[Cryptech Tech] Roadmap & remarks about the opportunity of developing a secure TOR router on the Novena platform.
Joachim Strömbergson
joachim at secworks.se
Wed Aug 6 11:52:11 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Aloha!
★ STMAN ★ wrote:
> Thank you very much for your contribution Bernd, I fully agree with
> all what you said. C language is a problem, but it is also a
> standard. Correcting efficiently C language « weaknesses » like
> intensive stack usage cannot be achieved securely through software
> technics : StackShield and StackGuard technics have partly failed,
> and they don’t block ROP exploitation.
>
> Let’s say that for the first version of the secure processor, the
> main goals were to « cancel » by design, from the hardware :
>
> - Stack Overflow security breach. - Buffer Overflow security breach.
> - ROP exploitation technics.
>
> It has been more than one year study to find the tricks to do it
> definitly.
>
> The planned next step, in the future, are to block the « Interger
> Overflow » familly security breach, and reaching the goals you are
> talking about.
Are you doing this by defining a CPU from scratch with your own ISA, or
are you basing the work on an existing core?
If I were to do this I would select a CPU core that have GCC etc ported
to it (OpenRISC, LEON etc) and then implement them one by one, modifying
the HW design, adding functionality to the core and updating the SW
system one by one. This way you can test and integrate the new
functionality in the application SW one by one.
- --
Med vänlig hälsning, Yours
Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
Joachim Strömbergson Secworks AB joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJT4hbqAAoJEF3cfFQkIuyNHMcQAITB0rPRJw/l4Qs+xQkvrJV/
0fK2kqrMg57xtOsxliw5SYoZDbAikP1xkKYZWjkBpqC810rec9WuGQ8lYxF6cjv1
rD1Hxb1EFP3TnKK0Dd3e9hwpx0O0NDKEKbxtjYNX12na+7LDuTXqSpHyIb/P29D+
X4c0g1D/5oHBtyBhDCt38lb2pePb7Cko5fU1mRzM1ZMOe/wRW/mTIqV/zq78HhWU
r5iCMffYquceiPTFqab/m+Qr76TGjvbMlsyBOk74MHKzRHIdQrptE1BsiM56fEyQ
PxaderK2I7l7HYhLir7JTb5jJhh9FklMu4c4vV4Hf9/TOTpbzOtrrxKDfaJQn/gp
7XvIHvQ4Ok6OV/HlC7hHQq9TigRdcQeKJahpqL1du5Opb7xIC88T3Pz8BCMEH8uP
3byJiYAZSLK1V7+5gPfoMA8BdrVGT2IEPvJyXhB8YUWtDT5CWwf2aAqOkh4rgXGS
sy8SpYTihhGtUBBBbcKmIOYB79f6M7TejsWrp7Rvkj43hoO8P1WE9Zt7gPH4Inb8
C2wThMsa1EWf2UDrvnpd5TCuda/74YV313pL54KFSB6dJWiqR4kCBLpE2v38D8r+
I0LjhX/t6tno4DECuZUfssD3WWaPaJk16rUoiUAuKLzYSLtsGq6ZsKfVXIaS34g2
3hyoLZ3qulHDb+WqxvZE
=ALzo
-----END PGP SIGNATURE-----
More information about the Tech
mailing list