[trustable-software] I fear we need trustable hardware too...
paul.sherwood at codethink.co.uk
Thu Jan 4 12:12:57 GMT 2018
On 2018-01-04 11:53, Colin Robbins wrote:
> From my perspective, trustable "anything" has dependencies, and a key
> factor in determining trust is how well can you understand trust the
Yup. So in a way this is 'just' about understanding and trust over the
whole supply chain.
> Software depends on hardware.
> So you have to either trust the hardware, or build the software such
> that it minimises the trust in the hardware.
Right, but here's where things already break down...
- AFAICT most people don't **really** understand the whole chain, and
are too busy/scared to fix/admit it
- msg any organisations/projects/products are working without applicable
- apps people don't understand OS, OS people don't understand apps,
software people don't understand hardware and vice-versa
- mostly each individual/group assumes the presence and trustability of
the stuff below/around it
And then in some cases vendors compound the problems by
- coming up with 'solutions' that don't stand up to scrutiny
- avoiding scrutiny by claiming secret sauce/IP
> Meltdown + Spectre are side channel attacks. In the crypto world,
> side channels have been know about for a long time, and the
> "trustable" crypto suppliers will have designed controls (hardware or
> software) to reduce the risk.
Hmmm.... our crypto is fine, sir... it's just the rest of your
architecture that's broken...
> I think this is an example of the point I tried to make yesterday -
> security changes over time, and new vulnerabilities are discovered.
> The trustable solutions are ones that have anticipated potential,
> undiscovered, vulnerabilities and offer mitigations (but you can't
> directly validate by testing). It's what high grade crypto does, but
> also why its expensive.
More information about the trustable-software