an architecture a day keeps the hacker away
play

An Architecture A Day Keeps The Hacker Away David A. Holland, Ada - PowerPoint PPT Presentation

Oct 29, 2022 •97 likes •262 views

An Architecture A Day Keeps The Hacker Away David A. Holland, Ada T. Lim, Margo I. Seltzer Harvard University Division of Engineering and Applied Sciences { dholland,ada,margo } @eecs.harvard.edu Weve got a problem. Why? Attacks are

  1. An Architecture A Day Keeps The Hacker Away David A. Holland, Ada T. Lim, Margo I. Seltzer Harvard University Division of Engineering and Applied Sciences { dholland,ada,margo } @eecs.harvard.edu

  2. We’ve got a problem. Why? • Attacks are increasing. • More exposed bad code than ever before. • Patching systems doesn’t scale. • Mindless automated attacks do scale. Monoculture makes the world more fragile. 2 WASSA / October 9, 2004

  3. System/390 to the rescue! Many, perhaps most, attacks are • binary; • not portable; • written for the most popular platforms. Use something else! • Anecdotally, widely done. • Doesn’t scale. 3 WASSA / October 9, 2004

  4. Well, we can fix that. Making your own is too hard... • Design and fab chips? • Port the compiler and OS? ...or is it? • Virtual machine monitors. • Machine descriptions. 4 WASSA / October 9, 2004

  5. This scales, too. Now anyone can make up their own machine. Or you can generate machines randomly. How does that work? 5 WASSA / October 9, 2004

  6. Simpleminded example: Pick the byte size: • 8 bits, 16 bits... • 9 bits? 10 bits? Pick the word size: • 32 bits, 64 bits... • 36 bits? 40 bits? Pick the endianness. 6 WASSA / October 9, 2004

  7. What does this buy us? A lot: • Rules out a broad class of attacks. • Blocks even novel exploit techniques. • Single comprehensive approach. • Puts script kiddies out of business! Maybe. Doesn’t walk the dog, though. 7 WASSA / October 9, 2004

  8. Are there enough machines? We draw a distinction: • Code injection attacks; • State corruption attacks. We have overkill for code injection. State corruption is harder to handle. 8 WASSA / October 9, 2004

  9. Caveats Can exploits be generated from machine descriptions? Is your machine description secret? Can one attack whole sets of machines at once? 9 WASSA / October 9, 2004

  10. Reliability QA is going to love this. 10 WASSA / October 9, 2004

  11. Reliability QA is going to love this. QA is going to love this. 10 WASSA / October 9, 2004

  12. What will it take? Making the general source base portable. Lots of toolchain engineering. Some research remains. 11 WASSA / October 9, 2004

  13. Should we take the trouble? It costs a lot. But it buys us a lot. 12 WASSA / October 9, 2004

  14. Should we take the trouble? Yes. 12 WASSA / October 9, 2004

  15. An Architecture A Day Keeps The Hacker Away David A. Holland, Ada T. Lim, Margo I. Seltzer Harvard University Division of Engineering and Applied Sciences { dholland,ada,margo } @eecs.harvard.edu http://www.eecs.harvard.edu/˜syrah/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CAN WE FIX IT? SEBASTIUS, HACKER HOTEL 2016 About me Sebastian Oort Teacher by day Self taught

CAN WE FIX IT? SEBASTIUS, HACKER HOTEL 2016 About me Sebastian Oort Teacher by day Self taught

CAN WE FIX IT? SEBASTIUS, HACKER HOTEL 2016 About me Sebastian Oort Teacher by day Self taught hacker/fixer Love retro-hardware CAN WE FIX IT? PROJECT 4 PRACTICAL REPAIRS FOR EVERYONE APRIL 2, 2016 HACKER HOTEL DATUM KLANT REFLOW BAKE

447 views • 23 slides
Think Like a Hacker Assaf Harel, Chief Scientist and Co-Founder What Does it Mean? 2 |

Think Like a Hacker Assaf Harel, Chief Scientist and Co-Founder What Does it Mean? 2 |

Think Like a Hacker Assaf Harel, Chief Scientist and Co-Founder What Does it Mean? 2 | Confidential Provided for Workshop use only Why Would a Hacker Want to Hack a Car? Cryptocurrency Personal Information Ransomware Mining

517 views • 17 slides
Software Engineering Through the eyes of a hacker, academic, employee, and CEO Chad Spensky

Software Engineering Through the eyes of a hacker, academic, employee, and CEO Chad Spensky

Software Engineering Through the eyes of a hacker, academic, employee, and CEO Chad Spensky chad@allthenticate.net Founder and CEO of Allthenticate My Journey 1990s: Internet pirate, hacker, and master tinkerer 2004-2008: College student at

809 views • 53 slides
CONFIDENCE 2008 KRAKOW pdp information security researcher, hacker, founder of GNUCITIZEN

CONFIDENCE 2008 KRAKOW pdp information security researcher, hacker, founder of GNUCITIZEN

CONFIDENCE 2008 KRAKOW pdp information security researcher, hacker, founder of GNUCITIZEN Cutting-edge Think Tank ABOUT GNUCITIZEN Think tank Research Training Consultancy Ethical Hacker Outfit Responsible disclosure

929 views • 64 slides
Bringing Riak to the Mobile Platform Kresten Krab Thorup Hacker @drkrab Bringing Riak to the

Bringing Riak to the Mobile Platform Kresten Krab Thorup Hacker @drkrab Bringing Riak to the

Bringing Riak to the Mobile Platform Kresten Krab Thorup Hacker @drkrab Bringing Riak to the Mobile Platform Client Kresten Krab Thorup Hacker @drkrab About the Speaker Language Geek Emacs/TeX Hacker, Objective C, NeXT, GNU Compiled

963 views • 41 slides
From Zero to Zero-day How I became a hacker and why you should Carl Svensson @ Detectify 5/12

From Zero to Zero-day How I became a hacker and why you should Carl Svensson @ Detectify 5/12

From Zero to Zero-day How I became a hacker and why you should Carl Svensson @ Detectify 5/12 2018 1 / 14 Background Biography MSc in Computer Science, KTH Head of Security, KRY/LIVI CTF: HackingForSoju E-mail: calle.svensson@zeta-two.com

313 views • 14 slides
STANDUP POKER KALPESH SHAH CULTURE HACKER & ENTERPRISE AGILE COACH A few things about me.

STANDUP POKER KALPESH SHAH CULTURE HACKER & ENTERPRISE AGILE COACH A few things about me.

STANDUP POKER KALPESH SHAH CULTURE HACKER & ENTERPRISE AGILE COACH A few things about me. CULTURE HACKER AGILE & LEAN Trainer SPEAKER Scrum & Agile User Groups Global Agile Conferences Guest Lecturer at

475 views • 19 slides
Adding new architecture to QEMU Marek Va sut < marek.vasut@gmail.com > June 1, 2017

Adding new architecture to QEMU Marek Va sut < marek.vasut@gmail.com > June 1, 2017

Adding new architecture to QEMU Marek Va sut < marek.vasut@gmail.com > June 1, 2017 Marek Vasut Contractor at multiple companies Versatile Linux kernel hacker Custodian at U-Boot bootloader Yocto (oe-core) contributor

796 views • 30 slides
RISK 2008 pdp information security researcher, hacker, founder of GNUCITIZEN Cutting-edge Think

RISK 2008 pdp information security researcher, hacker, founder of GNUCITIZEN Cutting-edge Think

RISK 2008 pdp information security researcher, hacker, founder of GNUCITIZEN Cutting-edge Think Tank ABOUT GNUCITIZEN Think tank Research Training Consultancy Ethical Hacker Outfit Responsible disclosure We have

1.04k views • 52 slides
Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second edition Firewall and Internet Security, the Second Hundred (Internet)

801 views • 78 slides
<3 Thursday, July 23, 2009 Artur Bergman artur@crucially.net perl hacker

<3 Thursday, July 23, 2009 Artur Bergman artur@crucially.net perl hacker

<3 Thursday, July 23, 2009 Artur Bergman artur@crucially.net perl hacker varnish hacker Operations & Engineering at Wikia Thursday, July 23, 2009 Wikia Hosts wiki communities www.wowwiki.com (second largest)

1.16k views • 103 slides
KERNEL C.I. USING LINAROS AUTOMATED VALIDATION ARCHITECTURE Wednesday, September 11, 13 TYLER

KERNEL C.I. USING LINAROS AUTOMATED VALIDATION ARCHITECTURE Wednesday, September 11, 13 TYLER

KERNEL C.I. USING LINAROS AUTOMATED VALIDATION ARCHITECTURE Wednesday, September 11, 13 TYLER BAKER TECHNICAL ARCHITECT HTTP://WWW.LINARO.ORG LAVA DEVELOPER LAVA EVANGELIST FORMER PLATFORM ENGINEER KERNEL HACKER MT. BAKER, WA

755 views • 41 slides
A Day In The Life of a Hacker Things we get up to when nobody is looking, and that keep me awake

A Day In The Life of a Hacker Things we get up to when nobody is looking, and that keep me awake

A Day In The Life of a Hacker Things we get up to when nobody is looking, and that keep me awake at night... Adam Laurie adam@thebunker.net http://www.thebunker.net FIRST Geek Zone Seville, 2007 Contents InfraRed RFID ATMs /

