0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/362 Thanks! 1 00:00:12,470 --> 00:00:14,389 Yeah, hello, my name is Honasan, that's 2 00:00:14,390 --> 00:00:16,699 David, and we will talk a bit about 3 00:00:16,700 --> 00:00:18,949 trustworthy, secure, modular operating 4 00:00:18,950 --> 00:00:20,209 system engineering, which we are 5 00:00:20,210 --> 00:00:22,699 currently doing, or another approach 6 00:00:22,700 --> 00:00:24,859 to how to robustly 7 00:00:24,860 --> 00:00:26,670 implement security protocols. 8 00:00:27,890 --> 00:00:30,259 So first of all, the 9 00:00:30,260 --> 00:00:32,478 general question of this talk is, 10 00:00:32,479 --> 00:00:34,639 what is the trusted computing base and 11 00:00:34,640 --> 00:00:37,069 how can we get it as small 12 00:00:37,070 --> 00:00:39,349 as possible while still having some 13 00:00:39,350 --> 00:00:40,429 functionality? 14 00:00:40,430 --> 00:00:42,709 And the trust of computing base itself 15 00:00:42,710 --> 00:00:44,779 is all the pieces 16 00:00:44,780 --> 00:00:47,149 of software and hardware of the system, 17 00:00:47,150 --> 00:00:49,369 which are crucial for its operation. 18 00:00:49,370 --> 00:00:51,529 And if one fails, the 19 00:00:51,530 --> 00:00:53,629 whole security of the entire system 20 00:00:53,630 --> 00:00:54,630 is jeopardized. 21 00:00:55,580 --> 00:00:56,929 So, yeah. 22 00:00:56,930 --> 00:00:59,419 Well, let's look at a 23 00:00:59,420 --> 00:01:01,489 concrete example of the trusted 24 00:01:01,490 --> 00:01:03,649 computing base in this example will take 25 00:01:03,650 --> 00:01:05,329 an instant messaging client. 26 00:01:05,330 --> 00:01:07,579 So as a trusted computing base 27 00:01:07,580 --> 00:01:09,409 of the instant messaging client, the 28 00:01:09,410 --> 00:01:11,989 first half the client software itself 29 00:01:11,990 --> 00:01:14,149 being at some implementation in 30 00:01:14,150 --> 00:01:16,429 some programing language, so that 31 00:01:16,430 --> 00:01:18,529 client software is obviously part of the 32 00:01:18,530 --> 00:01:20,209 trusted computing base, because if it 33 00:01:20,210 --> 00:01:22,369 contains a box, you might be able to 34 00:01:22,370 --> 00:01:24,679 exploit it and to jeopardize 35 00:01:24,680 --> 00:01:25,909 its security. 36 00:01:25,910 --> 00:01:27,979 Then as the next layer, we have the 37 00:01:27,980 --> 00:01:30,049 dependent libraries so the client 38 00:01:30,050 --> 00:01:32,569 might use open SSL unutilized 39 00:01:32,570 --> 00:01:35,239 or any other piece of security, 40 00:01:35,240 --> 00:01:37,309 cryptography library 41 00:01:37,310 --> 00:01:39,379 or XML stream processing 42 00:01:39,380 --> 00:01:40,579 or whatever. 43 00:01:40,580 --> 00:01:42,709 So that is obviously also part 44 00:01:42,710 --> 00:01:44,779 of the trusted computing base, 45 00:01:44,780 --> 00:01:46,429 as we have seen this year with 46 00:01:46,430 --> 00:01:49,009 Heartbleed, which affect that openness 47 00:01:49,010 --> 00:01:51,319 and which affected a lot of different 48 00:01:51,320 --> 00:01:53,689 applications, which all had openness 49 00:01:53,690 --> 00:01:55,759 as well as their dependent 50 00:01:55,760 --> 00:01:56,760 library. 51 00:01:57,950 --> 00:02:00,139 So as a next step, we're 52 00:02:00,140 --> 00:02:01,879 not quite finished yet. 53 00:02:01,880 --> 00:02:03,529 As a next step, we have the graphical 54 00:02:03,530 --> 00:02:05,749 user interface framework, which 55 00:02:05,750 --> 00:02:08,448 is most often used in such a 56 00:02:08,449 --> 00:02:10,638 client, such an extensive 57 00:02:10,639 --> 00:02:12,709 client. And the graphical 58 00:02:12,710 --> 00:02:15,679 user interface actually contains 59 00:02:15,680 --> 00:02:18,149 stuff which parses arbitrary 60 00:02:18,150 --> 00:02:20,389 binary data like pictures 61 00:02:20,390 --> 00:02:22,549 and fonts and needs to render fonts 62 00:02:22,550 --> 00:02:24,619 and so on. And obviously there have been 63 00:02:24,620 --> 00:02:26,689 Boxun picture pausa, 64 00:02:26,690 --> 00:02:28,979 libraries like Lipinsky like 65 00:02:28,980 --> 00:02:29,980 Drapey. 66 00:02:30,650 --> 00:02:32,989 So this is also part of our trusted 67 00:02:32,990 --> 00:02:35,149 computing base grows and 68 00:02:35,150 --> 00:02:36,409 grows even bigger. 69 00:02:36,410 --> 00:02:38,539 So then we have the programing language 70 00:02:38,540 --> 00:02:41,059 it is implemented in or it provides 71 00:02:41,060 --> 00:02:43,129 an interface for plug ins and 72 00:02:43,130 --> 00:02:44,749 that programing language environment, 73 00:02:44,750 --> 00:02:47,239 that runtime is also executed 74 00:02:47,240 --> 00:02:49,339 and must be part of the trusted computing 75 00:02:49,340 --> 00:02:49,759 base. 76 00:02:49,760 --> 00:02:51,829 So if there is a problem 77 00:02:51,830 --> 00:02:53,959 in some programing language, let's 78 00:02:53,960 --> 00:02:56,239 say HP, which has a long history 79 00:02:56,240 --> 00:02:58,549 of problems, or 80 00:02:58,550 --> 00:03:00,919 Java or Ruby or Python or 81 00:03:00,920 --> 00:03:02,150 whichever you like, 82 00:03:03,920 --> 00:03:06,049 but we are not we are not 83 00:03:06,050 --> 00:03:07,249 really there yet. 84 00:03:07,250 --> 00:03:09,349 So we also have the big 85 00:03:09,350 --> 00:03:11,449 C library, which you unfortunately 86 00:03:11,450 --> 00:03:13,969 can't see, but you can see it here a bit. 87 00:03:13,970 --> 00:03:16,279 So the C library is also part 88 00:03:16,280 --> 00:03:18,439 of the trusted computing base because it 89 00:03:18,440 --> 00:03:20,539 is actually there and you execute 90 00:03:20,540 --> 00:03:22,639 it. It's loaded, it's loaded 91 00:03:22,640 --> 00:03:24,859 into memory. And the C 92 00:03:24,860 --> 00:03:27,319 library contains, what, around 2000 93 00:03:27,320 --> 00:03:28,399 subroutines. 94 00:03:28,400 --> 00:03:30,649 So if there's one 95 00:03:30,650 --> 00:03:33,079 exposed and vulnerable, 96 00:03:33,080 --> 00:03:35,269 the whole security of the whole system is 97 00:03:35,270 --> 00:03:37,399 expected. And here on the right side, 98 00:03:37,400 --> 00:03:39,589 you also see the operating system being 99 00:03:39,590 --> 00:03:41,749 at Linux, privacy or whatever 100 00:03:41,750 --> 00:03:44,179 else the kernel which 101 00:03:44,180 --> 00:03:46,369 provides you with the DCP IP stick 102 00:03:46,370 --> 00:03:48,319 and which provides you with. 103 00:03:50,130 --> 00:03:52,259 Hardware device drivers that 104 00:03:52,260 --> 00:03:54,359 also need to be part of or is part 105 00:03:54,360 --> 00:03:56,159 of the truss computing base. 106 00:03:56,160 --> 00:03:58,229 And then last but not least, we also 107 00:03:58,230 --> 00:04:00,449 have the piece of hardware, the 108 00:04:00,450 --> 00:04:02,729 different pieces of hardware, your 109 00:04:02,730 --> 00:04:04,889 device, your hard drive and so 110 00:04:04,890 --> 00:04:07,259 on, which all contains some firmware, 111 00:04:07,260 --> 00:04:09,539 which is part of the truss 112 00:04:09,540 --> 00:04:10,540 computing base. 113 00:04:11,530 --> 00:04:13,659 So it stacks up 114 00:04:13,660 --> 00:04:16,268 and up and the question 115 00:04:16,269 --> 00:04:17,739 is for Enoteca is 116 00:04:18,760 --> 00:04:20,319 what is the weakest link? 117 00:04:20,320 --> 00:04:21,278 Which piece? 