Before you ship a "security mitigation" ...
http://addxorrol.blogspot.com/2020/03/before-you-ship-security-mitigation.html [addxorrol.blogspot.com]
2020-04-10 00:48
tags:
defense
development
security
During my years doing vulnerability research and my time in Project Zero, I frequently encountered proposals for new security mitigations. Some of these were great, some of these - were not so great.
I think Halvar is at times too dismissive of “raising the bar”, but he’s also the expert here, and these are not bad guidelines.
source: grugq
Turing completeness, weird machines, Twitter, and muddled terminology
http://addxorrol.blogspot.com/2018/10/turing-completeness-weird-machines.html [addxorrol.blogspot.com]
2018-10-03 21:50
tags:
compsci
defense
exploit
programming
security
The point of weird machine research is *not* about showing that everything is Turing complete. The point of weird machine research is that when any finite state automaton is simulated, and when that simulation gets corrupted, a new machine emerges, with it’s own instruction set. It is this instruction set that gets programmed in attacks. Constraining the state transitions (and hence the reachable states) of a weird machine is what makes exploitation impossible. The computational power (in the TC sense) is secondary.
source: solar