Platform Security Summit 2019
Oct 1-3, 2019 · Redmond, WA

“Give me a place to stand on,
and I will move the earth.”


PSEC 2019 brings together security architects, researchers and developers from the ecosystems of hyperscalers, service operators, product vendors, academia and open-source.

While software eats hardware and the world, Conway’s Law (1967) states:

organizations which design [software] systems … are constrained to produce designs which are copies of the communication structures of these organizations.

If attackers are not so constrained, how can defenders improve the resilience of org-influenced software? Multi-domain software defense requires multi-domain analysis, integration and verification.

PSEC 2019 enables hardware/firmware engineers, VMM/OS developers, architects, integrators, verifiers and senior technical staff to collaborate on hardware-assisted platform security and composable software supply chain integrity, from edge to cloud.



There will be a single track of presentations, Tue Oct 1st - Thu Oct 3rd, 2019.

For tickets and event logistics, please click here for the Program page.



Guarding Against Physical Attacks: The Xbox One Story

Tony Chen

Every game console since the first Atari was more or less designed to prevent the piracy of games and yet every single game console has been successfully modified to enable piracy. However, this trend has come to an end. Both the Xbox One and the PS4 have now been on the market for close to 6 years, without hackers being able to crack the system to enable piracy or cheating. This is the first time in history that game consoles have lasted this long without being cracked to enable piracy.

In this talk, we will discuss how we achieved this for the Xbox One. We will first describe the Xbox security design goals and why it needs to guard against hardware attacks, followed by descriptions of the hardware and software architecture to keep the Xbox secure. This includes details about the custom SoC we built with AMD and how we addressed the fact that all data read from flash, the hard drive, and even DRAM cannot be trusted. We will also discuss the corresponding software changes we made to keep the system and the games secure.

PIPE: Hardware Acceleration for Efficient Enforcement of Software-defined Security Policies

Chris Casinghino
Charles Stark Draper Laboratory

Hardware security mechanisms have struggled to keep up with rapidly changing attacks. Hardware is time-consuming to design, and its fixed nature makes it challenging to adapt to new threats. Modern tagged architectures solve this problem by enforcing general software-defined security policies. Policies define what information is stored in the tags and what rules the architecture enforces relative to this information (e.g., data tagged as confidential should not be sent over the network).

Draper’s PIPE, Processor Interlocks for Policy Enforcement, is a general-purpose hardware security architecture that accelerates policy enforcement. The PIPE maintains metadata tags for every CPU register and memory word, and monitors policies on a per-instruction basis. In this talk, we give an overview of the PIPE architecture and illustrate the wide range of security policies it can enforce (e.g., memory safety, CFI, and confidentiality). We also present our open-source tools for developing policies and simulating PIPE, as well as ongoing research including support for the seL4 verified operating system.

CHERI: Architectural Support for Memory Protection and Compartmentalization

Brooks Davis
Stanford Research Institute

Capability Hardware Enhanced RISC Instructions (CHERI) extend conventional RISC architectures with support for capabilities – pointers whose integrity, provenance validity, and monotonicity are protected by the hardware, and extended with protection metadata such as bounds, permissions, and encapsulation. This low-level primitive is a foundation on which a broad range of software protection properties can be built and incrementally deployed: fine-grained, referential memory protection for C/C++-language programs, protections against control-flow attacks such as ROP and JOP, prevention of pointer privilege escalation, granular and efficient in-address-space isolation and software compartmentalization, and safe interoperation between managed languages and native-code extensions.

This talk will begin with a brief introduction to the CHERI architecture (ongoing joint work at SRI International and the University of Cambridge). It will then present our recent work on CheriABI, a FreeBSD-based memory-safe UNIX process environment built over pure-capability CHERI C/C++. In this environment, code is compiled so that all pointers, explicit and implied, are implemented using CHERI capabilities. We explore the implications for operating-system design, the impact on C-language compatibility, the protection offered, and the performance implications. We will conclude by reviewing ongoing efforts to apply CHERI to other architectures.

