My MiniLock Concerns
Or on the cyber-playing field
Disclaimer: Some of my concerns and proposed changes may be addressed and included into the miniLock code before the official release, greatly improving security. I will post a new entry once the merge has happened to describe the changes and how they make miniLock much more secure. Until then, please take the below with a large grain of salt . . .
Speaking Engagement: BSidesLV 2014
I will be speaking at BSidesLV this August; my talk is titled: "Cluck Cluck: On Intel's Broken Promises". This talk will cover a CPU/x86 architecture bug on most recent systems (2004-present) that provides an OS independent method to break out of virtual memory. The lesson I hope to impart of my audience is that in adding a new . . .
Towards a new model of computational expressiveness
Since joining the cult of LangSec, I've spent a great deal of time pondering what makes a programming language or environment "useful" and believe that the current model centered around Turing-completeness is no longer sufficient to describe the nuances between varied environments. The root of this stems from the huge divergence . . .
Speaking Engagement: BlackHat USA 2014
I will be speaking at this year's BlackHat conference in Las Vegas August 6-7 about some of my DARPA Cyber Fast Track work "MoRE: Measurement of Running Executables". Below is a short synopsis of the briefing:
This talk will cover the concept of translation lookaside buffer (TLB) splitting for code hiding and how the . . .
Short: From Kernel to VMM
I recently gave a lecture in Sergey Bratus' class at Dartmouth on the topic of Intel's VT-x virtualization extensions. The film of this lecture has just been posted to YouTube and is embedded below:
My goal was to explain to the operating systems seminar class on how to "pivot" their existing knowledge of . . .
LANGSEC: Taming the Weird Machines
I want to get some of my opinions on the current state of computer security out there, but first I want to highlight some of the most exciting, and in my views, promising recent developments in security: language-theoretic security (LangSec). Feel free to skip the next few paragraphs of background if you are familiar . . .
Welcome to Security Counterpoint
Hello and welcome! This is the home of Jacob's musings on security, a place I can edify, extrapolate and explore current happenings in information security. I am a senior security research engineer (though all opinions are my own) where I lead a team focusing on low-level (e.g. BIOS/SMM/VMM) security at the architectural level; I also . . .