Archive of posts tagged: Security
Let’s Keep it to Ourselves: Don’t Disclose Vulnerabilities
There are millions of viruses, etc., in the wild today. Countless new ones are devised by black-hat hackers all the time. In order to proactively defend against new exploits, some white-hatters seek out or create weaknesses or vulnerabilities and then devise fixes for them. However, in some cases, such as Spectre, fixes are not readily apparent, either to the inventor or the vendor of the target software or hardware. Regardless of the existence of a fix or not, the question arises as to what to publicize or disclose about the vulnerability. We argue that no public disclosure should be made at all, until and unless the exploit appears in the wild.
Approaches to System Security: Using Cryptographic Techniques to Minimize Trust
This is the first post in a series of posts on different approaches to systems security especially as they apply to hardware and architectural security. In this post, we will consider the use of mathematics/cryptography as an approach to improving systems security....
Reflections on trusting SGX
The security community will remember the year of 2018 as the year of speculative execution attacks. Meltdown and Spectre, the recent Foreshadow (L1TF in Intel’s terminology), and their variants demonstrate how the immense processor design complexity, perpetual...
Sacrificing Interoperability for Information Security: Containing Data Loss and Malware Propagation
Using hardware that does not provide software and data interoperability could address security problems.