One fundamental problem with our computing infrastructure is that nobody can truly tell if they are compromised—the technology stacks are not designed for this. Our inability to truly detect and remediate compromise carries all sorts of downstream costs (information asymmetries, bad security products, etc.).
Thomas Dullien explores how our software and hardware stacks could be rearchitected to allow reliable detection of compromise and outlines a number of different technologies that are needed for this, including reproducible builds, public ledgers like certificate transparency, and hardware with nonupdateable checksumming that is user inspectable.
Thomas Dullien (aka Halvar Flake) started work in reverse engineering and digital rights management in the mid-’90s and began to apply reverse engineering to vulnerability research shortly thereafter. He pioneered early Windows heap exploitation, patch diffing/bindiffing, and various other reverse engineering techniques. In 2004, Halvar started zynamics, a company focused on reverse engineering technologies. He continued to publish about reverse engineering, ROP gadget search, and knowledge management technologies in relation to reverse engineering. In 2011, zynamics was acquired by Google, and Halvar spent the next few years working on defensive technologies that leveraged the then-hot buzzwords big data and machine learning. In summer 2015, Halvar received the lifetime achievement Pwnie and decided to take a year off to travel, read, and surf.
©2016, O’Reilly UK Ltd • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org