Flow of a typical boot stage Start Check that Configure that Decrypt next stage Jump to next stage? Check this Configure this Load next stage Authenticate next stage Lots of functionality! What can go wrong? 35
36 Flow of a typical boot stage Start Check that Configure that Decrypt next stage Jump to next stage? Check this Configure this Load next stage Authenticate next stage Lots of functionality! What can goes go wrong!? wrong? 36
37 No authentication! 37
38 Software vulnerabilities! 38
39 Hardware vulnerabilities! eu-16-timmers-bypassing-secure-boot-using-fault-injection.pdf 39
40 Why hardware attacks on secure boot? 40
41 Why hardware attacks on secure boot? Usually a small code base 41
42 Why hardware attacks on secure boot? Usually a small code base Limited attack surface 42
43 Why hardware attacks on secure boot? Usually a small code base Limited attack surface Should be extensively reviewed 43
44 Why hardware attacks on secure boot? Usually a small code base Limited attack surface Should be extensively reviewed Difficult / impossible to fix after deployment 44
45 Why hardware attacks on secure boot? Usually a small code base Limited attack surface Should be extensively reviewed Difficult / impossible to fix after deployment Software vulnerabilities not guaranteed to be present! 45
46 Voltage Fault Injection in practice 46
47 Voltage Fault Injection in practice 47
48 Voltage Fault Injection in practice 48
49 Voltage Fault Injection in practice 49
50 Voltage Fault Injection in practice 50
51 Voltage Fault Injection in practice 51
52 Voltage Fault Injection in practice 52
53 Voltage Fault Injection in practice 53
54 Voltage Fault Injection in practice 54
55 Voltage Fault Injection in practice USB 55
56 Voltage Fault Injection in practice USB VCC 56
57 Voltage Fault Injection in practice USB VCC Reset 57
58 time 58
59 time 59
60 1.2 V 0.9 V time 60
61 1.2 V 0.9 V time 61
62 1.2 V 0.9 V time 62
63 Let s do this live on stage! What could possibly go wrong. 63
64 Fault Injection Demo 64
65 Fault Injection Demo BL1 U-Boot We do not modify U-Boot in flash. 65
66 Fault Injection Demo BL1 U-Boot We do not modify U-Boot in flash. BL1 U-Boot We do modify the U-Boot in flash. 66
67 Fault Injection Demo BL1 U-Boot We do not modify U-Boot in flash. BL1 U-Boot We do modify the U-Boot in flash. BL1 U-Boot 67
68 Fault Injection Demo BL1 U-Boot We do not modify U-Boot in flash. BL1 U-Boot We do modify the U-Boot in flash. BL1 U-Boot PWNED 68
69 Successful Glitch! Want to know more? Please meet us after the talk! 69
70 Why does this work? What goes wrong? Difficult to answer. But, behaviorally we can say a lot! 70
71 What can we do with our glitches? 71
72 What can we do with our glitches? Modify memory contents 72
73 What can we do with our glitches? Modify memory contents Modify register contents 73
74 What can we do with our glitches? Modify memory contents Modify register contents Modify the executed instructions!!! 74
75 What can we do with our glitches? Modify memory contents Modify register contents Modify the executed instructions!!! We can change the intended behavior of software! 75
76 What about unglitchable hardware? 76
77 What about unglitchable hardware? Yes. But difficult & expensive. 77
78 What about using only software? 78
79 What about using only software? Sure. 79
80 Typical Software FI Countermeasures* * 80
81 Typical Software FI Countermeasures* Redundant checks * 81
82 Typical Software FI Countermeasures* Redundant checks Defensive coding e.g. initialize return values as error * 82
83 Typical Software FI Countermeasures* Redundant checks Defensive coding e.g. initialize return values as error Code flow integrity i.e. assure the code follows the intended path * 83
84 Typical Software FI Countermeasures* Redundant checks Defensive coding e.g. initialize return values as error Code flow integrity i.e. assure the code follows the intended path Random delays * 84
85 Typical Software FI Countermeasures* Redundant checks Defensive coding e.g. initialize return values as error Code flow integrity i.e. assure the code follows the intended path Random delays This sounds easy * 85
86 It is not. 86
87 It is not. 87
88 It is not. Redundant checks needs multiple glitches? Remember, we can modify instructions using glitches! 88
89 It is not. Redundant checks needs multiple glitches? Remember, we can modify instructions using glitches! 89
90 It is not. Redundant checks needs multiple glitches? Remember, we can modify instructions using glitches! 90