118 00:04:21,279 --> 00:04:23,619 Which piece is the most easy 119 00:04:23,620 --> 00:04:24,620 to attack here? 120 00:04:25,810 --> 00:04:28,119 And obviously, I forgot some things 121 00:04:28,120 --> 00:04:30,159 like the compiler needs to be trusted 122 00:04:30,160 --> 00:04:32,259 because if the compiler is an untrusted 123 00:04:32,260 --> 00:04:34,269 compiler, it can just inject some 124 00:04:34,270 --> 00:04:36,970 arbitrary code into your executable. 125 00:04:39,520 --> 00:04:41,199 So what can we do? 126 00:04:41,200 --> 00:04:43,299 I'm here to propose how to 127 00:04:43,300 --> 00:04:45,219 minimize the trusted computing base or 128 00:04:45,220 --> 00:04:47,319 how to get a small trust the computer 129 00:04:47,320 --> 00:04:49,629 makes. And what have we what 130 00:04:49,630 --> 00:04:51,309 what are the different approaches we have 131 00:04:51,310 --> 00:04:53,019 seen in the past? 132 00:04:53,020 --> 00:04:55,419 Well, the first one of the popular 133 00:04:55,420 --> 00:04:57,579 approaches is compartmentalization 134 00:04:57,580 --> 00:04:59,859 to just build the compartments. 135 00:04:59,860 --> 00:05:01,749 And that actually solves the problem. 136 00:05:01,750 --> 00:05:03,849 If there is and if 137 00:05:03,850 --> 00:05:06,279 there is a successful attack, the impact 138 00:05:06,280 --> 00:05:08,469 is low, the impact is small. 139 00:05:08,470 --> 00:05:10,869 So instead of running each server, 140 00:05:10,870 --> 00:05:12,939 all services on one machine, on 141 00:05:12,940 --> 00:05:15,159 one operating system, you just 142 00:05:15,160 --> 00:05:17,829 spread the services to various 143 00:05:17,830 --> 00:05:19,509 different operating systems. 144 00:05:19,510 --> 00:05:21,579 So each service runs in a in a 145 00:05:21,580 --> 00:05:23,769 separate virtual machine or 146 00:05:23,770 --> 00:05:26,169 in a changing environment, which was 147 00:05:26,170 --> 00:05:28,389 one of the first things 148 00:05:28,390 --> 00:05:29,379 developed there. 149 00:05:29,380 --> 00:05:31,629 Then we also have Solaris zones, 150 00:05:31,630 --> 00:05:33,369 the rails and Linux containers, which is 151 00:05:33,370 --> 00:05:35,499 more lightweight virtualization 152 00:05:35,500 --> 00:05:37,989 currently hyp through DOCA. 153 00:05:37,990 --> 00:05:40,389 And on the other side we have the 154 00:05:40,390 --> 00:05:42,819 where you actually only 155 00:05:42,820 --> 00:05:45,039 run the the userspace of 156 00:05:45,040 --> 00:05:46,329 an operating system. 157 00:05:46,330 --> 00:05:48,849 So you shared the very same kernel, 158 00:05:48,850 --> 00:05:50,919 but you execute different C libraries 159 00:05:50,920 --> 00:05:52,989 and different servers 160 00:05:52,990 --> 00:05:54,039 binaries. 161 00:05:54,040 --> 00:05:55,689 Then on the other side we have the 162 00:05:55,690 --> 00:05:57,879 hypervisor approach such 163 00:05:57,880 --> 00:06:00,039 as Xen, KVM or so 164 00:06:00,040 --> 00:06:02,189 for you have a small hypervisor 165 00:06:02,190 --> 00:06:03,849 on top of that hypervisor. 166 00:06:03,850 --> 00:06:06,159 You run all the different Vitra 167 00:06:06,160 --> 00:06:08,409 machines, which are each of it is 168 00:06:08,410 --> 00:06:10,839 a complete Linux Unix 169 00:06:10,840 --> 00:06:13,359 environment. So its its own, 170 00:06:13,360 --> 00:06:15,429 its own kernel, its own device for 171 00:06:15,430 --> 00:06:17,979 its own TCP IP stack and so on, 172 00:06:17,980 --> 00:06:20,139 and hypervisor such as Zenn 173 00:06:20,140 --> 00:06:22,839 used around the world in this 174 00:06:22,840 --> 00:06:24,639 cloud thingy, 175 00:06:25,720 --> 00:06:27,639 for example, at Amazon, easy to use and 176 00:06:27,640 --> 00:06:29,559 Rackspace and so on. 177 00:06:29,560 --> 00:06:31,899 So Compartments is a really nice 178 00:06:31,900 --> 00:06:34,119 approach to limit the impact 179 00:06:34,120 --> 00:06:35,589 of attack of an attack. 180 00:06:35,590 --> 00:06:37,659 But it doesn't really reduce your 181 00:06:37,660 --> 00:06:38,769 trusted computing base. 182 00:06:38,770 --> 00:06:40,959 Apart from that, you separate 183 00:06:40,960 --> 00:06:43,419 the services apart. 184 00:06:43,420 --> 00:06:45,579 Also, the crucial question is, can 185 00:06:45,580 --> 00:06:47,679 I take an escape from 186 00:06:47,680 --> 00:06:49,629 a changed route or a real or a 187 00:06:49,630 --> 00:06:51,069 hypervisor? 188 00:06:51,070 --> 00:06:52,779 So it's part of the trust computing base 189 00:06:52,780 --> 00:06:55,389 and you actually add a bit more software. 190 00:06:55,390 --> 00:06:57,699 So that's the other project, which 191 00:06:57,700 --> 00:07:00,279 is to just 192 00:07:00,280 --> 00:07:02,679 add stack on layers and layers 193 00:07:02,680 --> 00:07:04,929 and layers, because each problem 194 00:07:04,930 --> 00:07:06,279 in computer science can be solved by 195 00:07:06,280 --> 00:07:07,280 adding another layer. 196 00:07:08,440 --> 00:07:10,509 And the problem is your 197 00:07:10,510 --> 00:07:13,179 setup gets really, really complicated, 198 00:07:13,180 --> 00:07:15,579 gets complex and 199 00:07:15,580 --> 00:07:17,709 such layers, for example, stack 200 00:07:17,710 --> 00:07:19,869 protection or firewalls or 201 00:07:19,870 --> 00:07:21,639 intrusion detection systems. 202 00:07:21,640 --> 00:07:24,009 And the problem here is really that 203 00:07:24,010 --> 00:07:26,829 all these layers are also software 204 00:07:26,830 --> 00:07:28,029 and they are part of the process of 205 00:07:28,030 --> 00:07:29,049 computing base. 206 00:07:29,050 --> 00:07:30,669 So they need to be trusted. 207 00:07:30,670 --> 00:07:33,099 And there have been successful 208 00:07:33,100 --> 00:07:34,989 I mean, there have been vulnerabilities 209 00:07:34,990 --> 00:07:37,029 in firewall implementations and intrusion 210 00:07:37,030 --> 00:07:38,719 detection systems quite a bit. 211 00:07:38,720 --> 00:07:40,899 So you actually open up the tech 212 00:07:40,900 --> 00:07:42,479 victor if you had more layers. 213 00:07:44,680 --> 00:07:47,739 So, as I mentioned, piling layers, 214 00:07:47,740 --> 00:07:50,349 David Villa already said all problems 215 00:07:50,350 --> 00:07:52,539 can be solved in computer science by 216 00:07:52,540 --> 00:07:54,249 adding another layer of indirection, 217 00:07:54,250 --> 00:07:56,469 apart from the problem of having 218 00:07:56,470 --> 00:07:58,359 too many layers of indirection. 219 00:08:00,550 --> 00:08:02,739 So, yeah, that's a state where we 220 00:08:02,740 --> 00:08:05,049 are right now. 221 00:08:05,050 --> 00:08:07,119 So the whole system is 222 00:08:07,120 --> 00:08:08,120 wrong. 223 00:08:09,630 --> 00:08:12,449 Let's start clean slate, 224 00:08:12,450 --> 00:08:14,609 get rid of the 225 00:08:14,610 --> 00:08:16,679 old legacy 226 00:08:16,680 --> 00:08:18,899 here so software 227 00:08:18,900 --> 00:08:20,739 systems are complex. 228 00:08:20,740 --> 00:08:23,069 Yes, today's communication 229 00:08:23,070 --> 00:08:25,349 interfaces are complex because 230 00:08:25,350 --> 00:08:28,349 we have a variety of computers 231 00:08:28,350 --> 00:08:31,559 and but fortunately, 232 00:08:31,560 --> 00:08:33,689 the communication is done 233 00:08:33,690 --> 00:08:36,658 via protocols which are more or less 234 00:08:36,659 --> 00:08:39,178 standardized or formalized 235 00:08:39,179 --> 00:08:41,069 by the IETF and so on. 236 00:08:41,070 --> 00:08:43,168 So the API, which we actually need to 237 00:08:43,169 --> 00:08:45,449 implement for a clean slate approach, 238 00:08:45,450 --> 00:08:47,729 is the API of the Internet, 239 00:08:47,730 --> 00:08:49,919 which might be TCP, IP, the 240 00:08:49,920 --> 00:08:51,059 FTP, DNS, 241 00:08:52,080 --> 00:08:53,819 HTP, whatever. 242 00:08:53,820 --> 00:08:56,429 Some security may be less 243 00:08:56,430 --> 00:08:58,499 Zazzle for authentication, 244 00:08:58,500 --> 00:09:00,629 then maybe some get some 245 00:09:00,630 --> 00:09:02,729 age, some EMAP to communicate 246 00:09:02,730 --> 00:09:04,709 with the other peers, with the entire 247 00:09:04,710 --> 00:09:06,479 world, with the rest of the world. 248 00:09:07,800 --> 00:09:10,079 And then another problem 249 00:09:10,080 --> 00:09:12,839 in computers is persistent data storage. 250 00:09:12,840 --> 00:09:14,639 And I'm not talking here about a hard 251 00:09:14,640 --> 00:09:16,499 drive because the hard drive can fail and 252 00:09:16,500 --> 00:09:17,429 will fail. 253 00:09:17,430 --> 00:09:19,589 But I'm talking here more about 254 00:09:19,590 --> 00:09:22,229 a concept where to put data 255 00:09:22,230 --> 00:09:24,449 such that it is encrypted 256 00:09:24,450 --> 00:09:26,789 storage stored somewhere, 257 00:09:26,790 --> 00:09:29,099 and I can actually retrieve it and only I 258 00:09:29,100 --> 00:09:30,059 can retrieve it. 259 00:09:30,060 --> 00:09:32,279 Not everybody else, because it's my 260 00:09:32,280 --> 00:09:33,280 data. 261 00:09:34,590 --> 00:09:36,689 So what are the tools for this clean 262 00:09:36,690 --> 00:09:37,799 slate approach? 263 00:09:37,800 --> 00:09:39,959 Well, Hecker's, our tools, 264 00:09:39,960 --> 00:09:41,909 programing languages and programing 265 00:09:41,910 --> 00:09:44,159 languages have various kinds 266 00:09:44,160 --> 00:09:46,139 of abstraction features. 267 00:09:46,140 --> 00:09:47,969 And then we have libraries. 268 00:09:47,970 --> 00:09:50,099 So stuff which is already there, which we 269 00:09:50,100 --> 00:09:51,100 can reuse. 270 00:09:54,510 --> 00:09:56,189 So consider that the programing language 271 00:09:56,190 --> 00:09:58,769 is the essential vehicle of expressing 272 00:09:58,770 --> 00:10:00,749 a program, and we just dissect an 273 00:10:00,750 --> 00:10:03,149 operating system into its parts, 274 00:10:03,150 --> 00:10:05,339 so radical in an operating 275 00:10:05,340 --> 00:10:07,169 system, architecture can be radical and 276 00:10:07,170 --> 00:10:08,999 thinking how to actually build an 277 00:10:09,000 --> 00:10:10,649 operating system in use in terms of 278 00:10:10,650 --> 00:10:12,540 programing language, which 279 00:10:13,740 --> 00:10:15,359 which we think is the essential 280 00:10:15,360 --> 00:10:16,989 component. 281 00:10:16,990 --> 00:10:18,899 During the rest of this Congress, you 282 00:10:18,900 --> 00:10:21,299 will hear a series of talks on 283 00:10:21,300 --> 00:10:23,339 a string of high-Profile exploits in 284 00:10:23,340 --> 00:10:25,199 security libraries that happen throughout 285 00:10:25,200 --> 00:10:27,329 this year and interesting properties that 286 00:10:27,330 --> 00:10:29,549 they're all connected by actual failures 287 00:10:29,550 --> 00:10:32,129 in the language, more or less so 288 00:10:32,130 --> 00:10:34,229 with the programing, languages are a 289 00:10:34,230 --> 00:10:36,459 basic tool to to ensure 290 00:10:36,460 --> 00:10:38,489 we're building a more robust, stronger 291 00:10:38,490 --> 00:10:39,609 system. 292 00:10:39,610 --> 00:10:41,789 And the idea 293 00:10:41,790 --> 00:10:44,279 is actually to her programing language, 294 00:10:44,280 --> 00:10:45,869 give us the ability to focus solely on 295 00:10:45,870 --> 00:10:47,699 the problem and not on the accidental 296 00:10:47,700 --> 00:10:49,289 complexity of solving it. 297 00:10:49,290 --> 00:10:51,659 So we're within the abstraction 298 00:10:51,660 --> 00:10:53,909 to do that. And we want to achieve code 299 00:10:53,910 --> 00:10:56,249 that is small and that corresponds 300 00:10:56,250 --> 00:10:58,409 to the expression of the solution and 301 00:10:58,410 --> 00:11:00,309 doesn't contain either not really need 302 00:11:00,310 --> 00:11:01,919 the information. 303 00:11:01,920 --> 00:11:03,219 So what we do is use functional 304 00:11:03,220 --> 00:11:04,349 programing. 305 00:11:04,350 --> 00:11:06,899 And the idea is to say, 306 00:11:06,900 --> 00:11:09,359 well, here's a here's an example, 307 00:11:09,360 --> 00:11:10,949 dysfunctional programing. 308 00:11:10,950 --> 00:11:13,259 It's sending a function that 309 00:11:13,260 --> 00:11:15,149 increments the element Bovon for another 310 00:11:15,150 --> 00:11:17,399 function, which operates a realist, 311 00:11:17,400 --> 00:11:19,619 and then using that function to transform 312 00:11:19,620 --> 00:11:20,819 at least into another one. 313 00:11:20,820 --> 00:11:22,919 And it is the Whitsun with 314 00:11:22,920 --> 00:11:24,209 functional programing. You want to have 315 00:11:24,210 --> 00:11:25,799 the program. That's a network of very 316 00:11:25,800 --> 00:11:28,019 small, isolated local functions, 317 00:11:28,020 --> 00:11:30,419 which can be freely combined in various 318 00:11:30,420 --> 00:11:32,609 ways so that you 319 00:11:32,610 --> 00:11:34,139 don't have to suffer from the complexity 320 00:11:34,140 --> 00:11:36,389 of considering which one is executed, 321 00:11:36,390 --> 00:11:38,879 when or which one was previous 322 00:11:38,880 --> 00:11:40,229 or next. 323 00:11:40,230 --> 00:11:42,449 Are these are these four declarative 324 00:11:42,450 --> 00:11:44,129 programing, which would be the kind of 325 00:11:44,130 --> 00:11:46,409 programing we regret to express 326 00:11:46,410 --> 00:11:48,689 the logic of the solution and not 327 00:11:48,690 --> 00:11:50,639 all the steps it takes for the computer 328 00:11:50,640 --> 00:11:52,259 to arrive at the solution. 329 00:11:52,260 --> 00:11:53,759 This, of course, the simplest example, 330 00:11:53,760 --> 00:11:55,319 functional programing we can give it, but 331 00:11:55,320 --> 00:11:57,539 you can't expect us to squash an entire 332 00:11:57,540 --> 00:11:58,830 program in a single slide 333 00:11:59,970 --> 00:12:02,489 on one of the 334 00:12:02,490 --> 00:12:04,589 functional programing approaches is 335 00:12:04,590 --> 00:12:06,329 under defined. Many people have different 336 00:12:06,330 --> 00:12:07,620 interpretations of what it means. 