an architecture a day keeps the hacker away
play

An Architecture A Day Keeps The Hacker Away David A. Holland, Ada - PowerPoint PPT Presentation

Oct 29, 2022 •97 likes •262 views

An Architecture A Day Keeps The Hacker Away David A. Holland, Ada T. Lim, Margo I. Seltzer Harvard University Division of Engineering and Applied Sciences { dholland,ada,margo } @eecs.harvard.edu Weve got a problem. Why? Attacks are

  1. An Architecture A Day Keeps The Hacker Away David A. Holland, Ada T. Lim, Margo I. Seltzer Harvard University Division of Engineering and Applied Sciences { dholland,ada,margo } @eecs.harvard.edu

  2. We’ve got a problem. Why? • Attacks are increasing. • More exposed bad code than ever before. • Patching systems doesn’t scale. • Mindless automated attacks do scale. Monoculture makes the world more fragile. 2 WASSA / October 9, 2004

  3. System/390 to the rescue! Many, perhaps most, attacks are • binary; • not portable; • written for the most popular platforms. Use something else! • Anecdotally, widely done. • Doesn’t scale. 3 WASSA / October 9, 2004

  4. Well, we can fix that. Making your own is too hard... • Design and fab chips? • Port the compiler and OS? ...or is it? • Virtual machine monitors. • Machine descriptions. 4 WASSA / October 9, 2004

  5. This scales, too. Now anyone can make up their own machine. Or you can generate machines randomly. How does that work? 5 WASSA / October 9, 2004

  6. Simpleminded example: Pick the byte size: • 8 bits, 16 bits... • 9 bits? 10 bits? Pick the word size: • 32 bits, 64 bits... • 36 bits? 40 bits? Pick the endianness. 6 WASSA / October 9, 2004

  7. What does this buy us? A lot: • Rules out a broad class of attacks. • Blocks even novel exploit techniques. • Single comprehensive approach. • Puts script kiddies out of business! Maybe. Doesn’t walk the dog, though. 7 WASSA / October 9, 2004

  8. Are there enough machines? We draw a distinction: • Code injection attacks; • State corruption attacks. We have overkill for code injection. State corruption is harder to handle. 8 WASSA / October 9, 2004

  9. Caveats Can exploits be generated from machine descriptions? Is your machine description secret? Can one attack whole sets of machines at once? 9 WASSA / October 9, 2004

  10. Reliability QA is going to love this. 10 WASSA / October 9, 2004

  11. Reliability QA is going to love this. QA is going to love this. 10 WASSA / October 9, 2004

  12. What will it take? Making the general source base portable. Lots of toolchain engineering. Some research remains. 11 WASSA / October 9, 2004

  13. Should we take the trouble? It costs a lot. But it buys us a lot. 12 WASSA / October 9, 2004

  14. Should we take the trouble? Yes. 12 WASSA / October 9, 2004

  15. An Architecture A Day Keeps The Hacker Away David A. Holland, Ada T. Lim, Margo I. Seltzer Harvard University Division of Engineering and Applied Sciences { dholland,ada,margo } @eecs.harvard.edu http://www.eecs.harvard.edu/˜syrah/

Recommend

CAN WE FIX IT? SEBASTIUS, HACKER HOTEL 2016 About me Sebastian Oort Teacher by day Self taught

CAN WE FIX IT? SEBASTIUS, HACKER HOTEL 2016 About me Sebastian Oort Teacher by day Self taught

CAN WE FIX IT? SEBASTIUS, HACKER HOTEL 2016 About me Sebastian Oort Teacher by day Self taught hacker/fixer Love retro-hardware CAN WE FIX IT? PROJECT 4 PRACTICAL REPAIRS FOR EVERYONE APRIL 2, 2016 HACKER HOTEL DATUM KLANT REFLOW BAKE

447 views • 23 slides
Think Like a Hacker Assaf Harel, Chief Scientist and Co-Founder What Does it Mean? 2 |

Think Like a Hacker Assaf Harel, Chief Scientist and Co-Founder What Does it Mean? 2 |

Think Like a Hacker Assaf Harel, Chief Scientist and Co-Founder What Does it Mean? 2 | Confidential Provided for Workshop use only Why Would a Hacker Want to Hack a Car? Cryptocurrency Personal Information Ransomware Mining

517 views • 17 slides
Software Engineering Through the eyes of a hacker, academic, employee, and CEO Chad Spensky

Software Engineering Through the eyes of a hacker, academic, employee, and CEO Chad Spensky

Software Engineering Through the eyes of a hacker, academic, employee, and CEO Chad Spensky chad@allthenticate.net Founder and CEO of Allthenticate My Journey 1990s: Internet pirate, hacker, and master tinkerer 2004-2008: College student at