Azure Sphere: A Secure IoT Platform

Jewell Seay

IoT devices are under increasing attack, yet have very little in terms of a secure design or platform to build upon. They are increasingly being abused to become part of botnets. Even with this threat, few IoT devices are designed for enterprises to securely update and patch a device, let alone maintain security during many years of use.

Azure Sphere aims to change the landscape and improve security across IoT devices, by introducing a trusted and secure platform to build software upon, combining the security of open source with Microsoft’s 7-Properties for system security.

This talk will cover the security posture and enhancements brought by Azure Sphere to the IoT world, touching on device security from the chip to the Linux kernel, user application isolation, network communication, cloud interaction, and what it takes to keep a system secure for 13 years.

Software Architecture for Rich IoT Hardware Security with Corstone-700

Tushar Khandelwal

Arm’s Corstone-700 foundation IP offers a flexible subsystem and system IP to help build secure SoCs for rich IoT nodes, gateways, and embedded applications. A flexible compute architecture combines Cortex-A (Linux host OS) and Cortex-M (real-time OS) processors, with expansion for sensors, connectivity, video, audio, and machine learning at the edge.

Corstone-700 has benefited from collaboration between Arm and Microsoft to bring security to IoT devices, featuring critical elements like control from a secure enclave, TrustZone or firewalls that authenticate and filter accesses to different regions of the SoC system address space.

Arm Platform Security Architecture (PSA) is a best practices framework for securing a trillion connected devices, with support for threat assessment, security architecture, open-source firmware implementations, and product certification. Corstone-700 adheres to Arm PSA.

This presentation will focus on the open-source software implications for these emerging devices. Topics include:

  • Hardware security
  • Inter-processor communication frameworks
  • Platform Security Architecture - PSA
  • Software components and architecture
  • Secure boot
  • Yocto/OpenEmbedded recipes for software build & configuration
Purpose-built architectures with RISC-V and Xvisor

Alistair Francis
Western Digital

Purpose-built architectures for Big Data (cloud core) and Fast Data (IoT edge) require a new type of processor — one that is open, configurable and scales for data-centric applications. Meanwhile, the growth in data and connected devices has been matched by attacker interest. In pursuit of resilience, defenders have increased firmware and TCB transparency. Hardware resilience can be improved by FPGAs, with open toolchains and components.

RISC-V (risk-five) is an open Instruction Set Architecture (ISA) that enables collaborative design of open, purpose-built CPUs and EDA tools. The RISC-V Virtualisation extension (H-Extension) adds ISA support for hardware-assisted hypervisors. H-Extension makes minor additions to the ratified base ISA and privileged architecture specification, while maintaining security and increasing performance. We will discuss these ISA additions and their implementation in the QEMU machine emulator.

Xvisor is an open-source (GPLv2) bare-metal hypervisor and the first to be ported to RISC-V and use H-Extension. Xvisor is small and lightweight with a range of useful features. It has no dependency on Linux, allowing it to target smaller footprint hardware than other hypervisors. We will discuss Xvisor in the context of RISC-V and well-known CPU architectures, including performance and security considerations.

Perspectives in Security Measurement utilizing the DMTF Security Protocol and Data Model (SPDM)

Jeff Plank

Securing the operational state of embedded components has become an ever increasing topic among the industry. Much of the industry has secured the platforms upon which they operate but the embedded components have become the next bastion of enforcing a security model. Many of the devices have now incorporated concepts of secure boot and active attestation (measurement) of the device state. Secure communication of the measurement of the hardware and firmware states of active components in the server has become the next problem to solve.

In this talk, we will cover the latest proposed security protocols coming from the DMTF for the communication of authentication credentials and attestation states of MCTP enabled discrete device. Trusted reporting enables a central trust process to perform corrective action when necessary and to confirm the integrity of the platform. Both the current work in progress SPDM 1.0 specification will be covered as well as a preview of the work in progress materials for SPDM 1.1.

