I’ve been thinking that we need to design some dramatically simpler computers. What happens if, instead of adding more warts to our existing architectures, we “waste” performance by avoiding essentially all of the complexity of caches, out-of-order execution, weird memory mapping. We instead build easily understood, trivial to implement old-school computers, of the kind built in the ‘60s and ‘70s. We optimize for clarity of implementation and simplicity of the execution model. Now, we have a design which could be carefully verified, in the same way that open source code can be verified. We can implement this in FPGAs, perhaps with probabilistic placement of gates to avoid some of the need for verifying the FPGA. We could implement in a 2 micron CMOS process from 1982 which can be analyzed with a light microscope, making it hard to hide things. It could be hardened with implementations that avoid power supply noise. Of course, this computer would really only be suitable for crypto-important code, and for booting a “real” computer, but it would provide a basis of trust unlike anything we have access to today.
On Apr 13, 2015, at 7:49 PM, Henry Baker <hbaker1@pipeline.com> wrote:
This scheme is not a lot different from a lot of other signing schemes.
The attacks are similar.
For example, you program an interpreter (e.g., Java) which satisfies all of your security features, except that Java _doesn't_ check the code that it interprets. Game over.
MITM. Who signs the code, and why should you trust them?
(Untrusted turtles all the way down; more succinctly, turds all the way down, making for a big POS.)
Then there are the "weird machines".
https://en.wikipedia.org/wiki/Weird_machine
It turns out that the paging apparatus of modern Intel processors is so complicated that it is Turing complete. You can execute an arbitrary Turing Machine _without ever (fully) executing a complete instruction_ !!
http://www.cs.dartmouth.edu/~sws/pubs/bbss13.pdf
"We show that powerful computation on x86 processors is possible without executing any CPU instructions. We demonstrate a Turing-complete execution environment driven solely by the IA32 architectures interrupt han- dling and memory translation tables, in which the pro- cessor is trapped in a series of page faults and double faults, without ever successfully dispatching any instruc- tions. The hard-wired logic of handling these faults is used to perform arithmetic and logic primitives, as well as memory reads and writes. This mechanism can also perform branches and loops if the memory is set up and mapped just right. We discuss the lessons of this execu- tion model for future trustworthy architectures."
Return-oriented programming; fashion a machine language out of existing code subsequence "gadgets":
https://en.wikipedia.org/wiki/Return-oriented_programming
Jacob Torrey's HARES scheme for spoofing the page for reading while executing from another page entirely. The page that is seen by any program scanning memory is completely innocuous, while the pages actually being executed are malware.
https://www.wired.com/2015/02/crypto-trick-makes-software-nearly-impossible-...
https://www.syscan.org/index.php/download/get/8a49fa76c16592ef790bffad08d1a3...
http://blog.jacobtorrey.com/hares-faq
At 04:06 PM 4/13/2015, Warren D Smith wrote:
Here's an idea. Let's say some program is a stream of bytes. Every 64th byte is not an "instruction," it is a "security code." Specifically, the codes are such that the whole ball of wax -- program+security -- gets public-key-encoded to something nice, like it has a bunch of 0s. Your computer has built in hardware for public key crypto. It terminates execution if program fails to satisfy security demands.
Point is, it is not possible for anybody to produce malware with valid security codebytes, unless they already know your computer's secret key. E.g they either had your cooperation, or they already had access to your computer's code.
-- Warren D. Smith http://RangeVoting.org <-- add your endorsement (by clicking "endorse" as 1st step)
_______________________________________________ math-fun mailing list math-fun@mailman.xmission.com https://mailman.xmission.com/cgi-bin/mailman/listinfo/math-fun