Presented at
BSidesDC 2015,
Oct. 18, 2015, 1:30 p.m.
(50 minutes)
Standard processors are highly susceptible to attack. We've lived with that fact for decades, stuck with what was instead of moving towards what could be. Why has no major processor vendor begun to develop an inherently secure processor that can withstand the exploitation of common software vulnerabilities? Probably because any new processor that resists the root causes of modern vulnerabilities would require a brand new operating system, new programming languages, and applications to be rewritten from scratch.
Except, that reasoning is no longer true. Key DARPA innovations derived from the CRASH program that address the root cause of computer insecurity at the processor level can be applied to commodity processors. In the world that we envision, modern vulnerabilities are virtually eliminated beneath the OS by differentiating data from instruction and enforcing memory use constraints within the instruction pipeline. This talk introduces our first step to inherent security, where, by using the open source RISC-V processor as our foundation, we intend to provide provable resilience to common vulnerabilities by July 1, 2016. We'll chat about our ambitious plan for the next year, how we expect to support standard operating systems, and how the public can participate.
Presenters:
-
Jothy Rosenberg
- Executive Director, Center for Inherent Security at Draper Laboratory
Jothy Rosenberg has a PhD in computer science (VLIS computer-aided design algorithms) from Duke University where he stayed on as professor for five years building space-flyable massively parallel single-instruction multiple-data architecture supercomputers. He caught the entrepreneurial bug and turned that works into a supercomputer startup in California called MasPar. Then he did a five-year stint at a large software company called Borland. Borland shipped him off to Boston where he has remained for 18 years. Jothy has gone on to found eight additional startups. During this time he also wrote three technical books: How Debuggers Work, Securing Web Services, and The Cloud at Your Service. He also wrote an inspirational memoir called Who Says I Can't that recounts how he used extreme sports to recover from a disability. Rosenberg currently is Associate Director of the Cyber Systems Group and Executive Director of the Center for Inherent Security at Draper Laboratory in Cambridge. Prior to Draper, Rosenberg was Technical Director at BAE Systems where he was PI or co-PI on several large DARPA cyber security programs including CRASH (Clean-slate Redesign of Adaptive Secure Hosts) and MRC (Mission-oriented Resilient Clouds).
Links:
Similar Presentations: