Differences
This shows you the differences between two versions of the page.
|
ass:cursuri:03 [2023/07/06 17:28] 127.0.0.1 external edit |
ass:cursuri:03 [2023/07/24 13:49] (current) radu.mantu |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ==== Cursul 03. ==== | + | ~~NOTOC~~ |
| + | |||
| + | ===== 03 - Trusted Execution ===== | ||
| + | |||
| + | <html> | ||
| + | <iframe src="https://docs.google.com/presentation/d/e/2PACX-1vQK15sNhmdh7UtBDOHEtdvOHDX9exq6VXGMrj--gxSWj3Krv7WUPPupIwzxyZMnLJQdOjtT2WnWgDke/embed?start=false&loop=false" frameborder="0" width="800" height="486" allowfullscreen="true" mozallowfullscreen="true" webkitallowfullscreen="true"></iframe> | ||
| + | </html> | ||
| + | |||
| + | ===== Contents ===== | ||
| + | |||
| + | {{indexmenu>:ass:cursuri:03:theory|skipfile}} | ||
| + | |||
| + | ===== Lecture Notes ===== | ||
| + | |||
| + | In the cyber security landscape, as you well know, any piece of software may contain various security vulnerabilities (usually, due to its developers' negligence), which may allow a malicious entity to obtain execution privileges on the device. | ||
| + | |||
| + | Though the hacker might gain limited permissions at first (due to the application running as an unprivileged user), a computer bug is never alone in a system and, ultimately, the attacker may be able to circumvent such restrictions by doing (and chaining) additional privilege escalation exploits. | ||
| + | The ideal end-game would be to obtain kernel-level execution rights and inject a hidden persistent malware to covertly keep the device under malicious control (e.g., for financial / political gains). | ||
| + | |||
| + | Increased complexity often encountered in modern software is regarded as the primary reason for the apparition of bugs, since having a many number of lines of code makes any verification process considerably harder. | ||
| + | Due to this, modern security practices recommend organizing the system's architecture into smaller, standalone components, thus ensuring better security properties and overall good quality of a software (also see: [[https://en.wikipedia.org/wiki/Unix_philosophy|Unix Philosophy]]). | ||
| + | |||
| + | From here, we can go even further: some parts of a system might be more security-critical than others (cyber-physical interfaces, databases storing sensitive secrets etc.); modern hardware might allow us to ensure additional protections for these such that, even when the Operating System kernel gets breached, an attacker's access remains confined by the processor and it won't be able to cause system-wide mayhem. | ||
| + | Enter **Trusted Execution Environments**! | ||
| + | |||
| + | {{namespace>:ass:cursuri:03:theory&nofooter&noeditbutton}} | ||