All DMTF specific materials presented will be limited to publically available content as required by the DMTF disclosure agreement.

Innovative Usage of Intel Software Guard Extensions (Intel SGX)

Vincent Scarlata
Intel Corporation

Intel Software Guard Extension (Intel SGX) technology enables developers to protect their software from a variety of threats. In this talk we will discuss several innovative use cases for Intel SGX, beyond basic key management.

Intel SGX can support containerized software packages without re-factoring applications. SGX can provide the foundation for blockchain architectures, significantly reducing power and resource consumption.

SGX can also provide a platform for high bandwidth Network Function Virtualization (NFV) of a wide variety of workloads, decreasing infrastructure costs and protecting critical computation.

Flexible Computing Architectures

Stephen Kuhn
U.S. Air Force Research Laboratory

The complexity of modern Turing Complete general purpose processors has long accelerated past our ability to secure them or their associated software stack. As the size of such systems continues to shrink, their march into smaller and more ubiquitous home and industrial devices continues.

Flexible computing architectures, or modern Field Programmable Gate Arrays (FPGAs), blend the flexibility the market demands with the power the consumer expects.

This talk explores ongoing work to leverage these devices in novel ways, to extend the base of trust in modern systems and serve as a platform to secure next generation architectures with added functionality.

Precise, Performant and Secure UWB (Ultra-Wideband) Ranging Systems

Mridula Singh
ETH Zurich

Nowadays, a variety of applications such as modern payment systems and access control depend on location and proximity information. A common strategy to verify proximity is to extract features from radio waves transmitted between two entities, such as the strength of the signal.

Even though the communication range for many such wireless systems is assumed to be limited and signal strength seems to be an adequate indicator for closeness, several studies have demonstrated that these systems are vulnerable to relay attacks.

An approach that has proven to be more accurate and secure than extracting features is to perform time-of-flight measurements. Ultra-Wideband (UWB) has emerged as a promising radio technology that supports reliable time-of-flight measurements that are needed for precise ranging.

This talk shows that not all ranging systems are secure against distance manipulation attacks, and there is a trade-off in achieving secure and performant UWB ranging systems.

To guarantee both, security and performance, a secure logical and physical layer design is crucial. The secure system design we discuss is proposed as part of the upcoming IEEE-802.15.4z UWB ranging standard.


Growing Risks in the Software Supply Chain

Mark Sherman
Software Engineering Institute/CERT, Carnegie Mellon University

Today’s software is largely assembled rather than written, and most of the assembly comes from open source components. The creation of components and their inclusion into applications creates a “supply chain” just like in conventional manufacturing. While physical supply chains have well established chains-of-custody to establish properties like refrigeration maintenance, authenticity or spoilage avoidance, the software supply chain is very much a wild, wild west, filled with vulnerabilities that can be (and are) inadvertently inserted into applications.

As supply chain risk and mitigations are being explored by government and academia, a larger attack surface is being uncovered that needs to be addressed. This presentation describes the parts of the software supply chain, how vulnerabilities have been introduced, the growing attack surface from new methods of building and distributing software, and the actions that developers can employ to avoid or mitigate the risks inherent in an assembly-based software development strategy.

Trends in Server Platform Security

Rob Wood
NCC Group

Servers are no longer deployed solely within security controlled data centres. For a variety of reasons, such as network latency, servers are often deployed within the networks of low-cost third party cloud providers and foreign ISP data centres. The physical security of these data centres is outside of the server operator’s direct control. Additionally, while supply chain attacks have always been a threat, they have recently been in the news as an increasingly visible concern. The deployment and supply chain realities need to be accompanied by an expansion of threat models which must now include local attacks against the hardware and firmware.