91 It is not. Redundant checks needs multiple glitches? Remember, we can modify instructions using glitches! 91
92 It is not. Redundant checks needs multiple glitches? Remember, we can modify instructions using glitches! 92
93 It is not. Redundant checks needs multiple glitches? Remember, we can modify instructions using glitches! 93
94 It is not. Redundant checks needs multiple glitches? Remember, we can modify instructions using glitches! 94
95 Where can we bypass secure boot using a glitch? 95
96 We need automation to do this efficiently. 96
97 We?!? 97
98 The challenges of attackers & defenders are actually very similar! 98
99 Attackers vs Defenders How can I glitch this device? How do I know my glitch was succesfull? Which attack method is better for this target? How do I know where to glitch? How can my code be attacked? How can I make my code more robust? What is the effect of these changes on the glitchability? How can I give an attacker as little information as possible? What is the effect of this type of glitches on my target? 99
100 Attackers vs Defenders No symbols, only the binary Limited knowledge / documentation of hardware Source code and a binary with symbols Documentation available 100
101 Attackers vs Defenders No symbols, only the binary Limited knowledge / documentation of hardware Source code and a binary with symbols Documentation available Biggest difference: Attackers need to reverse engineer the binary! 101
102 Our solution? 102
103 Our solution? Simulation! 103
104 Simulation Not a new idea! Several existing simulators already available. Nonetheless challenging to give useful results
105 Simulation Not a new idea! Several existing simulators already available. Nonetheless challenging to give useful results... Why? Bunch of challenges 105
106 Challenge #1 No hardware simulator = No fault simulator Icons8.com CC BY-ND
107 Challenge #2 Changing the binary is no option. Icons8.com CC BY-ND
108 Challenge #3 Detecting successful glitches. Icons8.com CC BY-ND
109 Challenge #4 Using reasonable computational power. Icons8.com CC BY-ND
110 Challenge #5 Realistic simulation. Icons8.com CC BY-ND
111 What type of simulator do we use? 112
112 What type of simulator do we use? HDL simulator? 113
113 What type of simulator do we use? HDL simulator? Full system emulators? (Gem5, QEMU,...) 114
114 What type of simulator do we use? HDL simulator? Full system emulators? (Gem5, QEMU,...) Smartcard simulators?!?
115 What type of simulator do we use? HDL simulator? Full system emulators? (Gem5, QEMU,...) Smartcard simulators?!?...??? 116
116 What type of simulator do we use? HDL simulator? Full system emulators? (Gem5, QEMU,...) Smartcard simulators?!?...??? Our own?!? 117
117 Introduction to FiSim Main ideas Shortest path to reasonable results Speed over accuracy Reusing existing components Binary-based; can be used by attackers and defenders Glitches can be modelled by their observable effects in SW Effects described through fault models 118
118 FiSim Features Unicorn & Capstone based Implements 2 realistic* fault models Skipping individual instructions Flipping a bit in the instruction encoding Many more possible, easy to add * 119
119 FiSim Features Unicorn & Capstone based Implements 2 realistic* fault models Skipping individual instructions Flipping a bit in the instruction encoding Many more possible, easy to add } corruption * 120
120 FiSim Features Unicorn & Capstone based Implements 2 realistic* fault models Skipping individual instructions Flipping a bit in the instruction encoding Many more possible, easy to add } corruption * 121
121 We tested several real bootloaders successfully! 122
122 We tested several real bootloaders successfully! Let s dive into the architectural details 123
123 FiSim Architecture Hardware model Flash dump Engine (Unicorn) Console output (if any) Execution trace Icons Font Awesome CC BY
124 FiSim Architecture Hardware model Flash dump Engine (Unicorn) Good signature Bad signature Icons Font Awesome CC BY
125 FiSim Architecture Execution trace Hardware model Flash dump (Bad signature) Fault generator (Unicorn) (Unicorn) Engine (Unicorn) Icons Font Awesome CC BY
126 Hardware Model 127
127 Hardware Model 128
128 129
129 Hardware Model 130
130 Hardware Model 131
131 Hardware Model Note: attacker needs to hardcode addresses! 132
132 Hardware Model 133
133 FiSim DEMO #1 134
134 What did we glitch in the first demo? 135
135 What did we glitch in the first demo? Who knows??! 136
136 What did we glitch in the first demo? Many possibilities. 137
137 Let s harden our bootloader 138
