YoVDO

Regions Are Types, Types Are Policy, and Other Ramblings

Offered By: NorthSec via YouTube

Tags

NorthSec Courses Software Security Courses Bootloaders Courses

Course Description

Overview

Explore innovative approaches to software hardening in this 40-minute conference talk from NorthSec 2020. Delve into the concept of using types beyond traditional compiler and interpreter applications to implement policies across address spaces. Learn how semantically related objects grouped in memory can be leveraged for enhanced security measures. Discover the potential of assigning types to memory regions as a basis for practical access control policies. Follow the speaker's journey in retroactively hardening a U-Boot bootloader instance, modeling its intentions, and creating a mediating access control policy. Understand how typed region-based hardening can be applied to various software types, protecting against both low-level memory vulnerabilities and high-level logic-based attacks. Gain insights into the speaker's background in studying weird machines in application linkers and loaders, and their current focus on system bootstrap loaders as a senior security researcher.

Syllabus

Introduction
Who am I
Root of Trust
Loch Ness Monster
Software is not easy
Policy granularity
Types
Interpreted languages
compiled languages
dependent types
file permissions
types and policy
policy
wish lists
understanding policy
semantics of uboot
bootloader
what to expect from bootloader
how should you behave
boot loaders
boot image
memory regions
black
tool suite
the bootloader
blockwrite operations
call graph
call stack instrumentation
writability
final thoughts
kitty


Taught by

NorthSec

Related Courses

I Am Become Loadbalancer, Owner of Your Network
NorthSec via YouTube
The Risks of RDP and How to Mitigate Them
NorthSec via YouTube
Authentication Challenges in SaaS Integration and Cloud Transformation
NorthSec via YouTube
Building CANtact Pro - An Open Source CAN Bus Tool
NorthSec via YouTube
Unmasking the Chameleons of the Criminal Underground
NorthSec via YouTube