For those of you in the Denver Metro area, SnowFROC ’20 is the premier applications security conference. The one day conference is held annually at The Cable Center in Denver, CO. This year the conference is on Thursday, March 5, 2020.

See here for more information on the conference, schedule and location.

Keynoting the conference this year is Chris Roberts.

My talk this year is If You Can’t Open It, You Don’t Own It.

For the past 30 years, we have dealt with penetrations into secure systems almost exclusively from the software layer: applications and operating systems. With the advent of side channel exploits like Spectre, Meltdown and Foreshadow, hardware designs are now battlefields.

In this talk, we’ll look at four real-world hardware attacks that changed the way we think about secure systems and see how hardware exploit strategies drive software exploit strategies.

We’ll explore four lines of attack:

• Roots of Trust,
• Side channels exploits,
• How physical access creates opportunities, and
• How our supply chains often create our greatest vulnerabilities.

This talk is about how our language and design choices affect our system’s ability to withstand attack. It’s also about how the evolution of the language is addressing the insecure world it operates in and the places where it still falls short.

See you there!