138 Let s harden our bootloader What if we authenticate twice? 139
139 FiSim DEMO #2 140
140 Limitations / Future work Is instruction corruption the only fault model? We do not know Other fault models likely applicable too! What is the impact of instruction / data caches? 141
141 Limitations / Future work Is instruction corruption the only fault model? We do not know Other fault models likely applicable too! What is the impact of instruction / data caches? Testing remains critical! 142
142 Takeaways 143
143 Takeaways Fault attacks are effective to bypass secure boot 144
144 Takeaways Fault attacks are effective to bypass secure boot Simulating is effective for attackers and defenders 145
145 Takeaways Fault attacks are effective to bypass secure boot Simulating is effective for attackers and defenders Actual testing still required for assurance 146
146 Thank you! Any questions? Or come to us Martijn Bogaard Senior Security Analyst Niek Timmers Principal Security Analyst Secure boot under attack: Simulation to enhance fault injection & defenses 147
System-level threats: Dangerous assumptions in modern Product Security. Cristofaro
System-level threats: Dangerous assumptions in modern Product Security Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid Me Cristofaro Mune (@pulsoid) - Product Security Consultant/Researcher - Keywords:
More informationEscalating Privileges in Linux using Fault Injection. September 25, 2017
Escalating Privileges in Linux using Fault Injection Niek Timmers timmers@riscure.com (@tieknimmers) Cristofaro Mune c.mune@pulse-sec.com (@pulsoid) September 25, 2017 Fault Injection A definition... Introducing
More informationARM Trusted Firmware From Embedded to Enterprise. Dan Handley
ARM Trusted Firmware From Embedded to Enterprise Dan Handley Agenda Quick recap Project news Security hardening AArch32 support ENGINEERS AND DEVICES WORKING TOGETHER Other enhancements Translation table
More informationSecuring IoT with the ARM mbed ecosystem
Securing IoT with the ARM mbed ecosystem Xiao Sun / Senior Applications Engineer / ARM ARM mbed Connect / Shenzhen, China December 5, 2016 Lots of interest in IoT security Researchers are looking into
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Eric Wang Sr. Technical Marketing Manager Tech Symposia China 2015 November 2015 Agenda Introduction Security Foundations on ARM Cortex -M Security Foundations
More informationSecurity of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices
Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices Dr. Johann Heyszl, Head of Hardware Security Department Fraunhofer-Institute for Applied and Integrated Security
More informationHow multi-fault injection. of smart cards. Marc Witteman Riscure. Session ID: RR-201 Session Classification: Advanced
How multi-fault injection breaks Title the of Presentation security of smart cards Marc Witteman Riscure Session ID: RR-201 Session Classification: Advanced Imagine you could turn your BART EZ Rider fare
More informationThe Future of Security is in Open Silicon Linux Security Summit 2018
The Future of Security is in Open Silicon Linux Security Summit 2018 Joel Wittenauer - Embedded Software Architect Rambus Cryptography Research August 28, 2018 Agenda About Rambus Cryptography Research
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Rob Coombs Security Marketing Director TechCon 11/10/15 Agenda Introduction Security Foundations on Cortex-M Security Foundations on Cortex-A Use cases
More informationFlash Memory Bumping Attacks
Flash Memory Bumping Attacks Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Data protection with integrity check verifying memory integrity without compromising
More informationSoftware Updates for Connected Devices
Software Updates for Connected Devices Key Considerations Eystein Stenberg CTO Mender.io Who am I Eystein Stenberg Mender.io 7 years in systems security management Over-the-air updater for Linux, Yocto
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationEngineering Your Software For Attack
Engineering Your Software For Attack Robert A. Martin Senior Principal Engineer Cyber Security Center Center for National Security The MITRE Corporation 2013 The MITRE Corporation. All rights reserved.
More informationCSPN Security Target. HP Sure Start HW Root of Trust NPCE586HA0. December 2016 Reference: HPSSHW v1.3 Version : 1.3
CSPN Security Target HP Sure Start HW Root of Trust NPCE586HA0 December 2016 Reference: HPSSHW v1.3 Version : 1.3 1 Table of contents 1 Introduction... 4 1.1 Document Context... 4 1.2 Product identification...
More informationBeyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop
Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop Part2 Security Enclaves Tech Seminars 2017 Agenda New security technology for IoT Security Enclaves CryptoIsland
More informationSecure Smartcard Design against Laser Fault Injection. FDTC 2007, September 10 th Odile DEROUET
Secure Smartcard Design against Laser Fault Injection FDTC 2007, September 10 th Odile DEROUET Agenda Fault Attacks on Smartcard Laser Fault Injection Our experiment Background on secure hardware design
More informationSoC, why should we care about Fault Injection Attacks?
SoC, why should we care about Fault Injection Attacks? Guillaume BOUFFARD (guillaume.bouffard@ssi.gouv.fr) David EL-BAZE (david.elbaze@ssi.gouv.fr) with the help of Thomas TROUCHKINE Agence nationale de
More informationEmbedded/Connected Device Secure Coding. 4-Day Course Syllabus
Embedded/Connected Device Secure Coding 4-Day Course Syllabus Embedded/Connected Device Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted
More informationARM Trusted Firmware Evolution HKG15 February Andrew Thoelke Systems & Software, ARM
ARM Trusted Evolution HKG15 February 2015 Andrew Thoelke Systems & Software, ARM 1 ARM Trusted for 64-bit ARMv8-A A refresher Standardized EL3 Runtime For all 64-bit ARMv8-A systems Reducing porting and
More informationHardware Security Challenges and Solutions. Mike Bartley TVS, Founder and CEO
Hardware Security Challenges and Solutions Mike Bartley TVS, Founder and CEO Agenda Some background on your speaker and testing safety related systems Threats and solutions Verifying those solutions Bare
More informationTUX : Trust Update on Linux Kernel
TUX : Trust Update on Linux Kernel Suhho Lee Mobile OS Lab, Dankook university suhho1993@gmail.com -- Hyunik Kim, and Seehwan Yoo {eternity13, seehwan.yoo}@dankook.ac.kr Index Intro Background Threat Model
More informationMEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY
MEMORY AND BEHAVIORAL PROTECTION ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY FACT: COMPUTERS AND SERVERS ARE STILL AT RISK CONVENTIONAL TOOLS NO LONGER MEASURE UP Despite pouring
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationFundamentals of HW-based Security
Fundamentals of HW-based Security Udi Maor CryptoCell-7xx Product Manager Systems and SW Group ARM Tech Forum 2016 - Korea Jun. 28, 2016 What is system security design? Every system design will require
More informationcs642 /introduction computer security adam everspaugh
cs642 computer security /introduction adam everspaugh ace@cs.wisc.edu definition Computer Security := understanding and improving the behavior of computing systems in the presence of adversaries adversaries
More informationControlled Fault Injection: Wishful Thinking, Thoughtful Engineering,
Controlled Fault Injection: Wishful Thinking, Thoughtful Engineering, or just LUCK? FDTC 2017 Panelists: Ilia Polian, Marc Joye, Ingrid Verbauwhede Marc Witteman, Johann Heyszl The Fault Attack Process
More informationWhoamI. Attacking WBC Implementations No con Name 2017
Attacking WBC Implementations No con Name 2017 1 WHO I AM EDUCATION: Computer Science MSc in IT security COMPANY & ROLES: HCE Security Evaluator R&D Engineer WBC project Responsible of Android security
More informationCyber Security Brian Bostwick OSIsoft Market Principal for Cyber Security
Cyber Security Presented by Brian Bostwick OSIsoft Market Principal for Cyber Security Cyber Security Trauma in the News Saudi Aramco Restores Network After Shamoon Malware Attack Hacktivist-launched virus
More informationOWASP InfoSec Romania 2013
OWASP InfoSec Romania 2013 Secure Development Lifecycle, The good, the bad and the ugly! October 25 th 2013 Martin Knobloch OWASP Netherlands Chapter Leader Applications are about information! 3 pillars
