Complexity is the enemy of security and there’s nothing more complex than the general-purpose computer: the gnarly hairball of Turing completeness that lets attackers exploit your lightbulbs to attack your printer so it opens a reverse shell to their C&C box.

To a first approximation, a computer that can’t run bad programs is a great answer: just design a cellphone that can’t run FBI-proof encryption, or a set-top box that can’t run a Netflix streamripper. Mission accomplished!

The problem is, the Turing Complete Minus One computer doesn’t exist; instead, these ideas always end up being rootkits by another name: a device whose non-admin-accessible hypervisor spies on everything you do and tries to terminate any “bad” processes.

This is a catastrophically bad idea. What’s worse is that corporations and governments are converging on a set of incentives to implement this technologically bankrupt idea in everything with a system-on-a-chip, from your toaster to your tractor to your pacemaker to your car.


Comments are closed.

Dana Luther at 15:20 on 16 Oct 2018

Absolutely fascinating and compelling keynote. I loved it.

Summer Wilson at 23:12 on 16 Oct 2018

It seemed like an interesting topic, the bits I could catch, but the echo of the mic made it very difficult to understand the speaker. Not a slight on him, he seemed very engaged with the topic, more an issue with the room set up.

Brian Johnson at 11:21 on 17 Oct 2018

Agree w/ Summer. Great topic, difficult to hear parts.

Sean Prunka at 09:50 on 24 Oct 2018

Information wants to be free. Rock On!