337 00:12:08,730 --> 00:12:11,069 The one we use in our code actually 338 00:12:11,070 --> 00:12:12,989 is statically typed and quite 339 00:12:14,160 --> 00:12:15,509 orthodox functional programing. 340 00:12:15,510 --> 00:12:16,860 So we have the type system. 341 00:12:18,330 --> 00:12:19,949 There has been a suite of languages 342 00:12:19,950 --> 00:12:22,079 relatively recently that 343 00:12:22,080 --> 00:12:24,189 did away with types because unit 344 00:12:24,190 --> 00:12:26,459 tests or something of the type system 345 00:12:26,460 --> 00:12:28,709 is invaluable 346 00:12:28,710 --> 00:12:30,899 in enforcing lightweight 347 00:12:30,900 --> 00:12:32,069 properties. 348 00:12:32,070 --> 00:12:34,149 We don't have a type system such as more 349 00:12:34,150 --> 00:12:35,999 advanced languages, such as, for example, 350 00:12:36,000 --> 00:12:38,219 ADRIS, which can prove properties but 351 00:12:38,220 --> 00:12:39,989 have a type system that can enforce them 352 00:12:39,990 --> 00:12:42,479 if we can see them, prove them 353 00:12:42,480 --> 00:12:44,819 ourselves, or at least see how they hold 354 00:12:44,820 --> 00:12:46,949 and then send them away, hide them 355 00:12:46,950 --> 00:12:48,569 through abstraction and have the support 356 00:12:48,570 --> 00:12:49,889 system propagate that. 357 00:12:49,890 --> 00:12:51,989 Yes. Now everything really holds the 358 00:12:51,990 --> 00:12:53,519 way we've seen in the beginning. 359 00:12:53,520 --> 00:12:54,809 So that system is a very crucial 360 00:12:54,810 --> 00:12:55,919 component to our approach. 361 00:12:55,920 --> 00:12:57,929 It gives us the soundness. 362 00:12:57,930 --> 00:12:59,639 We kind of on a basic level, no, we're 363 00:12:59,640 --> 00:13:01,799 not doing something wrong in another part 364 00:13:01,800 --> 00:13:03,419 of the application. 365 00:13:03,420 --> 00:13:05,489 And another crucial part to this 366 00:13:05,490 --> 00:13:06,659 functional programing thing is 367 00:13:06,660 --> 00:13:07,779 side-effect. 368 00:13:07,780 --> 00:13:09,359 Now there are definitions of side 369 00:13:09,360 --> 00:13:11,609 effects. My favorite example is that 370 00:13:11,610 --> 00:13:13,859 the side effect is your square root 371 00:13:13,860 --> 00:13:16,199 function, which one third the number two 372 00:13:16,200 --> 00:13:17,909 starts completing the square root of do 373 00:13:17,910 --> 00:13:19,979 the stops, goes away, presses 374 00:13:19,980 --> 00:13:21,629 the far missiles button, fires the 375 00:13:21,630 --> 00:13:23,189 missiles, comes back and gives you on one 376 00:13:23,190 --> 00:13:25,259 point for something, something sidekicks 377 00:13:25,260 --> 00:13:26,939 are a spooky action at a distance, 378 00:13:26,940 --> 00:13:29,189 whichever means a chunk of code can 379 00:13:29,190 --> 00:13:31,409 can use to influence or change 380 00:13:31,410 --> 00:13:33,209 the behavior of another chunk of code, 381 00:13:33,210 --> 00:13:35,309 which is not explicit parameter and 382 00:13:35,310 --> 00:13:36,749 the results returning. 383 00:13:36,750 --> 00:13:39,029 So therefore obviously create complexity 384 00:13:39,030 --> 00:13:41,099 and create horrible complexity. 385 00:13:41,100 --> 00:13:43,199 And and 386 00:13:43,200 --> 00:13:44,789 while definitions of what function 387 00:13:44,790 --> 00:13:46,439 programing is very considerable with 388 00:13:46,440 --> 00:13:47,759 respect to whether side effects are 389 00:13:47,760 --> 00:13:48,779 included or not. 390 00:13:48,780 --> 00:13:51,329 Q For example, the entire 391 00:13:51,330 --> 00:13:53,189 functional JavaScript movement we 392 00:13:53,190 --> 00:13:55,379 subscribe to very the 393 00:13:55,380 --> 00:13:57,509 idea here, we don't use side effects 394 00:13:57,510 --> 00:13:59,789 almost ever, and it turned 395 00:13:59,790 --> 00:14:01,949 out that was a 396 00:14:01,950 --> 00:14:03,299 really beneficial decision. 397 00:14:03,300 --> 00:14:05,039 We don't have variables in the code at 398 00:14:05,040 --> 00:14:06,419 all. We just call functions with 399 00:14:06,420 --> 00:14:08,159 different arguments and we don't have 400 00:14:08,160 --> 00:14:09,629 exceptions, even though the language has 401 00:14:09,630 --> 00:14:11,849 both maybe very low quality 402 00:14:11,850 --> 00:14:13,799 and these things linked to component 403 00:14:13,800 --> 00:14:15,929 causation and led to this ideal of many 404 00:14:15,930 --> 00:14:17,429 small functions which can be fairly 405 00:14:17,430 --> 00:14:19,649 composed, exchanged, switched and 406 00:14:19,650 --> 00:14:21,839 and changed as the program evolves 407 00:14:21,840 --> 00:14:24,179 without considering more things 408 00:14:24,180 --> 00:14:25,079 there are going on. 409 00:14:25,080 --> 00:14:26,849 In other words, a functional language 410 00:14:26,850 --> 00:14:28,439 made it easier to reason about the 411 00:14:28,440 --> 00:14:30,719 program, and that was a crucial enabling 412 00:14:30,720 --> 00:14:31,720 factor. 413 00:14:33,850 --> 00:14:35,889 So we have seen the tools that are 414 00:14:35,890 --> 00:14:37,999 available for program, which 415 00:14:38,000 --> 00:14:39,969 was basically the programing language, 416 00:14:39,970 --> 00:14:42,399 and now we propose to have 417 00:14:42,400 --> 00:14:44,259 this clean slate approach. 418 00:14:44,260 --> 00:14:46,239 We just don't have an operating system, 419 00:14:46,240 --> 00:14:48,489 but instead we have unique and 420 00:14:48,490 --> 00:14:50,169 unique elements, specialized 421 00:14:50,170 --> 00:14:51,079 applications. 422 00:14:51,080 --> 00:14:53,019 So it's not a general-purpose system 423 00:14:53,020 --> 00:14:55,299 here, but it's really 424 00:14:55,300 --> 00:14:57,669 a small, specialized Vitra 425 00:14:57,670 --> 00:14:59,829 machine image, which even includes 426 00:14:59,830 --> 00:15:01,989 all the system libraries and 427 00:15:01,990 --> 00:15:04,149 the configuration so unique 428 00:15:05,560 --> 00:15:08,289 just directly can run on nonexempt 429 00:15:08,290 --> 00:15:09,219 itself. 430 00:15:09,220 --> 00:15:11,529 So I will explain 431 00:15:11,530 --> 00:15:13,809 here a bit about Midrash, 432 00:15:13,810 --> 00:15:15,969 which is the research projects 433 00:15:15,970 --> 00:15:18,159 I'm currently working in, which started 434 00:15:18,160 --> 00:15:19,719 five years ago in Cambridge. 435 00:15:19,720 --> 00:15:21,879 It is all a GMAT license 436 00:15:21,880 --> 00:15:24,369 all available on GitHub users, or Kemel, 437 00:15:24,370 --> 00:15:26,649 which is a module of functional 438 00:15:26,650 --> 00:15:28,719 programing language and that 439 00:15:28,720 --> 00:15:30,999 can compile to 440 00:15:31,000 --> 00:15:33,099 then virtual machine image 441 00:15:33,100 --> 00:15:35,529 on arm or 442 00:15:35,530 --> 00:15:37,329 on eighty-six or whatever. 