This is the realm below the operating system and hypervisors, where hardware and firmware provide the foundational security of the platform. We will discuss the common architectural shortcomings with current server security solutions as they fail to meet the physical security needs of today. We will also discuss in detail some common vulnerability classes that we see every day in servers covering the range of firmware, circuit, silicon and supply chain. Finally, we will touch on some recent advances, and guidance that you, your equipment vendors, and firmware providers can look to, in order to help ensure that your data remains secure.

The Road to Safety Certification: How the Xen Project is Making Progress

Lars Kurth

Safety certification is an essential requirement for software that will be used in highly regulated industries. The Xen Project, a stable and secure hypervisor that is used in many different markets, has been exploring the feasibility of building safety-certified products on Xen for the last year, looking at key aspects of its code base and development practices.

In this session, we will lay out the motivation and challenges of making safety certification achievable with open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes, and community challenges. Safety certification for commercial software based on an open-source hypervisor is an exciting and challenging goal.

The Tragedy of the Commons in Platform Security

John Loucaides

We have all seen major vulnerabilities across dozens of components that are part of every device in the IT environment. As we consider the motivations of threat actors for driving into platform-level attacks, we can see that a single vulnerability or failure at this level, breaks years of investment and progress in security.

Across all the manufacturers and models and versions in use in today’s environment, such vulnerabilities are almost certainly exposed somewhere.

In this talk, we will examine examples of such issues and various approaches to solve them. We will also discuss how we can come together as a community to make meaningful improvements.

What If? Traffic Engineering of the largest backbone networks while keeping them safe, a modeling perspective

Arash Afrakhteh

Everything in wide area networks (WAN) is more expensive and has higher impact per element. Longer and higher-capacity links cross countries, continents and oceans, where the impact of changes and failures are felt more severely.

Over-provisioning was used to great effect to protect these networks, but with ever-increasing growth of traffic, WANs are run “hotter”, increasing the need for predictive modeling in order to maintain availability. Beyond simulating a network’s configuration, dynamic elements like WAN traffic must also be modeled.

To plan for additions, WAN architects need to see their network months into the future, while WAN engineers need to predict the effects of maintenance. In web-scale companies who have near-automatic WAN management, prediction and planning is done in near real time.

While there is no shortage of impressive academic research in network modeling and optimization, creating software that works in real networks has been challenging, with even well-funded efforts failing. Why do some efforts succeed, while a great many have failed?

This talk shares a network modeling perspective gained by serving 80% of tier-1 service providers.


Advancing Windows Security

David Weston

Windows is the operating system and application platform that powers hundreds of millions of customers, enterprises, and core infrastructure globally. In order to remain resilient in a constantly evolving threat landscape, the OS security engineering team at Microsoft has built a strategy to address new and challenging attacks. This talk will walk attendees through Windows current and future security strategy and the engineering challenges with scaling across new devices, form factors, and threat models from client to the intelligent edge and cloud.

Trustworthy Cloud Platforms

Brian Payne

More than 15 years since the infamous “Trustworthy Computing memo”, the industry still lacks a widely-available general compute platform that delivers on the vision set forth at that time. A lot of progress has been made, but overall platform trustworthiness is still difficult to quantify, for even the most savvy security professionals.

Meanwhile, trends in enterprise computing created the cloud and cloud providers, operating at previously unthinkable scale. Moving sensitive data and workloads to the cloud can be a leap of faith for many customers and so cloud providers are eager to offer the type of assurance promised by trusted computing technologies.

So why aren’t today’s trusted computing technologies deployed widely across the cloud? In this talk, we’ll share our perspective and some of the challenges we face as we strive to deliver verifiably trustworthy cloud platforms for OCI and its customers.

Complexity Everywhere: is it time to step back and rethink our platforms?

Marek Marczykowski-Górecki
Invisible Things Lab

Our platforms are unbelievably complex, with more and more parts having the potential to take full control over the platform. This includes all kinds of firmware (UEFI, critical devices’ firmware), auxiliary processors (e.g. Intel ME, AMD PSP), hypervisors, kernels, etc.

