[Cryptech Tech] Roadmap & remarks about the opportunity of developing a secure TOR router on the Novena platform.

★ STMAN ★ stman at riseup.net
Wed Aug 6 12:16:22 UTC 2014

Previous message: [Cryptech Tech] Roadmap & remarks about the opportunity of developing a secure TOR router on the Novena platform.
Next message: [Cryptech Tech] Roadmap & remarks about the opportunity of developing a secure TOR router on the Novena platform.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear Joachim,

I am not building a new CPU from scratch, it is useless, I am using OpenRISC as a base code, and customizing it.
I would to come closer from Forth (And also Bernd) as long as we are working on very similar things.

Building a TOR processor, a non-micro-coded processor, a pure hard coded logic controller, is from far the best approach to reduce the attack surface to the minimum level.

This is very encouraging.


Le 6 août 2014 à 13:52, Joachim Strömbergson <joachim at secworks.se> a écrit :

> Signé partie PGP
> Aloha!
> 
> ★ STMAN ★ wrote:
> > Thank you very much for your contribution Bernd, I fully agree with
> > all what you said. C language is a problem, but it is also a
> > standard. Correcting efficiently C language « weaknesses » like
> > intensive stack usage cannot be achieved securely through software
> > technics : StackShield and StackGuard technics have partly failed,
> > and they don’t block ROP exploitation.
> >
> > Let’s say that for the first version of the secure processor, the
> > main goals were to « cancel » by design, from the hardware :
> >
> > - Stack Overflow security breach. - Buffer Overflow security breach.
> >  - ROP exploitation technics.
> >
> > It has been more than one year study to find the tricks to do it
> > definitly.
> >
> > The planned next step, in the future, are to block the « Interger
> > Overflow » familly security breach, and reaching the goals you are
> > talking about.
> 
> Are you doing this by defining a CPU from scratch with your own ISA, or
> are you basing the work on an existing core?
> 
> If I were to do this I would select a CPU core that have GCC etc ported
> to it (OpenRISC, LEON etc) and then implement them one by one, modifying
> the HW design, adding functionality to the core and updating the SW
> system one by one. This way you can test and integrate the new
> functionality in the application SW one by one.
> 
> --
> Med vänlig hälsning, Yours
> 
> Joachim Strömbergson - Alltid i harmonisk svängning.
> ========================================================================
> Joachim Strömbergson          Secworks AB          joachim at secworks.se
> ========================================================================
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cryptech.is/archives/tech/attachments/20140806/eaccfd15/attachment.html>

Previous message: [Cryptech Tech] Roadmap & remarks about the opportunity of developing a secure TOR router on the Novena platform.
Next message: [Cryptech Tech] Roadmap & remarks about the opportunity of developing a secure TOR router on the Novena platform.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list