443 00:15:37,330 --> 00:15:39,609 And the size of that Vitra 444 00:15:39,610 --> 00:15:42,309 machine image is roughly two megabytes 445 00:15:42,310 --> 00:15:44,709 here in that example for an HTP 446 00:15:44,710 --> 00:15:47,169 server serving also 447 00:15:47,170 --> 00:15:48,699 sites over. 448 00:15:48,700 --> 00:15:50,649 So actually implementation. 449 00:15:50,650 --> 00:15:53,439 So all the crypto, all the HTP, 450 00:15:53,440 --> 00:15:55,509 all the TCP, IP and all the 451 00:15:55,510 --> 00:15:57,609 layers up to the scheduler and 452 00:15:57,610 --> 00:15:59,919 whatever you think is inside 453 00:15:59,920 --> 00:16:02,019 of that image or is done 454 00:16:02,020 --> 00:16:03,729 by that image. 455 00:16:03,730 --> 00:16:06,339 So how does a mirage work here? 456 00:16:06,340 --> 00:16:08,589 Well, as I said, we have a clean slate 457 00:16:08,590 --> 00:16:10,689 approach here and we just remove all 458 00:16:10,690 --> 00:16:12,759 the layers we feel are 459 00:16:12,760 --> 00:16:14,919 rather legacy and we don't really need 460 00:16:14,920 --> 00:16:16,989 in a customized application. 461 00:16:16,990 --> 00:16:18,399 So we don't claim to build the 462 00:16:18,400 --> 00:16:20,409 general-purpose operating system here, 463 00:16:20,410 --> 00:16:22,659 but a framework how 464 00:16:22,660 --> 00:16:24,519 to build your own services. 465 00:16:24,520 --> 00:16:26,439 And obviously Matinées server doesn't 466 00:16:26,440 --> 00:16:27,519 need a file system. 467 00:16:27,520 --> 00:16:29,119 Why should it need a system? 468 00:16:29,120 --> 00:16:31,179 Why should it need users? 469 00:16:31,180 --> 00:16:33,309 Local users just need 470 00:16:33,310 --> 00:16:35,889 some sort of indication to do updates. 471 00:16:35,890 --> 00:16:38,049 And the other stuff which should 472 00:16:38,050 --> 00:16:40,299 be done is the request 473 00:16:40,300 --> 00:16:42,669 response on Dean eSport. 474 00:16:42,670 --> 00:16:45,039 So on the design, instead of having 475 00:16:45,040 --> 00:16:47,109 the hardware and the hypervisor on 476 00:16:47,110 --> 00:16:49,539 top of that, the legacy operating 477 00:16:49,540 --> 00:16:51,789 system, like a network stack file system, 478 00:16:51,790 --> 00:16:53,889 user process, Kernow threats some 479 00:16:53,890 --> 00:16:56,169 programing language runtime, some 480 00:16:56,170 --> 00:16:58,449 application that binary and some 481 00:16:58,450 --> 00:17:00,189 configuration files lying around 482 00:17:00,190 --> 00:17:01,989 somewhere on some file system. 483 00:17:01,990 --> 00:17:04,239 We instead just have the Mirage 484 00:17:04,240 --> 00:17:06,429 runtime, which is an optimal runtime, 485 00:17:06,430 --> 00:17:08,469 and then the application code right on 486 00:17:08,470 --> 00:17:10,568 top of that. So we don't have a network 487 00:17:10,569 --> 00:17:12,789 seg inside of the operating 488 00:17:12,790 --> 00:17:14,889 system and so on, but we have it inside 489 00:17:14,890 --> 00:17:15,890 of the runtime 490 00:17:17,680 --> 00:17:19,959 by using that and by directly executing 491 00:17:19,960 --> 00:17:21,939 it on on a hypervisor and then 492 00:17:21,940 --> 00:17:24,159 hypervisor, we actually can use single 493 00:17:24,160 --> 00:17:26,169 other space because we don't need virtual 494 00:17:26,170 --> 00:17:27,848 space. Why should we need a virtual 495 00:17:27,849 --> 00:17:30,219 aerospace if we only have one process 496 00:17:30,220 --> 00:17:32,349 and we only have one process while it's 497 00:17:32,350 --> 00:17:34,599 all even driven so we can handle 498 00:17:34,600 --> 00:17:36,459 multiple connections at the same time. 499 00:17:36,460 --> 00:17:38,469 But nevertheless, we don't have a process 500 00:17:38,470 --> 00:17:40,959 management thing going on 501 00:17:40,960 --> 00:17:43,029 and we don't even have a C library in 502 00:17:43,030 --> 00:17:45,129 here in Misrata is we have 503 00:17:45,130 --> 00:17:46,130 no lipsey. 504 00:17:47,020 --> 00:17:49,089 So a huge bunch 505 00:17:49,090 --> 00:17:51,279 of code of of code 506 00:17:51,280 --> 00:17:53,409 which might contain some security 507 00:17:53,410 --> 00:17:55,840 issues is just removed. 508 00:17:57,550 --> 00:17:59,439 Let's talk a bit about modularity and 509 00:17:59,440 --> 00:18:00,999 what I really mean with that. 510 00:18:01,000 --> 00:18:03,399 So modules modules are a 511 00:18:03,400 --> 00:18:05,709 programing language concept here coming 512 00:18:05,710 --> 00:18:08,079 from the Standard Model, which 513 00:18:08,080 --> 00:18:10,269 then developed further to towards 514 00:18:10,270 --> 00:18:12,849 time and model modules 515 00:18:12,850 --> 00:18:15,189 are the composable units assembling 516 00:18:15,190 --> 00:18:17,319 complex systems together so we can 517 00:18:17,320 --> 00:18:18,339 just stick together. 518 00:18:18,340 --> 00:18:20,619 Some modules and libraries can be 519 00:18:20,620 --> 00:18:22,329 parametrized by modules. 520 00:18:23,590 --> 00:18:25,539 And in the end, we have done an 521 00:18:25,540 --> 00:18:27,669 application using all those various 522 00:18:27,670 --> 00:18:29,979 models, modules and a module is basically 523 00:18:29,980 --> 00:18:32,289 an interface, but 524 00:18:32,290 --> 00:18:34,779 inside of him out there is actually 525 00:18:34,780 --> 00:18:36,999 the whole module system is program 526 00:18:37,000 --> 00:18:38,409 language in its own, basically. 527 00:18:38,410 --> 00:18:40,659 So you can actually program inside 528 00:18:40,660 --> 00:18:41,670 of the module system. 529 00:18:43,190 --> 00:18:45,409 And well, what we use 530 00:18:45,410 --> 00:18:47,359 here so inamorata, as we use the 531 00:18:47,360 --> 00:18:50,089 modularity from all Kemel quite a lot, 532 00:18:50,090 --> 00:18:52,249 and that gives us that 533 00:18:52,250 --> 00:18:54,529 we can run the very same application 534 00:18:54,530 --> 00:18:57,049 code using various 535 00:18:57,050 --> 00:18:59,539 systems of various configurations. 536 00:18:59,540 --> 00:19:01,639 So as the first example, 537 00:19:01,640 --> 00:19:03,859 the old Unix circuit process down 538 00:19:03,860 --> 00:19:06,079 here, we have the my home page, 539 00:19:06,080 --> 00:19:07,699 which is the application I'm talking 540 00:19:07,700 --> 00:19:08,659 about here. 541 00:19:08,660 --> 00:19:10,879 So my home page is actually 542 00:19:10,880 --> 00:19:12,439 that stuff I wrote. 543 00:19:12,440 --> 00:19:14,539 And then someone else has written an 544 00:19:14,540 --> 00:19:16,759 HP server called Kōichi to be 545 00:19:16,760 --> 00:19:19,219 here and I can just compile 546 00:19:19,220 --> 00:19:21,409 my home page from it be and 547 00:19:21,410 --> 00:19:23,809 then just run as a Unix TCP 548 00:19:23,810 --> 00:19:25,399 IP socket process. 549 00:19:25,400 --> 00:19:27,739 So as a Unix binary inside 550 00:19:27,740 --> 00:19:30,199 of an already existing 70s 551 00:19:30,200 --> 00:19:31,489 Unix system, 552 00:19:32,840 --> 00:19:34,669 a different compilation. 