Protecting Data In-Use from Firmware and Physical Attacks

Explore firmware and physical attacks that compromise data in-use and system integrity in this 27-minute Black Hat conference talk. Delve into the NSA ANT program's revelations about low-cost threats to computing infrastructure outside an organization's physical control. Examine specific attacks like SMM bootkits, "cold booting," and malicious devices. Learn about existing mitigation tools and technologies, including Trusted Execution Technology (TXT) and memory encryption. Discover how upcoming technologies such as Software Guard Extensions (SGX), Enhanced Privacy ID (EPID), and TPM 2.0 can enhance protection against firmware and physical threats. Gain valuable insights from speaker Steve Weis on safeguarding your data and systems from these evolving security challenges.