Explore the concept of physical partitioning for enhanced security in this 48-minute conference talk from linux.conf.au. Learn about the Betrusted project, which aims to create a separate device for secure applications using security-first principles. Discover how this approach minimizes attack surfaces, eliminates microarchitectural side channels, and allows users to focus on secure transactions. Gain insights into the project's scope, from secure silicon to application layer code, and find out how to contribute to this open-source initiative. Delve into topics such as secure enclaves, hardware verification, the Xous operating system, and the challenges of creating trustworthy hardware and software.
Overview
Syllabus
Intro
Motivation: Hardware You Can Trust With Your Life
Complex Things are Hard to Analyze
Software Isolation is Dead Speed or safety: pick one
Motivated Adversaries
Untrustable Supply Chains
There is no HMAC for Hardware
State of the Art: Secure Enclaves
The 1/0 Problem
Bottom Line: Want Trust? There are Tradeoffs
Betrusted: Verification Requires Simplicity. Simplicity Requires Focus. • The solution depends on
The Betrusted Design Context
Simple and Verifiable by Design
Design Envelope Summary
Xous: A Betrusted OS
Betrusted Goals
Microkernels
Too Many Cooks
Felix' Rule of Thumb
Principles of Software
Rust OS Landscape
Rust-based OS: Redox
Rust-based OS: Tifflin
Xous: Memory Model
Xous: Interrupts
Xous: Missing Features
Betrusted: Software
Rust Development progression
i18n: output
Emojis!
i18n: input
Layer #2: The device
How can I get involved?
Taught by
linux.conf.au
