That’s where I posted all my early design sketches and essays. There were a bunch of people in software and hardware like Clive Robinson that gave great peer review and debates. We had a meme, “you heard it first on Schneier’s blog,” where news reports, CompSci papers, or new products would echo what we already discussed.
Replacing subverted and/or low-quality Intel chips was something we discussed repeatedly way before Meltdown/Spectre with people like Clive using MCU’s for guards. I kept telling people about VAMP and Leon3 CPU’s which should block many attacks. I ended up just posting an exhaustive list here. RobertT in that discussion is mixed-signal, hardware specialist that spends much of his time obfuscating or reverse engineering ASIC’s. My analog, attack predictions were just rehashes of kind of stuff he was seeing or doing on a daily basis. That man almost single-handedly made me stop believing computers could be trusted. Clive and I recommend pencil, paper, and old school methods for high-security these days with high-assurance security as just risk reduction.
The root problems were discovered around 1992. Security community just ignored it all like everything high-assurance, security community did. I had a rant on that here whose main article is a comment with the links to that work. We knew about cache- and microarchitecture-based leaks in 1992. I’ve been recommending mitigation for a long time. Well, mitigation attempts haha. Mainstream security often ignores stuff done out of their own circles or standards. Politics. There’s plenty of work out there waiting to be used or improved on, though. I post a lot of it here since there’s smart programmers here with unusual quality & security focus.
I see there you’ve made a note that this was posted to Schneier’s blog, can you share that post link as well? Thank you.
That’s where I posted all my early design sketches and essays. There were a bunch of people in software and hardware like Clive Robinson that gave great peer review and debates. We had a meme, “you heard it first on Schneier’s blog,” where news reports, CompSci papers, or new products would echo what we already discussed.
Replacing subverted and/or low-quality Intel chips was something we discussed repeatedly way before Meltdown/Spectre with people like Clive using MCU’s for guards. I kept telling people about VAMP and Leon3 CPU’s which should block many attacks. I ended up just posting an exhaustive list here. RobertT in that discussion is mixed-signal, hardware specialist that spends much of his time obfuscating or reverse engineering ASIC’s. My analog, attack predictions were just rehashes of kind of stuff he was seeing or doing on a daily basis. That man almost single-handedly made me stop believing computers could be trusted. Clive and I recommend pencil, paper, and old school methods for high-security these days with high-assurance security as just risk reduction.
Thank you. I wasn’t aware that this had taken place some time ago.
The root problems were discovered around 1992. Security community just ignored it all like everything high-assurance, security community did. I had a rant on that here whose main article is a comment with the links to that work. We knew about cache- and microarchitecture-based leaks in 1992. I’ve been recommending mitigation for a long time. Well, mitigation attempts haha. Mainstream security often ignores stuff done out of their own circles or standards. Politics. There’s plenty of work out there waiting to be used or improved on, though. I post a lot of it here since there’s smart programmers here with unusual quality & security focus.