Security Through Distrusting

Presented at Black Hat Europe 2017, Dec. 7, 2017, 9 a.m. (60 minutes)

There are different approaches to making (computer) systems (reasonably) secure and trustworthy: At one extreme, we would like to ensure everything (software, hardware, infrastructure) is _trusted_. This means the code has no bugs or backdoors, patches are always available and deployed, admins always competent and trustworthy, and the infrastructure always reliable... On the other end of the spectrum, however, we would like to _distrust_ (nearly) all components and actors, and have no single almighty element in the system. In my opinion, the industry has been way too much focused on this first approach, which I see as overly naive and non-scalable to more complex systems. In this talk, based on my prior work as both offensive researcher in the past, as well as an engineer and architect on the defense side in the recent years, I will attempt to convince the audience that moving somehow towards the "security through distrusting" principle might be a good idea. Equally important though, the talk will discuss the trade-offs that this move requires and where can we find the sweet spot between the two approaches.

Presenters:

• Joanna Rutkowska - CEO & Founder, Invisible Things Lab
  Joanna Rutkowska is the CEO and founder of Invisible Things Lab and the Qubes OS project, which she has led since its inception in 2010. Prior to that she has been focusing on system-level offensive security research. Together with her team at ITL, she has presented numerous attacks on virtualization systems and Intel security technologies, including the famous series of exploits against the Intel Trusted Execution Technology (TXT), the still-only-one software attack demonstrating Intel VT-d escape, and also supervised her team with the pioneering research on breaking into the Intel vPro BIOS and AMT/MT technology. She is also known for writing Blue Pill, the first hardware virtualization-based rootkit, introducing Evil Maid attack, and for her prior work on kernel-mode malware for Windows and Linux in the first half of the 2000s.

Links:

• https://www.blackhat.com/eu-17/briefings/schedule/#security-through-distrusting-9562
• https://infocon.org/cons/Black Hat/Black Hat Europe/Black Hat Europe 2017/videos/Day 2 Keynote - Security Through Distrusting.mp4
• https://infocon.org/cons/Black Hat/Black Hat Europe/Black Hat Europe 2017/videos/Day 2 Keynote - Security Through Distrusting.eng.srt (subtitles)
• https://www.youtube.com/watch?v=PSLvfob0A4o

Similar Presentations:

• LocoMocoSec 2019 / Visibility & Control: Addressing supply chain challenges to trustworthy software-enabled things
• AppSec USA 2015 / Security as Code: A New Frontier
• DerbyCon 1.0 (2011) / A Tribute to Dr. Strangelove