809 views • 53 slides
CONFIDENCE 2008 KRAKOW pdp information security researcher, hacker, founder of GNUCITIZEN

CONFIDENCE 2008 KRAKOW pdp information security researcher, hacker, founder of GNUCITIZEN

CONFIDENCE 2008 KRAKOW pdp information security researcher, hacker, founder of GNUCITIZEN Cutting-edge Think Tank ABOUT GNUCITIZEN Think tank Research Training Consultancy Ethical Hacker Outfit Responsible disclosure

929 views • 64 slides
Bringing Riak to the Mobile Platform Kresten Krab Thorup Hacker @drkrab Bringing Riak to the

Bringing Riak to the Mobile Platform Kresten Krab Thorup Hacker @drkrab Bringing Riak to the

Bringing Riak to the Mobile Platform Kresten Krab Thorup Hacker @drkrab Bringing Riak to the Mobile Platform Client Kresten Krab Thorup Hacker @drkrab About the Speaker Language Geek Emacs/TeX Hacker, Objective C, NeXT, GNU Compiled

963 views • 41 slides
From Zero to Zero-day How I became a hacker and why you should Carl Svensson @ Detectify 5/12

From Zero to Zero-day How I became a hacker and why you should Carl Svensson @ Detectify 5/12

From Zero to Zero-day How I became a hacker and why you should Carl Svensson @ Detectify 5/12 2018 1 / 14 Background Biography MSc in Computer Science, KTH Head of Security, KRY/LIVI CTF: HackingForSoju E-mail: calle.svensson@zeta-two.com

313 views • 14 slides
STANDUP POKER KALPESH SHAH CULTURE HACKER & ENTERPRISE AGILE COACH A few things about me.

STANDUP POKER KALPESH SHAH CULTURE HACKER & ENTERPRISE AGILE COACH A few things about me.

STANDUP POKER KALPESH SHAH CULTURE HACKER & ENTERPRISE AGILE COACH A few things about me. CULTURE HACKER AGILE & LEAN Trainer SPEAKER Scrum & Agile User Groups Global Agile Conferences Guest Lecturer at

475 views • 19 slides
Adding new architecture to QEMU Marek Va sut < marek.vasut@gmail.com > June 1, 2017

Adding new architecture to QEMU Marek Va sut < marek.vasut@gmail.com > June 1, 2017

Adding new architecture to QEMU Marek Va sut < marek.vasut@gmail.com > June 1, 2017 Marek Vasut Contractor at multiple companies Versatile Linux kernel hacker Custodian at U-Boot bootloader Yocto (oe-core) contributor

796 views • 30 slides
RISK 2008 pdp information security researcher, hacker, founder of GNUCITIZEN Cutting-edge Think

RISK 2008 pdp information security researcher, hacker, founder of GNUCITIZEN Cutting-edge Think

RISK 2008 pdp information security researcher, hacker, founder of GNUCITIZEN Cutting-edge Think Tank ABOUT GNUCITIZEN Think tank Research Training Consultancy Ethical Hacker Outfit Responsible disclosure We have

1.04k views • 52 slides
Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security:

Network Security Architecture 1 Additional Reading Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second edition Firewall and Internet Security, the Second Hundred (Internet)

801 views • 78 slides
<3 Thursday, July 23, 2009 Artur Bergman artur@crucially.net perl hacker

<3 Thursday, July 23, 2009 Artur Bergman artur@crucially.net perl hacker

<3 Thursday, July 23, 2009 Artur Bergman artur@crucially.net perl hacker varnish hacker Operations & Engineering at Wikia Thursday, July 23, 2009 Wikia Hosts wiki communities www.wowwiki.com (second largest)

1.16k views • 103 slides
KERNEL C.I. USING LINAROS AUTOMATED VALIDATION ARCHITECTURE Wednesday, September 11, 13 TYLER

KERNEL C.I. USING LINAROS AUTOMATED VALIDATION ARCHITECTURE Wednesday, September 11, 13 TYLER

KERNEL C.I. USING LINAROS AUTOMATED VALIDATION ARCHITECTURE Wednesday, September 11, 13 TYLER BAKER TECHNICAL ARCHITECT HTTP://WWW.LINARO.ORG LAVA DEVELOPER LAVA EVANGELIST FORMER PLATFORM ENGINEER KERNEL HACKER MT. BAKER, WA

755 views • 41 slides
A Day In The Life of a Hacker Things we get up to when nobody is looking, and that keep me awake

A Day In The Life of a Hacker Things we get up to when nobody is looking, and that keep me awake