More informationAzure Sphere Transformation. Patrick Ward, Principal Solutions Specialist
Azure Sphere Transformation Patrick Ward, Principal Solutions Specialist IoT @_pdubya pward@microsoft.com Microcontrollers (MCUs) LOW-COST, SINGLE CHIP COMPUTERS TMS1100: 300 KHz core, 2KB ROM, 64B RAM,
More informationSecurity: The Key to Affordable Unmanned Aircraft Systems
AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY
More informationUFCETW-20-2 Examination Answer all questions in Section A (60 marks) and 2 questions from Section B (40 marks)
Embedded Systems Programming Exam 20010-11 Answer all questions in Section A (60 marks) and 2 questions from Section B (40 marks) Section A answer all questions (60%) A1 Embedded Systems: ARM Appendix
More informationTrustzone Security IP for IoT
Trustzone Security IP for IoT Udi Maor CryptoCell-7xx product manager Systems & Software Group ARM Tech Forum Singapore July 12 th 2017 Why is getting security right for IoT so important? When our everyday
More informationHow to get realistic C-states latency and residency? Vincent Guittot
How to get realistic C-states latency and residency? Vincent Guittot Agenda Overview Exit latency Enter latency Residency Conclusion Overview Overview PMWG uses hikey960 for testing our dev on b/l system
More informationARM Security Solutions and Numonyx Authenticated Flash
ARM Security Solutions and Numonyx Authenticated Flash How to integrate Numonyx Authenticated Flash with ARM TrustZone* for maximum system protection Introduction Through a combination of integrated hardware
More informationThe Attacker s POV Hacking Mobile Apps. in Your Enterprise to Reveal Real Vulns and Protect the Business. Tony Ramirez
The Attacker s POV Hacking Mobile Apps in Your Enterprise to Reveal Real Vulns and Protect the Business Tony Ramirez AGENDA & SPEAKERS Introduction Attacks on Mobile Live Demo Recommendations Q&A Tony
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Eric Wang Senior Technical Marketing Manager Shenzhen / ARM Tech Forum / The Ritz-Carlton June 14, 2016 Agenda Introduction Security Foundations on Cortex-A
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationCSE 127 Computer Security
CSE 127 Computer Security Stefan Savage, Spring 2018, Lecture 19 Hardware Security: Meltdown, Spectre, Rowhammer Vulnerabilities and Abstractions Abstraction Reality Vulnerability Review: ISA and µarchitecture
More informationViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project
ViryaOS RFC: Secure Containers for Embedded and IoT A proposal for a new Xen Project sub-project Stefano Stabellini @stabellinist The problem Package applications for the target Contain all dependencies
More informationHACK MY CHIP: A RED TEAM BLUE TEAM APPROACH FOR SOC SECURITY. David HELY Grenoble INP Esisar LCIS, Valence
Hack My chip: A red Team Blue Team Approach 1 HACK MY CHIP: A RED TEAM BLUE TEAM APPROACH FOR SOC SECURITY David HELY Grenoble INP Esisar LCIS, Valence david.hely@grenoble-inp.fr Hack My chip: A red Team
More informationCisco Desktop Collaboration Experience DX650 Security Overview
White Paper Cisco Desktop Collaboration Experience DX650 Security Overview Cisco Desktop Collaboration Experience DX650 Security Overview The Cisco Desktop Collaboration Experience DX650 (Cisco DX650)
More informationImproving Security in Embedded Systems Felix Baum, Product Line Manager
Improving Security in Embedded Systems Felix Baum, Product Line Manager The Challenge with Embedded Security Business Imperatives Security Imperatives I need to keep my production expenses as low as possible.
More informationUART Thou Mad? An Introduction to the UART Hardware Interface. Mickey Shkatov. Toby Kohlenberg
UART Thou Mad? An Introduction to the UART Hardware Interface Mickey Shkatov Toby Kohlenberg 1 Table of Contents Abstract... 2 Introduction to UART... 2 Essential Tools... 4 UART and Security... 5 Conclusion...
