[trustable-software] I fear we need trustable hardware too...

Paul Sherwood paul.sherwood at codethink.co.uk
Thu Jan 4 12:12:57 GMT 2018


Hi Colin,
On 2018-01-04 11:53, Colin Robbins wrote:
> From my perspective, trustable "anything" has dependencies, and a key
> factor in determining trust is how well can you understand trust the
> dependencies.

Yup. So in a way this is 'just' about understanding and trust over the 
whole supply chain.

> Software depends on hardware.
> So you have to either trust the hardware, or build the software such
> that it minimises the trust in the hardware.

Right, but here's where things already break down...

- AFAICT most people don't **really** understand the whole chain, and 
are too busy/scared to fix/admit it
- msg any organisations/projects/products are working without applicable 
oversight/risk management
- apps people don't understand OS, OS people don't understand apps, 
software people don't understand hardware and vice-versa
- mostly each individual/group assumes the presence and trustability of 
the stuff below/around it

And then in some cases vendors compound the problems by
- coming up with 'solutions' that don't stand up to scrutiny
- avoiding scrutiny by claiming secret sauce/IP

> Meltdown + Spectre are side channel attacks.   In the crypto world,
> side channels have been know about for a long time, and the
> "trustable" crypto suppliers will have designed controls (hardware or
> software) to reduce the risk.

Hmmm.... our crypto is fine, sir... it's just the rest of your 
architecture that's broken...

> I think this is an example of the point I tried to make yesterday -
> security changes over time, and new vulnerabilities are discovered.
> The trustable solutions are ones that have anticipated potential,
> undiscovered, vulnerabilities and offer mitigations (but you can't
> directly validate by testing).  It's what high grade crypto does, but
> also why its expensive.

Ack.

tvm
Paul



More information about the trustable-software mailing list