Many ongoing efforts are about validating that such components are genuine. This allows detection of malware trying to persist in a component, but does not solve other potential problems — e.g. an intentionally malicious component, or runtime attacks on a bug-prone component.

Should we take a step back and try to simplify our platforms, so we have much fewer moving parts in the Trusted Computing Base (TCB)? In this talk, the author will explore which parts of an abstract platform absolutely need to be trusted and what properties they should have. Then, with those requirements as an input, he will present ideas on how we can make such a platform a reality.

A Renaissance of Trust: Architecting the Hardened Access Terminal (HAT)

Daniel Smith
Apertus Solutions

There is growing interest in platform security with the visibility of Zero Trust and Beyond Corp. While terminology and technology have evolved, the situation and underlying concepts are exactly the same as Dorothy Denning described in her 1979 paper “Secure Personal Computing in an Insecure Network”. This is but one example of the tremendous body of work starting in the late 1960s, carrying through the 1970s and 1980s, that studied the problem space.

The Hardened Access Terminal (HAT) is an open source reference architecture that embodies a revival of this tremendous body of intellectual thought, reborn through modern technology. This talk will walk through select works drawing corollaries to their modern problem space and how they contribute to the HAT architecture. The talk will conclude with a full introduction to the HAT architecture, which may be implemented with open source components, proprietary components, or a combination of the two.

Virtualizing Arm in the Cloud and at the Edge with VMware

Ye Li

Arm-based systems are becoming important in a number of new and critical market segments, such as IoT/edge compute, edge NFV, and cloud. This session will go over the market opportunities, where Arm-based technologies have an impact, and describe what VMware is doing to address these new challenges with the VMware ESXi hypervisor for 64-bit Arm platforms.

Protected Execution Facility

Guerney Hunt
IBM Research

Security remains a key concern for both traditional and cloud computing workloads. One objective is keeping applications (or containers) secure in the presence of attacks or compromised components, including the underlying systems. This talk will present how these challenges are addressed on the Power Architecture.

We will present the Protected Execution Facility ― an architecture modification for IBM Linux and OpenPower Linux servers ― along with the associated firmware, the Protected Execution Ultravisor which provides additional security to virtual machines ― called secure virtual machines (SVMs). The Protected Execution Facility concurrently supports both normal VMs and SVMs.

We will review the main components of the architectural modifications and how they are exploited by the Protected Execution Ultravisor. We will also describe the tooling required to build an SVM. Finally, we will discuss the protections provided to SVMs and the current set of restrictions.

Edge Virtualization Engine (EVE)

Roman Shaposhnik

IoT device mesh fabrics can deploy real-time, cloud-native applications at hyperscale. Edge Computing brings what’s great about Cloud Computing (developer friendly APIs and Software-Defined Everything) to the harsh physical environment and security architectures of IoT and IIoT deployments. For security (physical, network, application), Edge is closer to the mobile computing industry than its datacenter roots.

In this talk we will present a novel, secure-by-design Edge Computing platform created at ZEDEDA Inc. and later used as a founding project for the Linux Foundation’s LF Edge initiative. This special purpose, open-source operating environment aims to run securely on billions of ARM and x86 devices. EVE (Edge Virtualization Engine) aims to become to Edge Computing what Android has become to Mobile computing.

We will walk you through the unique security challenges of EVE, with inspiration from Android and iOS mobile computing requirements, such as tamper resistance and hardware root of trust, protecting applications with virtualized secure elements and built-in crypto-routed mesh networking.

The talk will conclude by explaining how EVE fits into its umbrella organization LF Edge, and how approaches developed by EVE can be embraced by other projects in the foundation.

Hypervisor-Mediated data eXchange (HMX) and Mandatory Access Control (MAC) with OpenXT and uXen

Christopher Clark
OpenXT Project

Modern computing systems are composed of integrated communicating components. The design of component interfaces has a fundamental impact on system security properties. At-scale platform adoption brings diversification of use cases and insights to inform the design of new interfaces.