A Day In The Life of a Hacker Things we get up to when nobody is looking, and that keep me awake at night... Adam Laurie adam@thebunker.net http://www.thebunker.net FIRST Geek Zone Seville, 2007 Contents InfraRed RFID ATMs /

1.34k views • 92 slides
Network Security Architecture CS461/ECE422 Computer Security I Fall 2008 Reading Material

Network Security Architecture CS461/ECE422 Computer Security I Fall 2008 Reading Material

Network Security Architecture CS461/ECE422 Computer Security I Fall 2008 Reading Material Computer Security chapter 26. Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick, Bellovin, and Rubin. New second

1.24k views • 50 slides
Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of

Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of

Think Like a Hacker: Learn How to Use OSINT to Defend Your Organization Rosa L. Smothers SVP of Cyber Operations KnowBe4, Inc. The worlds most popular integrated Security Awareness Training and Simulated Phishing platform Based

296 views • 25 slides
When Saying I Do Meant Giving Up Your U.S. Citizenship Meg Hacker Did you know that from

When Saying I Do Meant Giving Up Your U.S. Citizenship Meg Hacker Did you know that from

When Saying I Do Meant Giving Up Your U.S. Citizenship Meg Hacker Did you know that from 1907 to 1922 American women lost their American citizenship by marrying non-Americans without even leaving the United States? Did these women regain

642 views • 43 slides
Practical Penetration Testing 101 Look mom Im a hacker now! Words of warning Anything

Practical Penetration Testing 101 Look mom Im a hacker now! Words of warning Anything

Practical Penetration Testing 101 Look mom Im a hacker now! Words of warning Anything you do to a remote system without authorization is illegal Use common sense Federal prison is bad Overview of Today Brief overview

348 views • 13 slides
W0RKSH0P @KirilsSolovjovs Why am I doing this? Many people atuending hacker conferences are

W0RKSH0P @KirilsSolovjovs Why am I doing this? Many people atuending hacker conferences are

Network concepts introduction & wireshark W0RKSH0P @KirilsSolovjovs Why am I doing this? Many people atuending hacker conferences are not in fact experts, but come here to learn and have fun Opportunity to learn something new

942 views • 46 slides
Google Web Toolkit CWRU Hacker([']s[']) Society What is GWT? (By the way, it's free and open

Google Web Toolkit CWRU Hacker([']s[']) Society What is GWT? (By the way, it's free and open

Google Web Toolkit CWRU Hacker([']s[']) Society What is GWT? (By the way, it's free and open source under Apache License v2.0.) Questions to be Answered: Why? Brief Example Demonstration What can it do? How does it work?

494 views • 20 slides
Attacking a co-hosted VM A hacker, a hammer and two memory modules 1 Who we are (1) Mehdi

Attacking a co-hosted VM A hacker, a hammer and two memory modules 1 Who we are (1) Mehdi

Attacking a co-hosted VM A hacker, a hammer and two memory modules 1 Who we are (1) Mehdi Talbi Security researcher at Stormshield haka-security project. Past life: academia (phd, postdoc, ) Main research topics: advanced

1.61k views • 94 slides
Cyber@UC Meeting 38 Becoming a Certified Ethical Hacker If Youre New! Join our Slack

Cyber@UC Meeting 38 Becoming a Certified Ethical Hacker If Youre New! Join our Slack

Cyber@UC Meeting 38 Becoming a Certified Ethical Hacker If Youre New! Join our Slack ucyber.slack.com Feel free to get involved with one of our committees: Content, Finance, Public Affairs, Outreach, Recruitment Ongoing

423 views • 31 slides
Center for Genomic Gastronomy Hacker Culture Creating and sharing with each other Placing

Center for Genomic Gastronomy Hacker Culture Creating and sharing with each other Placing

Center for Genomic Gastronomy Hacker Culture Creating and sharing with each other Placing a high value on freedom of inquiry; hostility to secrecy Information-sharing as both an ideal and a practical strategy Upholding the right to

549 views • 15 slides
1 Where does architecture come from? What order? Use an architecture youve seen before

1 Where does architecture come from? What order? Use an architecture youve seen before

Architecture 2 1 Announcements What is Architecture? Final project hand-in and documentation Big picture Structure or structures that support the system Early design decisions Architecture is the design decisions you

275 views • 5 slides
How to become a (Media)Wiki hacker An overwhelming overview of Wikimedia's many technical areas,

How to become a (Media)Wiki hacker An overwhelming overview of Wikimedia's many technical areas,

How to become a (Media)Wiki hacker An overwhelming overview of Wikimedia's many technical areas, some projects, and development infrastructure to get ideas where to get involved. Andr . Klapper <aklapper@wikimedia.org> | Daniel

243 views • 23 slides

More recommend