1.34k views • 92 slides
Network Security Architecture CS461/ECE422 Computer Security I Fall 2008 Reading Material

Network Security Architecture CS461/ECE422 Computer Security I Fall 2008 Reading Material

Network Security Architecture CS461/ECE422 Computer Security I Fall 2008 Reading Material Computer Security chapter 26. Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second

1.24k views • 50 slides
Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of

Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of

Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of Cyber Operations KnowBe4, Inc. The worlds most popular integrated Security Awareness Training and Simulated Phishing platform Based

296 views • 25 slides
When Saying I Do Meant Giving Up Your U.S. Citizenship Meg Hacker Did you know that from

When Saying I Do Meant Giving Up Your U.S. Citizenship Meg Hacker Did you know that from

When Saying I Do Meant Giving Up Your U.S. Citizenship Meg Hacker Did you know that from 1907 to 1922 American women lost their American citizenship by marrying non-Americans without even leaving the United States? Did these women regain

642 views • 43 slides
APNA 30th Annual Conference Session 4035: October 22, 2016 SELF-REFLECTIVE PRACTICE: A

APNA 30th Annual Conference Session 4035: October 22, 2016 SELF-REFLECTIVE PRACTICE: A

APNA 30th Annual Conference Session 4035: October 22, 2016 SELF-REFLECTIVE PRACTICE: A CRITICAL-REFLECTION WORKSHOP FOR BUILDING REFLECTIVE SKILL IN CLINICAL DECISION MAKING Rosalind De Lisser, MS, FNP, PMHNP Aaron Miller, MS, PMHNP UCSF

113 views • 9 slides
1. Introduction butterfillS@ceu.hu butterfillS@ceu.hu first challenge second challenge We

1. Introduction butterfillS@ceu.hu butterfillS@ceu.hu first challenge second challenge We

1. Introduction butterfillS@ceu.hu butterfillS@ceu.hu first challenge second challenge We are stuck with our two main ways of describing and explaining things, one which treats objects and events as mindless, and the other which treats

854 views • 82 slides
Text Classification Diyi Yang Some slides borrowed from Jacob Eisenstein (was at GT) and Dan

Text Classification Diyi Yang Some slides borrowed from Jacob Eisenstein (was at GT) and Dan

CS 4650/7650: Natural Language Processing Text Classification Diyi Yang Some slides borrowed from Jacob Eisenstein (was at GT) and Dan Jurafsky at Stanford 1 TA Office Hours Ian Stewart: Tuesdays, 2-4pm, Coda C1106 Jiaao Chen: Thursdays,

837 views • 56 slides
Anticipation in cybernetic systems: A case against mindless antirepresentationalism Lambert

Anticipation in cybernetic systems: A case against mindless antirepresentationalism Lambert

Anticipation in cybernetic systems: A case against mindless antirepresentationalism Lambert Schomaker Kunstmatige Intelligentie / RuG 2 Overview From data to explanation: competing theories Neural representations Anticipation and

718 views • 46 slides
Welcome to CSci 1113 Introduction to C/C++ Programming for Scientists and Engineers Instructor

Welcome to CSci 1113 Introduction to C/C++ Programming for Scientists and Engineers Instructor

Welcome to CSci 1113 Introduction to C/C++ Programming for Scientists and Engineers Instructor (me) James Parker Shepherd Laboratories 391 Primary contact: jparker@cs.umn.edu TAs Kshitij Tayal, Brad Fisher, Nikki Kyllonen, Bekka McCoy,

858 views • 74 slides
Develop Your Data Mindset Module 3 - Aligning Answerable Questions With School Initiatives Part

Develop Your Data Mindset Module 3 - Aligning Answerable Questions With School Initiatives Part

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Develop Your Data Mindset Module 3 - Aligning Answerable Questions With School Initiatives Part 1 - Aligning Answerable Questions

757 views • 41 slides
Ubiquitous and Mobile Computing CS 528: The Effect of Developer Specified Explanations for

Ubiquitous and Mobile Computing CS 528: The Effect of Developer Specified Explanations for

Ubiquitous and Mobile Computing CS 528: The Effect of Developer Specified Explanations for Permission Requests on Smartphone User Behavior Chu Xu Computer Science Dept. Worcester Polytechnic Institute (WPI) Introduction/Motivation

555 views • 18 slides
The Business of Bus Busin ines ess s is is Business Milton Friedman The Business of

The Business of Bus Busin ines ess s is is Business Milton Friedman The Business of

The Business of Bus Busin ines ess s is is Business Milton Friedman The Business of Business They did not teach you how to run a business in law school or medical school Two foundational concepts for success:

486 views • 15 slides

More recommend