553 00:19:34,670 --> 00:19:37,189 So I don't need to change any code here. 554 00:19:37,190 --> 00:19:39,979 I'm just using different modules 555 00:19:39,980 --> 00:19:42,229 and I can just have 556 00:19:42,230 --> 00:19:44,360 a Unix userspace 557 00:19:45,620 --> 00:19:47,819 userspace network process using a 558 00:19:47,820 --> 00:19:50,239 top interface so I can just use 559 00:19:50,240 --> 00:19:52,489 the back end and orange beer, 560 00:19:52,490 --> 00:19:54,829 which is the secret I can only 561 00:19:54,830 --> 00:19:57,049 use, and then my own TCP 562 00:19:57,050 --> 00:19:59,359 IP stack and my own Ethernet stack, 563 00:19:59,360 --> 00:20:00,660 which is part of Miraz 564 00:20:01,840 --> 00:20:02,950 and yet GCP 565 00:20:03,980 --> 00:20:06,259 and I can just execute the very 566 00:20:06,260 --> 00:20:08,809 same application code after recompletion. 567 00:20:08,810 --> 00:20:11,209 I can just execute it as a tune 568 00:20:11,210 --> 00:20:13,429 up, as a process which 569 00:20:13,430 --> 00:20:15,559 listens untuned type interfaces 570 00:20:15,560 --> 00:20:17,629 and then as a third alternative, I 571 00:20:17,630 --> 00:20:20,269 can just get rid of the Unix 572 00:20:20,270 --> 00:20:22,549 system and just use it use 573 00:20:22,550 --> 00:20:23,659 then instead of it. 574 00:20:23,660 --> 00:20:26,329 So the only thing I really need from the 575 00:20:26,330 --> 00:20:28,759 Zen is a virtual network interface 576 00:20:28,760 --> 00:20:30,829 that can just compile it with 577 00:20:30,830 --> 00:20:33,529 the with the Zend 578 00:20:33,530 --> 00:20:36,109 UserSpacE or some Zen libraries. 579 00:20:36,110 --> 00:20:38,179 And I end up in a binary, which 580 00:20:38,180 --> 00:20:40,519 is this Vitra machine running directly 581 00:20:40,520 --> 00:20:41,719 on them. 582 00:20:41,720 --> 00:20:44,179 And I didn't have to touch 583 00:20:44,180 --> 00:20:46,459 my my application code 584 00:20:46,460 --> 00:20:48,529 at all. And that is great to 585 00:20:48,530 --> 00:20:50,989 have a modular system because 586 00:20:50,990 --> 00:20:53,059 I can just debug on Unix as 587 00:20:53,060 --> 00:20:55,039 a subprocess and then when I want to 588 00:20:55,040 --> 00:20:57,559 deploy I can just One-Click deploy 589 00:20:57,560 --> 00:20:59,629 on some cloud service or 590 00:20:59,630 --> 00:21:01,760 on my own machine on the Internet. 591 00:21:03,800 --> 00:21:04,759 Small intermission. 592 00:21:04,760 --> 00:21:06,289 This could be bought. 593 00:21:06,290 --> 00:21:09,179 It could be bought too, which is 594 00:21:09,180 --> 00:21:11,419 and I'm a 20 595 00:21:11,420 --> 00:21:13,639 processor, dual core a seven. 596 00:21:13,640 --> 00:21:16,129 And that actually has the virtualization 597 00:21:16,130 --> 00:21:18,529 bits. So we can actually run 598 00:21:18,530 --> 00:21:20,659 Xen on that board and we 599 00:21:20,660 --> 00:21:23,239 run a little narrow in the zero 600 00:21:23,240 --> 00:21:25,519 and then as the gets operating systems, 601 00:21:25,520 --> 00:21:27,769 we can run midrashic. 602 00:21:29,470 --> 00:21:31,569 And that is a great small 603 00:21:31,570 --> 00:21:33,819 board in order to to run experiments 604 00:21:33,820 --> 00:21:36,309 on what about security 605 00:21:36,310 --> 00:21:38,499 inside of the main vault inside of 606 00:21:38,500 --> 00:21:38,729 it. 607 00:21:38,730 --> 00:21:41,019 Then there is this CubeSat 608 00:21:41,020 --> 00:21:43,409 project, for example, and that 609 00:21:43,410 --> 00:21:45,669 was just puts every 610 00:21:45,670 --> 00:21:47,709 device driver into a separate virtual 611 00:21:47,710 --> 00:21:49,899 machine, said compartmentalizes 612 00:21:49,900 --> 00:21:52,179 the different the different 613 00:21:52,180 --> 00:21:53,889 device drivers. 614 00:21:53,890 --> 00:21:57,069 And each idea can be 615 00:21:57,070 --> 00:21:59,379 mapped to a separate machine. 616 00:21:59,380 --> 00:22:01,929 So this is compartmentalization. 617 00:22:01,930 --> 00:22:04,359 And if one driver is wrong, 618 00:22:04,360 --> 00:22:06,759 the attacker can only 619 00:22:06,760 --> 00:22:08,859 get access to that small 620 00:22:08,860 --> 00:22:09,819 compartment. 621 00:22:09,820 --> 00:22:12,309 Well, unless a hypervisor is 622 00:22:12,310 --> 00:22:13,310 broken as well 623 00:22:14,590 --> 00:22:17,079 as the hypervisor is basically a schedule 624 00:22:17,080 --> 00:22:19,629 schedule which separates 625 00:22:19,630 --> 00:22:21,399 the virtual machines and takes care of 626 00:22:21,400 --> 00:22:24,189 that and schedules the machines 627 00:22:24,190 --> 00:22:25,979 inside of the virtual machine inside of 628 00:22:25,980 --> 00:22:28,809 me, as we just have 629 00:22:28,810 --> 00:22:31,239 shared a piece of shared memory for 630 00:22:31,240 --> 00:22:33,219 accessing the packets which come in. 631 00:22:33,220 --> 00:22:34,109 We teach. 632 00:22:34,110 --> 00:22:35,079 We are. We are. 633 00:22:35,080 --> 00:22:36,359 We are then yet networked. 634 00:22:37,630 --> 00:22:39,729 And we can also do interpret from machine 635 00:22:39,730 --> 00:22:41,949 communication by using 636 00:22:41,950 --> 00:22:42,969 shared memory. 637 00:22:42,970 --> 00:22:45,219 That's also done well, initially done 638 00:22:45,220 --> 00:22:47,409 by computers, by the 639 00:22:47,410 --> 00:22:48,410 library. 640 00:22:49,240 --> 00:22:51,369 So what can we do? 641 00:22:51,370 --> 00:22:53,679 What we do have these beby we do 642 00:22:53,680 --> 00:22:55,839 have some basic products like 643 00:22:55,840 --> 00:22:57,789 the HP, HP, the U.S. 644 00:22:57,790 --> 00:22:58,929 I met. 645 00:22:58,930 --> 00:23:01,059 We have a solution for 646 00:23:01,060 --> 00:23:03,399 the storage. We have Irman, which is 647 00:23:03,400 --> 00:23:05,529 a persistent branch Apple store, which is 648 00:23:05,530 --> 00:23:08,019 similar to get but completely implemented 649 00:23:08,020 --> 00:23:10,149 and look him up and composable and 650 00:23:10,150 --> 00:23:12,429 has various back like in memory 651 00:23:12,430 --> 00:23:14,949 or on filesystem and so on. 652 00:23:14,950 --> 00:23:17,189 Then we have transport layer security at 653 00:23:17,190 --> 00:23:19,599 Lezak and since Miraj 654 00:23:19,600 --> 00:23:21,759 voting machines are so small, I mean they 655 00:23:21,760 --> 00:23:23,199 are two megabytes smaller. 656 00:23:23,200 --> 00:23:25,359 So we can just do the entire 657 00:23:25,360 --> 00:23:27,849 deployment we get and we are Gitter 658 00:23:27,850 --> 00:23:30,099 and just store the small 659 00:23:30,100 --> 00:23:31,479 blob inside of GitHub. 660 00:23:31,480 --> 00:23:33,399 And that is also great because if it 661 00:23:33,400 --> 00:23:35,379 breaks at runtime at some point, if we 662 00:23:35,380 --> 00:23:37,159 can just do a binary search like 663 00:23:37,160 --> 00:23:39,309 Engadget, what what broke 664 00:23:39,310 --> 00:23:41,439 it and instead of get we 665 00:23:41,440 --> 00:23:43,839 have this small binary block, but 666 00:23:43,840 --> 00:23:45,099 that is all we just need. 667 00:23:45,100 --> 00:23:46,839 There's no external configuration and so 668 00:23:46,840 --> 00:23:47,840 on. 669 00:23:48,700 --> 00:23:50,109 What about performance? 