Trustable Hardware as a TOCTOU Problem: Overview and Potential Remedies

Add to your list(s) Download to your calendar using vCal

• Dr. Andrew 'bunnie' Huang, Independent Researcher
• Tuesday 21 April 2020, 14:00-15:00
• Webinar.

If you have a question about this talk, please contact Jack Hughes.

In this talk, we frame Trustable Hardware as a “Time of Check/Time of Use” (TOCTOU) problem. The basic problem with receiving a package containing “trusted hardware” is that the place of verification for hardware is physically distant and administratively distinct from the place of use. This is similar in nature to confirming the integrity of a web object by checking its hash on the server, then downloading it and running it.

The talk starts by exploring some of the potential attack vectors in the supply chain, thus motivating the need for point-of-use verification. We then use these constraints to formulate a system architecture that tries to simplify the user verification problem, thus providing a method for evidence-based trust in a given hardware artifact, as opposed to blind faith in the supply chain.

This talk is part of the Computer Laboratory Security Seminar series.

This talk is included in these lists:

• All Talks (aka the CURE list)
• Cambridge talks
• Computer Laboratory Security Seminar
• Department of Computer Science and Technology talks and seminars
• Interested Talks
• School of Technology
• Security-related talks
• Trust & Technology Initiative - interesting events
• Webinar
• bld31

Note that ex-directory lists are not shown.