research!rsc: Running the “Reflections on Trusting Trust” Compiler

With analysis of the surprisingly short source code.

to backdoor bell-labs compiler history retrocomputing security unix ... on 26 October 2023

Formal validation of the Arm v8-M specification – Alastair Reid – Researcher at ARM Ltd

Alastair gave a presentation about this at a workshop I attended; very interesting stuff (and his blog generally is well worth reading).

to arm ers formal-methods security validation ... on 05 May 2018

MCS 494, UNIX Security Holes, Fall 2004

Dan Bernstein's Unix security module. This is a bit dated now, but the material is interesting, and the assessment materials have some nice ideas.

to security teaching unix ... on 10 November 2017

Willy Tarreau's stuff: Look back to an end-of-life LTS kernel : 3.10

"The end of the 3.10 branch is a good opportunity to have a look back at how that worked, and to remind some important rules regarding how to choose a kernel for your products, or the risks associated with buying products running unmaintained kernels."

to kernel linux lts security software-engineering support ... on 05 November 2017

Twice the bits, twice the trouble: vulnerabilities induced by migrating to 64-bit platforms | the morning paper

"In this study, Wressnegger et al. reveal how a codebase originally written for 32-bit, and which is perfectly secure on 32-bit platforms, can have new vulnerabilities simply by compiling it for 64-bit systems." No surprises for anyone who follows oss-security etc., but the paper's a good overview.

to architecture porting security vulnerabilities ... on 06 April 2017

Tags related to security

- security
 
1 academia
1 access-control
1 acme
1 ag0700
1 ag0803
2 ag0907
6 amusements
2 api
1 architecture
1 arduino
3 arm
1 authentication
1 autoconf
1 avr
1 backdoor
1 bell-labs
1 bitcoin
1 blockchain
1 bounds-checking
1 bounty
1 browser
2 buffer
2 buffer-overflow
2 bug
2 bugs
1 build-systems
2 c
2 c++
4 ca
1 camera
1 capability
1 capsicum
4 ccc
4 certificate
1 certificates
1 cesrg
1 checking
1 chromium
1 chroot
1 clang
1 cloud
1 code
3 compiler
1 conference
2 container
1 coop
1 coverage
1 coverage-directed
1 coverity
2 cpu
1 crime
10 crypto
12 cryptography
1 cs
1 cypherpunks
1 debian
1 debugging
1 dect
1 design
1 dh
2 djb
1 ebooks
1 ecc
1 economics
1 el0805
1 elective
3 electronics
3 encryption
2 ers
1 ethereum
1 ethical-hacking
1 ethics
3 exploit
1 firefox
1 folk-song
4 formal-methods
1 freedom
3 fuzzing
2 gameboy
5 games
1 gcc
1 git
1 goto
2 gpg
1 gsm
2 hardening
5 history
1 homebrew
1 homeplugav
1 http
1 https
1 intel
1 ip
1 ipsec
1 javascript
1 journalism
1 jquery
1 kerberos
3 kernel
1 keyboard
1 keylogger
1 langsec
2 language-design
1 letsencrypt
1 library
1 licensing
12 linux
1 livecd
1 lts
1 luks
1 lvm
1 mac
1 memory-safety
1 metaphors
2 mgo
1 microcode
4 microcontroller
1 mmc
1 mod-ers
1 monitoring
3 nacl
5 network
6 networking
1 noise
1 notary
1 ocaml
1 openssh
2 openssl
1 org
2 os
2 overflow
2 p2p
1 packet
1 pam
2 papers
1 parser
1 password
1 patterns
1 pgp
2 philosophy
2 phone
1 phreaking
1 pki
1 playstation
1 podcasts
2 politics
1 porting
1 prime
2 privacy
1 privilege-separation
4 programming
1 proof
1 ps2
2 python
1 radio
1 ramensky
1 random
1 research
3 retrocomputing
1 retrotech
6 reverse-engineering
1 risc
1 rop
1 safe
2 safety
4 sandbox
1 scanner
1 scm
1 scotland
1 sd
1 search
2 seccomp
108 security
1 shuffle
1 sni
1 snowden
14 software
6 software-engineering
3 ssh
12 ssl
4 static-analysis
1 stoll
1 strategy
1 support
1 syscall
1 systems
1 tandy
1 tcp
1 tea
6 teaching
1 telecom
5 testing
14 tls
2 tor
1 tunnel
4 unix
1 usability
1 usable-security
2 usb
1 validation
1 varan
3 verification
1 video
1 vlc
1 vpn
1 vulnerabilities
1 vulnerability
3 web
1 webcam
1 whistleblowing
2 wireless
1 wpa
1 writing
1 x86
1 xbox