Each of Microsoft Hyper-V, Linux QEMU/KVM and HP/Bromium uXen’s interfaces were improved because their designers could learn lessons from open-source Xen’s adoption, academic research and industry investment; and Xen itself evolved from many precedents. Borrowing from Xen, uXen is a mature yet novel, lightweight and open-source hypervisor, deployed on millions of clients to improve security with VM-based isolation of applications.

The OpenXT Project employs hardware-assisted security with open and extensible system architectures. uXen is a key component for enabling OpenXT to adopt the Hardened Access Terminal (HAT) architecture. This talk will give an OpenXT perspective on uXen’s architecture, design principles, and use of narrow, hypervisor-mediated data exchange (HMX) interfaces to reduce exposure to untrusted guests.

We will describe how to get started with uXen. Potential community directions for this type-2 hypervisor include ports from Windows to macOS and Linux, and integration of Argo HMX from Xen and OpenXT.

OpenXT, Xen and OpenEmbedded Multi-Domain Clients

Eric Chanudet and Chris Rogers
Assured Information Security

Beginning with the OpenXT 8 release, development has sought to align the platform with modern releases of the upstream projects it leverages. Alignment with upstream components is critical for efficient integration and meaningful contribution to all projects. The recent OpenXT 9 release achieved several milestones toward this end, including the adoption of modern Xen, Linux, and QEMU.

This presentation will begin with an overview of the OpenXT architecture and the goals of the project. Following that, we will present a brief retrospective of the recent major release, highlighting efforts the project has taken to align with upstream.

Finally, we will discuss future work that the community is pursuing in both OpenXT and upstream projects such as Linux, Xen, and TrenchBoot, to adopt and unify some of the related technologies within the ecosystem.

B O O T   I N T E G R I T Y

Who's in your firmware, and why should you care?

Roger Thompson
TCSL Research LLC

This presentation enumerates threats known to exist in some versions of the Unified Extensible Firmware Interface, and discusses other items perhaps best described as “Not Yet ‘threats per se’, But Should Be Kept In Mind”.

The author describes himself as a first-generation anti-virus guy, who is quite sure that the next malware battleground is below the OS… in the firmware. He formed his current business, TCSL Research LLC, in 2016, to study issues with the firmware.

The Evolution of Advanced Threats: REsearchers Arms Race

Alex Matrosov

The evolution in defensive software is really connected to the evolution of the modern threat landscape. Each new iteration of evolution is focused on covering specific gaps in detection methods or data collection algorithms. The main direction of advanced threats like rootkits or bootkits has been to gain persistence methods to be closer to firmware and hardware levels. While modern operating systems are building mitigations to increase the cost of exploitation and malware persistence, advanced threat actors are already looking ahead for the next-lowest level of persistence.

This talk will look through the evolutionary prism of advanced threats, at the evolution—or lack of evolution—of tools for forensics and reverse engineering. During the talk, we will delve into modern platform security gaps, seeking solutions to improve auditing visibility and prevent advanced threat actors from gaining a foothold in platform levels where security sensors do not exist.

LinuxBoot progress: boot anything from Linux

Chris Koch

Secure systems are founded on open, auditable, and well-tested firmware. LinuxBoot replaces traditionally closed source firmware (e.g. UEFI) with an open, auditable, and measurable Linux kernel and initramfs. We’ll present an overview of LinuxBoot, its part in the boot integrity story, and talk about newly gained abilities to boot VMware, Xen, and Windows from Linux, and future plans. We’ll also discuss how this work is being deployed in commercial data centers, and in embedded environments such as coreboot, u-boot, and SlimBoot.

System Transparency

Kai Michaelis
9elements Cyber Security

The ever increasing usage of cloud-based software forces us to face old questions about the trustworthiness of our software. While FLOSS allows us to trust software running on our platforms, System Transparency establishes the same level of trust in SaaS and IaaS scenarios.

