This topic contains 2 replies, has 1 voice, and was last updated by 
Josh Stern November 19, 2022 at 1:33 pm.
-
Posts
-
Josh Stern
ModeratorQ: What about modeling hardware backdoors?
A: Hardware backdoors can be modeled in the same framework where the range of their effects is understood. Credentials that are vulnerable to screen snooping are less secure than credentials that only exist on a secure dongle/usb. Credentials that could be discovered by a rogue agent with access to other credentials from screen snooping are also less secure for the same reason. Different types of case tools can potentially audit hardware systems too, but we are not there yet. My view is that the more complicated the security situation, the more helpful it is to use CASE tools. It’s analogous to adding type checking and lint on a large code base.
-
Josh Stern
ModeratorRelated point: for running binary executables that has passed security audits, one would ideally like to insure that the given binary present on the file system has not been tampered with after an audit. It seems like the most efficent approach would be a special file system with the added feature that cryptographic hash (like checksums) are associated with every current file and are actually current. This would be for use with a given partition, typically SSD that is set to read only most of the time. The current hash is pre-computed, so only that needs to be checked against a record to insure currency of the file binary that was previously audited. Perhaps it seems like a silly solution because the underlying problem was some other hack that we pay a small penalty to harden against instead of eradicating? But hacks can also occur on unattended machines & this would make that easier to detect.
You must be logged in to reply to this topic.