670 00:23:50,110 --> 00:23:52,359 Well, actually, in terms 671 00:23:52,360 --> 00:23:54,749 of the performance of Misrata, 672 00:23:54,750 --> 00:23:55,659 Russia is on that. 673 00:23:55,660 --> 00:23:57,729 It could be what I was showing earlier. 674 00:23:57,730 --> 00:24:00,069 And it is similar to Linux on our 675 00:24:00,070 --> 00:24:02,379 when we serve for static 676 00:24:02,380 --> 00:24:04,899 HP data, and that is Linux. 677 00:24:04,900 --> 00:24:06,999 And Marussia is running 678 00:24:07,000 --> 00:24:09,349 this virtual machine on 679 00:24:09,350 --> 00:24:11,439 then on 680 00:24:11,440 --> 00:24:13,509 bought the 681 00:24:13,510 --> 00:24:15,519 start time because a virtual machine is 682 00:24:15,520 --> 00:24:17,679 so small, the time is really, 683 00:24:17,680 --> 00:24:18,369 really fast. 684 00:24:18,370 --> 00:24:20,559 It's so fast that you that we 685 00:24:20,560 --> 00:24:22,629 have a DNS server which just 686 00:24:22,630 --> 00:24:23,619 waits for requests. 687 00:24:23,620 --> 00:24:25,509 And when a request comes in and it 688 00:24:25,510 --> 00:24:27,639 replies with the IP 689 00:24:27,640 --> 00:24:29,859 address and then also it checks whether 690 00:24:29,860 --> 00:24:31,599 that virtual machine is running and if 691 00:24:31,600 --> 00:24:34,269 it's not running, it just started up. 692 00:24:34,270 --> 00:24:36,549 And why the other what the client has 693 00:24:36,550 --> 00:24:39,009 requested the DNS 694 00:24:39,010 --> 00:24:41,349 query, and it's waiting 695 00:24:41,350 --> 00:24:43,209 for the answer in order to establish a 696 00:24:43,210 --> 00:24:44,529 TCAP connection. 697 00:24:44,530 --> 00:24:46,779 Our veteran Sheena's already 698 00:24:46,780 --> 00:24:48,429 booted because it would in twenty 699 00:24:48,430 --> 00:24:49,899 milliseconds. 700 00:24:49,900 --> 00:24:52,149 So it is really services on demand. 701 00:24:52,150 --> 00:24:54,339 We don't run all the Vitra machines 702 00:24:54,340 --> 00:24:56,289 at the same time, but only when they 703 00:24:56,290 --> 00:24:58,240 really need it, when we need them. 704 00:25:00,460 --> 00:25:02,709 So let's talk a bit more 705 00:25:02,710 --> 00:25:04,989 about T what is this transport 706 00:25:04,990 --> 00:25:05,949 layer security. 707 00:25:05,950 --> 00:25:08,229 And the reason for talking about that is, 708 00:25:08,230 --> 00:25:10,269 is because we developed this. 709 00:25:10,270 --> 00:25:12,699 You're a transport layer, security stack 710 00:25:12,700 --> 00:25:14,949 for this mirage in alchemic 711 00:25:14,950 --> 00:25:15,950 from scratch. 712 00:25:17,150 --> 00:25:19,369 And this is the most widely 713 00:25:19,370 --> 00:25:21,709 used security protocol since roughly 714 00:25:21,710 --> 00:25:23,989 15 years that has been 715 00:25:23,990 --> 00:25:24,990 standardized 716 00:25:27,290 --> 00:25:29,389 and it is agile. 717 00:25:29,390 --> 00:25:31,549 So instead of having hard 718 00:25:31,550 --> 00:25:34,849 coded key exchange and cipher 719 00:25:34,850 --> 00:25:36,949 method, it actually negotiates 720 00:25:36,950 --> 00:25:39,379 the protocol vision, the key exchange, 721 00:25:39,380 --> 00:25:41,329 the cipher and the hash tag rhythm to 722 00:25:41,330 --> 00:25:42,319 use. 723 00:25:42,320 --> 00:25:44,479 So it is rather 724 00:25:44,480 --> 00:25:45,979 complex or intricate. 725 00:25:45,980 --> 00:25:47,959 There are also four different versions of 726 00:25:47,960 --> 00:25:50,299 Tlas. Well, we didn't implement SSL 727 00:25:50,300 --> 00:25:52,399 version two and three because we felt 728 00:25:52,400 --> 00:25:54,769 like, well, time is over and 729 00:25:54,770 --> 00:25:56,809 there are still as one point zero one 730 00:25:56,810 --> 00:25:59,299 point twenty one point two and upcoming, 731 00:25:59,300 --> 00:26:00,919 there's also tillers of one point three, 732 00:26:00,920 --> 00:26:02,419 which we haven't yet implemented. 733 00:26:03,590 --> 00:26:06,289 The whole issue of a secure 734 00:26:06,290 --> 00:26:08,419 communication is basically how 735 00:26:08,420 --> 00:26:10,969 to authenticate the other peer, 736 00:26:10,970 --> 00:26:13,279 and that is done in using 737 00:26:13,280 --> 00:26:14,029 trust encrypted. 738 00:26:14,030 --> 00:26:16,669 So those CERT authorities 739 00:26:16,670 --> 00:26:18,859 using 509 public key 740 00:26:18,860 --> 00:26:19,860 infrastructures. 741 00:26:21,010 --> 00:26:23,469 And yeah, I'll just 742 00:26:23,470 --> 00:26:25,779 show you the handshake, because our 743 00:26:25,780 --> 00:26:28,209 stack, um, 744 00:26:28,210 --> 00:26:30,279 well, we wrote some 745 00:26:30,280 --> 00:26:32,529 tracing, we had some tracing 746 00:26:32,530 --> 00:26:34,630 features and 747 00:26:35,680 --> 00:26:37,779 within here you see you can see 748 00:26:37,780 --> 00:26:40,839 a sequence diagram of 749 00:26:40,840 --> 00:26:43,119 last handshake, which was just 750 00:26:43,120 --> 00:26:45,759 produced by my Web browser accessing 751 00:26:45,760 --> 00:26:48,489 that website, which is a Web server 752 00:26:48,490 --> 00:26:50,889 I've written using our Okmulgee 753 00:26:50,890 --> 00:26:52,029 Lastic. 754 00:26:52,030 --> 00:26:54,519 And you see here on the left, the client 755 00:26:54,520 --> 00:26:56,619 on the right, the server will make it a 756 00:26:56,620 --> 00:26:57,620 bit bigger. 757 00:27:00,990 --> 00:27:04,139 Yeah, and those dash lines are 758 00:27:04,140 --> 00:27:06,329 unencrypted messages on the wire and 759 00:27:06,330 --> 00:27:08,759 those solid lines are encrypted messages 760 00:27:08,760 --> 00:27:11,009 you can see at the bottom here, several 761 00:27:11,010 --> 00:27:11,639 staff. 762 00:27:11,640 --> 00:27:13,829 So first, the first messages 763 00:27:13,830 --> 00:27:16,139 from the client and the client actually 764 00:27:16,140 --> 00:27:19,289 says send the client hello. 765 00:27:19,290 --> 00:27:21,419 And it says, well, the 766 00:27:21,420 --> 00:27:23,519 version I support, the highest 767 00:27:23,520 --> 00:27:25,229 version, I support Estela's one point 768 00:27:25,230 --> 00:27:27,479 two. Then it sends some nonce 769 00:27:27,480 --> 00:27:29,489 because the client needs some loans in 770 00:27:29,490 --> 00:27:32,039 order to establish secure communications. 771 00:27:32,040 --> 00:27:33,719 Then we have a set of Syphax. 772 00:27:33,720 --> 00:27:35,069 You said the client says, 773 00:27:36,810 --> 00:27:39,029 oh, look here, these are actually all 774 00:27:39,030 --> 00:27:41,069 the different key exchange and encryption 775 00:27:41,070 --> 00:27:43,219 methods I can use or I 776 00:27:43,220 --> 00:27:45,119 implement. And I'm happy to talk here. 777 00:27:47,190 --> 00:27:49,689 And then the client also makes sense 778 00:27:49,690 --> 00:27:52,619 since arbitrary extensions here. 779 00:27:52,620 --> 00:27:55,169 Well, renegotiation extensions 780 00:27:55,170 --> 00:27:57,839 for security enhancements, 781 00:27:59,190 --> 00:28:01,769 then some elliptic curve stuff and so on. 782 00:28:01,770 --> 00:28:03,269 So that is the first packet. 