Iot london-2017-security-enhanced-compilers

•

1 gefällt mir•190 views

The compiler is the one tool that sees all the code you write. It is perfectly place to help you write secure code for your IoT device. In this talk I explain the role of the compiler in warning of code that seems insecure and in providing heavy lifting for the professional software engineer. These are the slides for Jeremy Bennett's talk to IoT London on 21 February 2017.

Technologie

How Your Compiler Can Help You Write
Secure Code for Your IoT Device
Jeremy Bennett
IoT London Meeting #63, 21 February 2017

Copyright © 2017 Embecosm. Freely available under a Creative Commons license
Why?

Copyright © 2017 Embecosm. Freely available under a Creative Commons license
Why the Compiler?
C/C++
Java
Assembler
Scripts
Raw machine code
The compiler gets to look at
(almost) all the code
The compiler gets to look at
(almost) all the code

Copyright © 2017 Embecosm. Freely available under a Creative Commons license
How The Compiler Can Help
Warning of bad practice
Advising the programmer when
code appears to follow bad
practice
Providing heavy lifting
Automating complex tasks to
make them easier for the
programmer

Copyright © 2017 Embecosm. Freely available under a Creative Commons license
Leakage Aware Design Automation
The LADA Project
●
EPSRC funded 4 year academic research project
– supported by a team of RAs and PhD students
●
Embecosm is the “industrial supporter”
– providing summer PhD internships
– writing open source implementations for GCC & LLVM
Prof Elisabeth Oswald
University of Bristol
Dr Dan Page
University of Bristol

Copyright © 2017 Embecosm. Freely available under a Creative Commons license
What is Information Leakage
“Information leakage happens whenever a system
that is designed to be closed to an eavesdropper
reveals some information to unauthorized parties
nonetheless.”
Wikipedia

$Copyright © 2017 Embecosm. Freely available under a Creative Commons license Differential Power Analysis $ time ./dpa 7 real 0m0.025s user 0m0.024s sys 0m0.000s $ time ./dpa 6 real 0m0.086s user 0m0.084s sys 0m0.000s int func (uint32_t k) { int i, res = 0; for (i = 0; i < 10000000; i++) if (1 == (k & 1)) res += k - 1; else { double r; r = sqrt ((double) k); res += (int) r; } return res; } int main (int argc, char *argv[]) { return func (atoi (argv[1])); }$

Copyright © 2017 Embecosm. Freely available under a Creative Commons license
8-Bit Processor Multiply Instruction
Heat Map
Image: Dr James Pallister, University of Bristol

Copyright © 2017 Embecosm. Freely available under a Creative Commons license
How To Get Involved
●
Contribute code to LLVM, GCC and others
●
Apply for PhD/RA vacancies with LADA
●
Attend compiler community events
●
Join the IoT Security Foundation
●
Talk to Embecosm about your compiler

Thank You
www.embecosm.com
jeremy.bennett@embecosm.com

Weitere ähnliche Inhalte

Andere mochten auch

Choice Art Group Web Transformation Project

Benjamin Berman

Small business

Neetu Kumari

last version of cv

myallkoky

The 10 Most Common Mistakes in Social Media Marketing and How to Avoid Them

cgreenleaf

International sales training- English language in Hochiminh Vietnam

Win Chu

Pedagogic implications of wider purpose of HE

Tansy Jessop

Challenges & Opportunitities for Digital TV In Africa

BSP Media Group

AIX_Administrator_Prerna Arvind_updated Resume

Prerna Arvind

Dorkbot Flower Power!

luisaph

Formalpresentation2

Laura Price

Audience theories

lcfcball

Andere mochten auch (11)

Choice Art Group Web Transformation Project

Small business

last version of cv

The 10 Most Common Mistakes in Social Media Marketing and How to Avoid Them

International sales training- English language in Hochiminh Vietnam

Pedagogic implications of wider purpose of HE

Challenges & Opportunitities for Digital TV In Africa

AIX_Administrator_Prerna Arvind_updated Resume

Dorkbot Flower Power!

