University of Cambridge > Talks.cam > Computer Laboratory Security Seminar > Trustable Hardware as a TOCTOU Problem: Overview and Potential Remedies

Trustable Hardware as a TOCTOU Problem: Overview and Potential Remedies

Add to your list(s) Download to your calendar using vCal

  • UserDr. Andrew 'bunnie' Huang, Independent Researcher
  • ClockTuesday 21 April 2020, 14:00-15:00
  • HouseWebinar.

If you have a question about this talk, please contact Jack Hughes.

In this talk, we frame Trustable Hardware as a “Time of Check/Time of Use” (TOCTOU) problem. The basic problem with receiving a package containing “trusted hardware” is that the place of verification for hardware is physically distant and administratively distinct from the place of use. This is similar in nature to confirming the integrity of a web object by checking its hash on the server, then downloading it and running it.

The talk starts by exploring some of the potential attack vectors in the supply chain, thus motivating the need for point-of-use verification. We then use these constraints to formulate a system architecture that tries to simplify the user verification problem, thus providing a method for evidence-based trust in a given hardware artifact, as opposed to blind faith in the supply chain.

This talk is part of the Computer Laboratory Security Seminar series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.

 

© 2006-2020 Talks.cam, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity