[ overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / music / 777 / posad / i / a / R9K / dead ] [ meta ]

/tech/ - Technology

"Technology reveals the active relation of man to nature"
Name
Email
Subject
Comment
Captcha
Tor Only
Flag
File
Embed
Password (For file deletion.)
Matrix   IRC Chat   Mumble   Telegram   Discord
ReturnCatalogBottom

 No.13028

Here is a thought experiment about a hard problem in auditing computer security
https://farside.link/invidious/watch?v=sOeuYuvOcl0

if you didn't watch it here's the tldr:
In principle it's possible to compromise enough of the existing software and hardware stack so that a intelligent enough malicious security flaw could hide it self from you no matter how hardcore you go with your security audit. The conclusion being drawn is that the only solution to making sure you have a clean system, is to start from scratch with basic logic circuitry and then slowly build up a trusted software and hardware stack.

It's a clever argument, but there is a much easier way to get around all of this.

You can get to a trusted stack simply by scrambling the logic of a cpu. The only one that will be able to run logic operations on that cpu will be the person that can use the de-scrambler-key on the logic instructions given to that cpu. Malicious inserts into the hardware will return gibberish if they try to listen, and make the cpu produce logic errors if they try to inject code. It doesn't need to be a performant cpu either, something equivalent to 1985 era processors is good enough, as it's only necessary to bootstrap a trusted environment. A moderately sized organization can probably muster the necessary funds and technical sophistication to get a small batch of scrambled cpus produced.
>>

 No.13274

I'm not sure what you mean concretely by "scrambling the logic of a CPU". Do you mean to say that a key would be needed to load data into registers? Do you mean to say that a key is needed to know the instruction set? Are you referring to fully homomorphic encryption?

The other problem is that suppose this organization of yours can make "scrambled CPUs". How can the rest of us trust that organization? What's to stop some interested party from compromising it?
>>

 No.13279

>>13274
There is a philosophical question whether microchips can be something that has verifiable operations or whether it's doomed to be a black box. And here the answer is, yes it's possible to build a clean stack that is verifiable all the way down.

If you want to go as hardcore as the philosophical thought experiment you need to have an organization that starts from scratch with a clean-slate processor, that can be a super basic design and therefore it's plausible to do this in reality. Whether a nearly omnipotent opponent exists that requires this level of commitment, is another matter. The motivation for doing this would be more an exercise in scientific rigor and precision.

On the realistic side of things you would scramble a cpu design if you have to produce it in a fab that you don't want to trust. That is from the perspective of a cpu designer.

From the perspective of an end-user: the scramble interface could be exposed to end-users too, they could generate their own de-scrambler.

Unique IPs: 3
[Return][Catalog][Top][Home][Post a Reply]
Delete Post [ ]
[ overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / music / 777 / posad / i / a / R9K / dead ] [ meta ]
ReturnCatalogTopBottomHome