System Transparency accomplishes this by combining FLOSS firmware, 3rd party transparency logs and novel use of Trusted Computing technologies. This talk introduces System Transparency and details the platform security features we implemented as part of our reference system:

  • Coreboot support for SuperMicro X11SSH-TF, a modern x86 server mainboard.
  • An improved measured boot implementation in coreboot that provides more detailed measurements for vendor blobs like Intel ME.
  • Intel TXT support in coreboot. The initial boot block of coreboot is now measured into the TPM before it is executed by the CPU. Additionally, operating systems booted after coreboot can now be started in a Measured Launch Environment.

The talk will also describe our reference implementations’ custom bootloader based on LinuxBoot. It verifies that boot artifacts are signed by the platform owner and are in the transparency log before continuing. This makes sure that 3rd parties can audit past and present artifacts booted on the platform.

Improving the platform firmware update ecosystem

Brian Richardson
Intel Corporation

As the rich capabilities of platforms increase, so does their complexity. As hypervisors and operating systems harden their attack surfaces, malware has been moving deeper into the platform. For example, a modern laptop may have over 15 updatable firmware elements, each with low-level access to a specific hardware domain. In order to provide security guarantees for platform firmware, the servicing model of the platform takes center stage.

This session discusses the evolution of platform servicing using examples based on device firmware, non-host/system on a chip (SOC) firmware, and implementation of the Unified Extensible Firmware Interface (UEFI). A modern servicing model features elements for component-based update, resiliency in case unexpected conditions, a more seamless user experience, lowering the friction of update integration, and telemetry for a view into platform health and firmware inventory. Important aspects of this work include a code-first approach using elements from the TianoCore open source community. Host Firmware is an integral ingredient of platforms at Intel. From the early days of proprietary BIOS in the 1980’s and 1990’s, to the world of standards in the 2000’s, to the post-PC world of the last few years, the nature of firmware has changed.

This talk will discuss current trends in standards such as UEFI and associated EDKII firmware, other communities like coreboot, and common denominators like the Intel® Firmware Support Package. For the enterprise, open-source server host firmware and the Open Compute Project (OCP) Open System Firmware (OSF) efforts will also be described, including the recent publication of Min Platform. The talk will also touch on emerging solutions, challenges and market opportunities for more seamless enablement of Intel Architecture.

Less-Insecure Network Edge Virtualization with Low Size, Weight and Power

Piotr Król
3mdeb Embedded Systems Consulting

Modern practices for building less-insecure systems leverage virtualization, for isolation properties and flexible support of narrow component interfaces. The Trusted Platform Module (TPM), an IC for critical cryptographic functions, is now more usable by OSS software. TPMs provide a Root of Trust for Dynamic (DRTM) and Static (SRTM) measurements for platform integrity.

These are supported by the apu2, a reliable, Low-SWaP x86 device from Swiss OEM PC Engines. Usable as SOHO firewall or industrial edge device, it has nearly-open hardware, coreboot firmware, mPCIe extensibility and an extended support lifecyle for the embedded CPU and motherboard.

Both SRTM and DRTM (AMD SKINIT) are supported on PC Engines apu platforms. The TrenchBoot framework uses these to verify launch integrity, before booting the Xen Type-1 hypervisor, built with the meta-virtualization and meta-measured layers of OpenEmbedded/Yocto.

We will show SRTM via coreboot, DRTM via AMD SKINIT in TrenchBoot, a complete Chain of Trust for the Xen hypervisor, and a virtual firewall appliance isolated by IOMMU from the physical NIC devices. We will present benchmark data for virtualization overhead, explain how this complexity can still be practical, and the value provided by this stack.

Accessible Security: deploying Qubes reasonably secured OS on slightly more secured hardware. An OEM approach to transferring device and secrets ownership

Thierry Laurion
Insurgo Open Technologies

As security professionals, we know nothing is fully secure. Qubes OS modestly refers to itself as a “reasonably secured OS”. If security is so hard for professionals, how can the rest of the world benefit from our cutting edge developments, when they can’t read code or flash ROMs?