More informationPractical Guide to Securing the SDLC
Practical Guide to Securing the SDLC Branko Ninkovic Dragonfly Technologies Founder Agenda Understanding the Threats Software versus Security Goals Secure Coding and Testing A Proactive Approach to Secure
More informationARM TrustZone for ARMv8-M for software engineers
ARM TrustZone for ARMv8-M for software engineers Ashok Bhat Product Manager, HPC and Server tools ARM Tech Symposia India December 7th 2016 The need for security Communication protection Cryptography,
More informationMICROCIRCUIT SECURITY
MICROCIRCUIT SECURITY Everything begins in the chip. Sawblade Ventures, LLC Austin, Texas Chip Security Vulnerability: How to Close the Gap Between Design Software & Design Hardware CTEA Electronics Symposium
More informationProvisioning secure Identity for Microcontroller based IoT Devices
Provisioning secure Identity for Microcontroller based IoT Devices Mark Schaeffer, Sr. Product Marketing Manager, Security Solutions Synergy IoT Platform Business Division, Renesas Electronics, Inc. May
More informationthe ARMv8-M architecture
Connect TrustZone User technology Guide for the ARMv8-M architecture Version 0.1 Version 2.0 Page 1 of 28 Revision Information The following revisions have been made to this User Guide. Date Issue Confidentiality
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationCyber Security Bryan Owen PE Principal Cyber Security Manager October 11, 2016
Cyber Security Bryan Owen PE Principal Cyber Security Manager October 11, 2016 Agenda Overview What s new in PI Security Demo What s coming next Call to Action 2 Cyber Security is more of a Marathon than
More information6.857 L17. Secure Processors. Srini Devadas
6.857 L17 Secure Processors Srini Devadas 1 Distributed Computation Example: Distributed Computation on the Internet (SETI@home, etc.) Job Dispatcher Internet DistComp() { x = Receive(); result = Func(x);
More informationBackend IV: Authentication, Authorization and Sanitization. Tuesday, January 13, 15
6.148 Backend IV: Authentication, Authorization and Sanitization The Internet is a scary place Security is a big deal! TODAY What is security? How will we try to break your site? Authentication,
More informationTrusted Platform for Mobile Devices: Challenges and Solutions
Trusted Platform for Mobile Devices: Challenges and Solutions Lily Chen Motorola Inc. May 13, 2005 Outline Introduction Challenges for a trusted platform Current solutions Standard activities Summary New
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationWindows IoT Security. Jackie Chang Sr. Program Manager
Windows IoT Security Jackie Chang Sr. Program Manager Rest Physical access to a device will not give access to data Data & Control Execution Data owner has full control over data processing Motion Transport
More informationYou will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.
IDPS Effectiveness and Primary Takeaways You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent. IDPS Effectiveness and Primary
More informationHow to use Wi-Fi module
How to use Wi-Fi module EMW316x Firmware Update Steps Agenda Contents of the EMW316x internal flash Update using the MXCHIP bootloader Update using the ST ISP programmer Update using J-link and J-Flash
More informationBreaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX. Yeongjin Jang, Sangho Lee, and Taesoo Kim Georgia Institute of Technology
Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX Yeongjin Jang, Sangho Lee, and Taesoo Kim Georgia Institute of Technology Kernel Address Space Layout Randomization (KASLR) A statistical
More informationHow Breaches Really Happen
How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability
More informationOS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
More informationECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.
Building Secure Hardware ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria Stefan Mangard Infineon Technologies, Munich, Germany Stefan.Mangard@infineon.com Outline Assets and Requirements
More informationSandboxing Untrusted Code: Software-Based Fault Isolation (SFI)
Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI) Brad Karp UCL Computer Science CS GZ03 / M030 9 th December 2011 Motivation: Vulnerabilities in C Seen dangers of vulnerabilities: injection
More informationA Secure Update Architecture for High Assurance Mixed-Criticality System Don Kuzhiyelil Dr. Sergey Tverdyshev SYSGO AG
A Secure Update Architecture for High Assurance Mixed-Criticality System Don Kuzhiyelil Dr. Sergey Tverdyshev SYSGO AG SYSGO AG 1 Secure Software Update Unified Diagnostic Services DiagnosticsSessionControl
More informationUnboxing the whitebox. Jasper van CTO Riscure North America ICMC 16
Unboxing the whitebox Jasper van Woudenberg @jzvw CTO Riscure North America ICMC 16 Riscure Certification Pay TV, EMVco, smart meter, CC Evaluation & consultancy Mobile (TEE/HCE/WBC) Secure architecture
More informationCS Operating Systems
CS 447 - Operating Systems Syllabus Assignments -- Uses Blitz (facultyweb.cs.wwu.edu/~phil/classes/blitz) Environment UNIX (Linux, OS X, NetBSD, FreeBSD...) Should be the same since Blitz is a Virtual
More informationStudents should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Secure Java Web Application Development Lifecycle - SDL (TT8325-J) Day(s): 5 Course Code: GK1107 Overview Secure Java Web Application Development Lifecycle (SDL) is a lab-intensive, hands-on Java / JEE
More informationBLACK HAT USA 2013 ADD A CLASS REQUEST FORM INSTRUCTIONS
Use one form per registrant. BLACK HAT USA 2013 ADD A CLASS REQUEST FORM INSTRUCTIONS This form is for those who have existing USA 2013 Training Registration and have an existing Confirmation Number. If
More informationResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models Xiao Sun Senior Application Engineer ARM Tech Symposia China 2015 November 2015 Evolution from M2M to IoT M2M Silos of Things Standards Security
More informationHow NOT To Get Hacked
How NOT To Get Hacked The right things to do so the bad guys can t do the wrong ones Mark Burnette Partner, LBMC -Risk Services October 25, 2016 Today s Agenda Protecting Against A Hack How should I start?
More informationBeyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development
Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development Part1 - PSA Tech Seminars 2017 Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat
More informationWind River. All Rights Reserved.
1 Using Simulation to Develop and Maintain a System of Connected Devices Didier Poirot Simics Technical Account Manager THE CHALLENGES OF DEVELOPING CONNECTED ELECTRONIC SYSTEMS 3 Mobile Networks Update
More informationTrusted Computing and O/S Security. Aggelos Kiayias Justin Neumann
Trusted Computing and O/S Security Aggelos Kiayias Justin Neumann O/S Security Fundamental concept for O/S Security: separation. hardware kernel system user Each layer may try to verify the outer layer
More informationMalware
reloaded Malware Research Team @ @xabiugarte Motivation Design principles / architecture Features Use cases Future work Dynamic Binary Instrumentation Techniques to trace the execution of a binary (or
More informationHardware OS & OS- Application interface
CS 4410 Operating Systems Hardware OS & OS- Application interface Summer 2013 Cornell University 1 Today How my device becomes useful for the user? HW-OS interface Device controller Device driver Interrupts
More informationOP-TEE Using TrustZone to Protect Our Own Secrets
OP-TEE Using TrustZone to Protect Our Own Secrets ROM-Code Bootloader OP-TEE Kernel Root File System ELC Europe 2017, 23.10.2017 Marc Kleine-Budde Slide 1 - http://www.pengutronix.de
More informationWhat s New in PI Security?
What s New in PI Security? Presented by Bryan Owen PE Felicia Mohan Agenda Overview What s new Demo What s coming next Call to Action 3 Cyber Security is more of a Marathon than a Sprint Release Cadence
More informationVirtualSwindle: An Automated Attack Against In-App Billing on Android
Northeastern University Systems Security Lab VirtualSwindle: An Automated Attack Against In-App Billing on Android ASIACCS 2014 Collin Mulliner, William Robertson, Engin Kirda {crm,wkr,ek}[at]ccs.neu.edu
More informationLive Adversary Simulation: Red and Blue Team Tactics
SESSION ID: HTA-T06 Live Adversary Simulation: Red and Blue Team Tactics James Lyne Head of R&D SANS Institute @JamesLyne Stephen Sims Security Researcher & Fellow SANS Institute @Steph3nSims Agenda 2
More informationDigital Payments Security Discussion Secure Element (SE) vs Host Card Emulation (HCE) 15 October Frazier D. Evans
Digital Payments Security Discussion Secure Element (SE) vs Host Card Emulation (HCE) 15 October 2014 Frazier D. Evans Evans_Frazier@bah.com There are four key areas that need to be investigated when talking
More informationXbox Security. Daniel Butnaru. 28 th June 2006
Xbox Security Daniel Butnaru 28 th June 2006 Overview Intro Benefits Security System Attacks Conclusion 2 Hardware Introduction XBOX is a game console introduced by Microsoft in 2002. Consists of: Pentium
More informationMarket Trends and Challenges in Vehicle Security
Market Trends and Challenges in Vehicle Security FTF-AUT-F0080 Richard Soja Automotive MCU Systems Engineer A P R. 2 0 1 4 TM External Use Microcontrollers and Digital Networking Processors A Global Leader
More informationUser Guide. IronKey Workspace Models: W700 Updated: September 2013 IRONKEY WORKSPACE W700 USER GUIDE
User Guide IronKey Workspace Models: W700 Updated: September 2013 PAGE 1 Thank you for your interest in IronKey Workspace W700 by Imation. Imation s Mobile Security Group is committed to creating and developing
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationIntroducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.
