Dailydave mailing list archives
Towards Heat Death
From: David Aitel <dave () immunityinc com>
Date: Wed, 3 Jan 2018 07:15:49 -0800
So much of internet security is pointing out to overly optimistic people that they are trying to fight from their back, against a hungry T-Rex who doesn't care about your brazilian jiu jitsu black belt, and has no arms to armbar anyways. Like, one of my favorite papers Immunity ever did was the Cloudburst [1] paper, wherein various member of the DoD wanted to put SECRET and UNCLASSIFIED networks on the same computer, separated by a hypervisor. What we said was "in this one instance you can break the hypervisor and obtain full control from a guest" but what we meant was "Doing things in this insane way makes the T-Rex hungrier." Likewise, while side channel attacks are the least sexy of all attacks in demos on the conference stage, but I feel like processors have been up against the physics wall for a decade, and when I hang out with processor people all we hear about is heat management processors because no processor can run as fast as its spec says it can with more than one core at a time, and even then, not for very long. I feel like James Mickens has a whole paper on this stuff that no one read or took seriously? [2] Anyways, these are exciting times, and it's because new bug classes are being detected as fast as new bugs used to be and the T-Rexs are hungrier than ever. -dave [1] http://www.blackhat.com/presentations/bh-usa-09/KORTCHINSKY/BHUSA09-Kortchinsky-Cloudburst-PAPER.pdf [2] http://scholar.harvard.edu/files/mickens/files/theslowwinter.pdf
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Towards Heat Death David Aitel (Jan 03)