Our end goal is to provide individuals with access to the state of the art in security research, without requiring them to read source code for hours or to become security researchers. In pursuit of this goal, we have contributed to upstream open-source projects, winning an NLnet grant to improve accessibility and integration.

In this talk we will present our approach to preinstalling Qubes’ “reasonably secured OS” on what we call “slightly more secured hardware”, benefiting from Heads, me_cleaner and coreboot, among other open-source security projects.

Topics we will cover are:

  • Importance of binary-free firmware in establishing a static root of trust with a TPM and smartcard: Transit tamper evidence, provable security and device re-ownership.
  • User-controlled hardware, responsibility, empowerment and support.
  • Compartmentalization, hardware requirements and binary blobs status quo.
  • The FSF RYF gap: Neutered ME (BUP), Deactivated ME (HAP), Deleted ME (GM45) vocabulary importance.
  • Future platforms, challenges and limitations.
Security Supply Chain Integrity with OpenEmbedded

Joshua Watt

OpenEmbedded (OE) provides a flexible cross-compilation framework, supporting a diverse development ecosystem for industrial and other embedded devices. Linux Foundation’s Yocto Project (YP) co-develops OE’s bitbake build tool, a reference Linux distribution and regular releases of packaged and tested Open Source software.

OE decentralizes common component development through a uniquely composable “layer” architecture, recipe metadata language and advanced bitbake tool. Reproducible build support simplifies replication of environments across developers and sites, increasing confidence in the built integrity of critical software components. OE layers support collaboration without compromising customization.

For scientific communities which need hardware-software integration, the layered architecture of OE can ease replication of research and publishing of results, supporting open access to scientific research. For developers of high-assurance systems, OE provides curated layers of OSS software, ready to be tailored for the security properties of each system.

This talk reviews ongoing advances in OE’s multiconfig architecture:

  • Defining dependencies between OE configuration sets — simplifying complex builds
  • Sharing build state between OE configuration sets
    — reducing build time
  • Enforcing OE recipe structure — improving binary reproduction

These improvements benefit complex builds, including hardware-software integration research, Software-Defined Hardware CI/CD, virtualization platforms and composite or multi-image containers.

Improving Linux Measured Boot Support

Lakshmi Ramasubramanian and Prakhar Srivastava

Linux has a rich set of security modules that support scenarios like secure boot and measured module load (IMA). However, there were gaps in this model that prevented certain scenarios from being implemented securely. In this talk, we describe our improvements to upstream kexec for reliable IMA log measurements:

  • Command line passed during kexec
  • Trusted key measurement for kernel integrity
  • IMA measurements carried across the kexec boundary

The talk will conclude with a look at potential measurement enhancements with stronger security guarantees.

High Performance Trusted Execution Environments

Jonathan Kline
Star Lab

This talk explores the construction of a Trusted Execution Environment (TEE) which doesn’t rely on Arm’s TrustZone or specific processing modes, in order to achieve a high-performance operating environment with multiple layers of hardware-enforced confidentiality and integrity.

The composed TEE uses hardware intellectual property (IP) blocks, existing hardware-level protections, a hypervisor, Linux security module (LSM), and Linux kernel capabilities— including a file system — to provide performance and multiple layers of confidentiality and integrity. Additionally, the TEE composition provides both open source and commercial solutions for achieving the same result.

M E D I A   P A R T N E R S

The Trusted Computing Group (TCG) is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global industry specifications and standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms. TCG’s core technologies include specifications and standards for the Trusted Platform Module (TPM), Trusted Network Communications (TNC) and network security and self-encrypting drives. TCG also has work groups to extend core concepts of trust into cloud security, virtualization and other platforms and computing services, from the enterprise to the Internet of Things.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

Xen Project is a trademark of the Linux Foundation.