Formalpresentation2

Audience theories

Kürzlich hochgeladen

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

DBX First Quarter 2024 Investor Presentation

Dropbox

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

ICT role in 21st century education and its challenges

rafiqahmad00786416

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Kürzlich hochgeladen (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...

How to Troubleshoot Apps for the Modern Connected Worker

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Ransomware_Q4_2023. The report. [EN].pdf

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Apidays New York 2024 - The value of a flexible API Management solution for O...

DBX First Quarter 2024 Investor Presentation

Exploring the Future Potential of AI-Enabled Smartphone Processors

presentation ICT roal in 21st century education

Axa Assurance Maroc - Insurer Innovation Award 2024

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Boost Fertility New Invention Ups Success Rates.pdf

Strategies for Landing an Oracle DBA Job as a Fresher

A Year of the Servo Reboot: Where Are We Now?

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

GenAI Risks & Security Meetup 01052024.pdf

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

ICT role in 21st century education and its challenges

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Iot london-2017-security-enhanced-compilers

1. How Your Compiler Can Help You Write Secure Code for Your IoT Device Jeremy Bennett IoT London Meeting #63, 21 February 2017

3. Copyright © 2017 Embecosm. Freely available under a Creative Commons license Why the Compiler? C/C++ Java Assembler Scripts Raw machine code The compiler gets to look at (almost) all the code The compiler gets to look at (almost) all the code

4. Copyright © 2017 Embecosm. Freely available under a Creative Commons license How The Compiler Can Help Warning of bad practice Advising the programmer when code appears to follow bad practice Providing heavy lifting Automating complex tasks to make them easier for the programmer

5. Copyright © 2017 Embecosm. Freely available under a Creative Commons license Leakage Aware Design Automation The LADA Project ● EPSRC funded 4 year academic research project – supported by a team of RAs and PhD students ● Embecosm is the “industrial supporter” – providing summer PhD internships – writing open source implementations for GCC & LLVM Prof Elisabeth Oswald University of Bristol Dr Dan Page University of Bristol

6. Copyright © 2017 Embecosm. Freely available under a Creative Commons license What is Information Leakage “Information leakage happens whenever a system that is designed to be closed to an eavesdropper reveals some information to unauthorized parties nonetheless.” Wikipedia

7. Copyright © 2017 Embecosm. Freely available under a Creative Commons license Differential Power Analysis $ time ./dpa 7 real 0m0.025s user 0m0.024s sys 0m0.000s $ time ./dpa 6 real 0m0.086s user 0m0.084s sys 0m0.000s int func (uint32_t k) { int i, res = 0; for (i = 0; i < 10000000; i++) if (1 == (k & 1)) res += k - 1; else { double r; r = sqrt ((double) k); res += (int) r; } return res; } int main (int argc, char *argv[]) { return func (atoi (argv[1])); }

8. Copyright © 2017 Embecosm. Freely available under a Creative Commons license Differential Power Analysis $ time ./dpa 7 real 0m0.025s user 0m0.024s sys 0m0.000s $ time ./dpa 6 real 0m0.086s user 0m0.084s sys 0m0.000s int func (uint32_t k) { int i, res = 0; for (i = 0; i < 10000000; i++) if (1 == (k & 1)) res += k - 1; else { double r; r = sqrt ((double) k); res += (int) r; } return res; } int main (int argc, char *argv[]) { return func (atoi (argv[1])); }

10. Copyright © 2017 Embecosm. Freely available under a Creative Commons license How To Get Involved ● Contribute code to LLVM, GCC and others ● Apply for PhD/RA vacancies with LADA ● Attend compiler community events ● Join the IoT Security Foundation ● Talk to Embecosm about your compiler

11. Thank You www.embecosm.com jeremy.bennett@embecosm.com

Iot london-2017-security-enhanced-compilers

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Andere mochten auch

Andere mochten auch (11)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Iot london-2017-security-enhanced-compilers