[liberationtech] How to defend against attacks on chips?
Richard Brooks
rrb at acm.org
Mon Jun 17 07:09:00 PDT 2013
You can't defend against this. There is a lot of research
going into detecting hardware trojans. In general, verifying
that either hardware or software is (or is not) malicious
in undecidable. We are even lacking in tools, short of exhaustive
tests, for verifying that either hardware or software matches
their specs.
The trusted computing group (TCG) standards are meant to address
some of these issues. Unfortunately, it seems that TCG is being
hijacked to enforce walled gardens and keep FOSS out of the
market.
On 06/15/2013 06:19 PM, Anthony Papillion wrote:
> So we know the NSA is spying on the word. We know pretty much how they
> do it and we know that at least part of that spying and data collection
> is likely done by exploiting holes in software. We can fix that. We can
> move people to better software, not rely on software from companies who
> routinely turn over data, push open software, etc.
>
> But how do we handle hardware attacks? For example, what happens when a
> chip maker, say Intel, collaborates with the government to allow access
> to users systems from the chip level? How can we defend against this?
>
> Anthony
>
More information about the liberationtech
mailing list