[Cryptography] Buffer Overflows & Spectre
Jeremy Stanley
fungi at yuggoth.org
Fri Nov 23 16:16:16 EST 2018
On 2018-11-22 07:27:32 -0500 (-0500), Jerry Leichter wrote:
[...]
> Given the realities of today's hardware, one could imagine a
> "Cloud" in which you don't rent a VM: You rent an actual piece of
> hardware (so-called "bare metal"), which runs your code and your
> code only. (There are "public Kubernetes container services" that
> are approaching something along these lines.) When you're ready
> to relinquish that hardware, you do a hardware reset back to a
> fixed state.
[...]
This has been available for years. I work on one such project in use
by a number of public "cloud" service providers. The current
challenge, to this day, is getting or designing your own server
hardware which can't be persistently backdoored by hostile users.
Most commodity servers rely on malleable code in firmware to
implement their firmware reflashing functionality. All it takes is a
crafty backdoored firmware payload uploaded by the customer (or more
likely someone who compromised them) which emulates the normal
features necessary to reflash various system firmwares while still
preserving itself in the process. For this particular business model
to operate securely, you need systems with no ability to directly
alter their own firmware but then some (preferably automated)
external solution for reflashing them with new firmware payloads
when it's time to upgrade.
--
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20181123/c5ee619b/attachment.sig>
More information about the cryptography
mailing list