Introducing MVISION Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls Jon Parkes McAfee 1 All information provided here is subject to non-disclosure
More informationCSE 380 Computer Operating Systems
CSE 380 Computer Operating Systems Instructor: Insup Lee University of Pennsylvania Fall 2003 Lecture Note on Disk I/O 1 I/O Devices Storage devices Floppy, Magnetic disk, Magnetic tape, CD-ROM, DVD User
More informationCISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1
CISCO BORDERLESS NETWORKS 2009 Cisco Systems, Inc. All rights reserved. 1 Creating New Business Models The Key Change: Putting the Interaction Where the Customer Is Customer Experience/ Innovation Productivity/
More informationBuilding secure devices on the intelligent edge with Azure Sphere. Paul Foster, Microsoft Dr Hassan Harb, E.On
Building secure devices on the intelligent edge with Azure Sphere Paul Foster, Microsoft Dr Hassan Harb, E.On Microcontrollers (MCUs) low-cost, single chip computers 9 BILLION new MCU devices built and
More informationSecuring IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region
Securing IoT devices with STM32 & STSAFE Products family Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region 2 The leading provider of products and solutions for Smart Driving and
More informationAURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo
ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking
More informationFirmware Updates for Internet of Things Devices
Firmware Updates for Internet of Things Devices Brendan Moran, Milosch Meriac, Hannes Tschofenig Drafts: draft-moran-suit-architecture draft-moran-suit-manifest 1 WHY DO WE CARE? 2 IoT needs a firmware
More information20 ways past secure boot. Job de Haas Riscure Security Lab
20 ways past secure boot Job de Haas Riscure Security Lab Who am I Job de Haas Principal Security Analyst at Riscure Testing security on: Set-top-boxes, mobile phones, smart cards, payment terminals, ADSL
More informationScott Johnson Dominic Rizzo Parthasarathy Ranganathan Jon McCune Richard Ho. Titan: enabling a transparent silicon root of trust for Cloud
Scott Johnson Dominic Rizzo Parthasarathy Ranganathan Jon McCune Richard Ho Titan: enabling a transparent silicon root of trust for Cloud 1 Talk outline 01 02 03 04 05 Motivation and problem statement
More informationBirds of a Feather Session - OSS Vancouver Eystein Stenberg, Mender.io
Birds of a Feather Session - OSS Vancouver 2018 Eystein Stenberg, Mender.io Typical product development process Prototyping Production design Mass production Release deadline panic Updater is too often
More informationA Developer's Guide to Security on Cortex-M based MCUs
A Developer's Guide to Security on Cortex-M based MCUs 2018 Arm Limited Nazir S Arm Tech Symposia India Agenda Why do we need security? Types of attacks and security assessments Introduction to TrustZone
More informationIDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller
IDCore Flexible, Trusted Open Platform financial services & retail enterprise > SOLUTION Government telecommunications transport Trusted Open Platform Java Card Alexandra Miller >network identity >smart
More informationImplementing debug. and trace access. through functional I/O. Alvin Yang Staff FAE. Arm Tech Symposia Arm Limited
Implementing debug and trace access through functional I/O Alvin Yang Staff FAE Arm Tech Symposia 2017 Agenda Debug and trace access limitations A new approach Protocol based Bare metal vs mission mode
More informationSymantec Ransomware Protection
Symantec Ransomware Protection Protection Against Ransomware Defense in depth across all control points is required to stop ransomware @ Email Symantec Email Security.cloud, Symantec Messaging Gateway
More informationTailoring TrustZone as SMM Equivalent
presented by Tailoring TrustZone as SMM Equivalent Tony C.S. Lo Senior Manager American Megatrends Inc. UEFI Plugfest March 2016 www.uefi.org 1 Agenda Introduction ARM TrustZone SMM-Like Services in TrustZone
More informationW4118: virtual machines
W4118: virtual machines Instructor: Junfeng Yang References: Modern Operating Systems (3 rd edition), Operating Systems Concepts (8 th edition), previous W4118, and OS at MIT, Stanford, and UWisc Virtual
More information