Building a trustworthy computer OSCON talk by Matthew Garrett

Fri, 24 Jul 2015 15:48:07 -0700

Not sure if anyone was attending OSCON today and caught this talk earlier, but if have audio or video please post. 

http://www.oscon.com/open-source-2015/public/schedule/detail/41536

Building a trustworthy computer
Matthew Garrett (CoreOS)
11:10am–11:50am Friday, 07/24/2015
Protect D139/140
Tags: Open hardware, Tools and techniques, Geek life lifestyle
Average rating: ***** (5.00, 1 rating)
Rate This Session
Slides: http://cdn.oreillystatic.com/en/assets/1/event/129/Building%20a%20trustworthy%20computer%20Presentation.odp 

Prerequisite Knowledge
Some knowledge of the major components of a modern computer and how they fit together, but no detailed knowledge of firmware or hardware design is required. 
Description
The Snowden revelations demonstrated the lengths that government agencies were willing and able to go to in order to subvert computers. But these attacks aren’t limited to state-level actors – security researchers continue to demonstrate new vulnerabilities and weaknesses that would permit sophisticated criminals to achieve the same goals.
In the face of these advanced attacks, what can we do to detect and mitigate them? How can we make use of existing security features, and what changes can we make to system design? In short, how can we ensure that a user can trust that their computer is acting in their interests rather than somebody else’s?
This presentation will cover some of the existing security features and recent design changes in systems that can make it easier to detect attacks, and provide mechanisms for defending against them in the first place, along with simple design changes that would make it easier for users to ensure that components haven’t been backdoored. In addition it will discuss some of the remaining challenges that don’t have solid answers as yet. Topics covered will include: 

    Firmware security
    Trusted platform modules, attestation, and associated privacy risks
    Hardware design to support offline verification
Remaining components that could act against the interests of the hardware owner 

Photo of Matthew Garrett
Matthew Garrett
CoreOS
Matthew Garrett is a security developer at CoreOS, specializing in the areas where software starts knowing a little more about hardware than you’d like. He implemented much of Linux’s support for UEFI Secure Boot, does things with TPMs and has found more bugs in system firmware than he’s entirely comfortable with.

Reply via email to