Joanna Rutkowska is one of the speakers at “Next Generation Threats“, taking place in Stockholm, Sweden in September.
Trust as the no. 1 enemy of security: the client systems study
We are forced to trust a lot of things: the files we receive or websites we visit, that they are not going to exploit bugs in our (trusted) apps, the (trusted) software we use has no backdoors built in or added by 3rd parties. Also that the (trusted) OS components are secure and can protect our data, that the underlying (trusted) firmware and hardware is not subverting security mechanisms implemented by our (trusted) Operating System. The more trust we are forced into, the less secure our digital lives are, of course. Trust is the #1 enemy of security. Is there anything we can do about it? What’s the smallest reasonable amount of trust we need in case of a typical client (desktop) system today? Can trust be distributed?
Joanna Rutkowska is a founder of Invisible Things Lab and the Qubes OS project, which she has been leading since its inception in 2010. Prior to that she has been focusing on system-level offensive security research. Together with her team at ITL, she has presented numerous attacks on virtualization systems and Intel security technologies, including the famous series of exploits against the Intel Trusted Execution Technology (TXT), the still-only-one software attack demonstrating Intel VT-d escape, and also supervised her team with the pioneering research on breaking into the Intel vPro BIOS and AMT/MT technology. She is also known for writing Blue Pill, the first hardware virtualization-based rootkit, introducing Evil Maid attack, and for her prior work on kernel-mode malware for Windows and Linux in the first half of the 2000s.