783 00:28:03,270 --> 00:28:06,029 And then the server actually chooses 784 00:28:06,030 --> 00:28:08,309 the server chooses which product vision 785 00:28:08,310 --> 00:28:10,649 and which cipha to pick 786 00:28:10,650 --> 00:28:13,469 and decipher. It contains the 787 00:28:13,470 --> 00:28:15,599 key exchange algorithm algorithm, the 788 00:28:15,600 --> 00:28:17,249 encryption algorithm and the hash 789 00:28:17,250 --> 00:28:18,250 algorithm. 790 00:28:19,040 --> 00:28:21,229 So in this case, the service says, 791 00:28:21,230 --> 00:28:23,509 oh, yeah, let's talk to one point two 792 00:28:23,510 --> 00:28:25,759 years, by the way, my here, 793 00:28:25,760 --> 00:28:26,899 that is a civil suit. 794 00:28:26,900 --> 00:28:29,659 We talk and there is currently 795 00:28:29,660 --> 00:28:31,759 Fumarole Diffie, Heldman using our as 796 00:28:31,760 --> 00:28:34,519 a certificate and a as 797 00:28:34,520 --> 00:28:37,759 260 256 798 00:28:37,760 --> 00:28:38,760 with 799 00:28:40,370 --> 00:28:42,250 a the algorithm. 800 00:28:43,570 --> 00:28:45,979 Then the server also sent over its server 801 00:28:45,980 --> 00:28:48,069 certificate, and that is the ace 802 00:28:48,070 --> 00:28:50,499 and one included 509 803 00:28:50,500 --> 00:28:52,059 certificate, which the client needs to 804 00:28:52,060 --> 00:28:53,799 check at some point. 805 00:28:53,800 --> 00:28:56,009 Then since we are doing a 806 00:28:56,010 --> 00:28:58,089 if we have one key exchange here, we 807 00:28:58,090 --> 00:29:00,219 need to negotiate or we 808 00:29:00,220 --> 00:29:02,379 need to take the homeland 809 00:29:02,380 --> 00:29:03,339 group and so on. 810 00:29:03,340 --> 00:29:05,589 So the server also senseor here, the 811 00:29:05,590 --> 00:29:07,539 Helmand group, the generator, and it's 812 00:29:07,540 --> 00:29:09,099 public over the wire 813 00:29:10,630 --> 00:29:13,029 and then the server ends with the server 814 00:29:13,030 --> 00:29:15,129 helo done, which is well 815 00:29:15,130 --> 00:29:18,099 now I'm done here with my key exchange. 816 00:29:18,100 --> 00:29:20,539 You continue and the client, 817 00:29:20,540 --> 00:29:23,079 the client sends 818 00:29:23,080 --> 00:29:24,940 over. Now it's Stiffy 11. 819 00:29:26,140 --> 00:29:28,209 She wants it verified that the 820 00:29:28,210 --> 00:29:30,759 certificate is okay and the 821 00:29:30,760 --> 00:29:32,829 server piece of the group and so 822 00:29:32,830 --> 00:29:34,349 on is okay. 823 00:29:34,350 --> 00:29:36,359 And then the massive secret is the 824 00:29:36,360 --> 00:29:38,549 massive secret is 825 00:29:38,550 --> 00:29:41,039 the 40 odd forty eight bits of data 826 00:29:41,040 --> 00:29:43,139 which are used to derive 827 00:29:43,140 --> 00:29:45,179 the symmetric and markets. 828 00:29:46,510 --> 00:29:48,940 And then there's the single message 829 00:29:50,050 --> 00:29:51,709 aspect, which was first sent from the 830 00:29:51,710 --> 00:29:53,379 client to the server and then from the 831 00:29:53,380 --> 00:29:55,689 server to the client, and it says from 832 00:29:55,690 --> 00:29:58,149 now on, we just negotiated on some 833 00:29:58,150 --> 00:30:00,519 crypto parameters and some 834 00:30:00,520 --> 00:30:01,569 key material. 835 00:30:01,570 --> 00:30:03,429 Let's use that. 836 00:30:03,430 --> 00:30:05,899 So then then then the connection 837 00:30:05,900 --> 00:30:08,559 switches to to an encrypted 838 00:30:08,560 --> 00:30:10,389 connection and sends over the finished 839 00:30:10,390 --> 00:30:11,869 package packets. 840 00:30:11,870 --> 00:30:14,499 And the first finished is 841 00:30:14,500 --> 00:30:16,659 well, it also contains a hash in 842 00:30:16,660 --> 00:30:18,849 order to authenticate that the 843 00:30:20,140 --> 00:30:22,209 that the key that the whole 844 00:30:22,210 --> 00:30:24,369 handshake, the whole binary data 845 00:30:24,370 --> 00:30:26,679 of the handshake was received 846 00:30:26,680 --> 00:30:27,639 as it was sent. 847 00:30:27,640 --> 00:30:29,679 And there was no man in the middle who 848 00:30:29,680 --> 00:30:31,749 modified the data because it was all 849 00:30:31,750 --> 00:30:33,429 plain text. 850 00:30:33,430 --> 00:30:35,829 And the same is then sent from server 851 00:30:35,830 --> 00:30:37,479 side to the client state. 852 00:30:37,480 --> 00:30:39,879 And then finally, we are on the layer 853 00:30:39,880 --> 00:30:42,099 where we can handle our application 854 00:30:42,100 --> 00:30:43,239 data and application data. 855 00:30:43,240 --> 00:30:45,699 And this case was an HTP 856 00:30:45,700 --> 00:30:47,709 request. But you can see here and that 857 00:30:47,710 --> 00:30:49,839 was sent from the client server and then 858 00:30:49,840 --> 00:30:51,639 obviously in the server ANSYS with the 859 00:30:51,640 --> 00:30:53,139 application databank. 860 00:30:53,140 --> 00:30:55,119 But let's switch back to the slides. 861 00:30:55,120 --> 00:30:57,489 We just saw the last handshake, 862 00:30:57,490 --> 00:30:59,739 the complete a complete handshake of the 863 00:30:59,740 --> 00:31:02,019 last session, which we produced, 864 00:31:02,020 --> 00:31:04,119 first produced and then sent over 865 00:31:04,120 --> 00:31:05,919 the adjacent to the client. 866 00:31:05,920 --> 00:31:07,390 So the server actually 867 00:31:08,440 --> 00:31:10,809 remembered all the all the packets 868 00:31:10,810 --> 00:31:13,209 but were transferred and transferred 869 00:31:13,210 --> 00:31:14,229 them back to the client. 870 00:31:15,730 --> 00:31:18,399 So let's talk about, OK, Multiclass, 871 00:31:18,400 --> 00:31:20,559 that is our office early 872 00:31:20,560 --> 00:31:22,629 2014. And you left Morocco, 873 00:31:22,630 --> 00:31:25,389 Africa, where you started to develop 874 00:31:25,390 --> 00:31:27,519 a clean slate, transport 875 00:31:27,520 --> 00:31:29,709 layer, security stack 876 00:31:29,710 --> 00:31:31,839 from scratch without any 877 00:31:31,840 --> 00:31:33,129 funding. 878 00:31:33,130 --> 00:31:35,379 And it was very 879 00:31:35,380 --> 00:31:36,939 early in 2014. 880 00:31:36,940 --> 00:31:38,829 I flew there on the 5th of January of 881 00:31:38,830 --> 00:31:41,139 this year and they were drawn 882 00:31:41,140 --> 00:31:43,899 later. And it was even before 883 00:31:43,900 --> 00:31:45,879 before. And there were those security 884 00:31:45,880 --> 00:31:47,949 issues this year in various 885 00:31:47,950 --> 00:31:50,499 implementations like go to fail 886 00:31:50,500 --> 00:31:53,499 and Heartbleed and change cyphers 887 00:31:53,500 --> 00:31:55,599 vulnerability and openness 888 00:31:55,600 --> 00:31:57,429 and various others. 889 00:31:57,430 --> 00:31:59,139 I mean, Gnutella has also had some 890 00:31:59,140 --> 00:32:00,140 problems. 891 00:32:01,360 --> 00:32:03,429 And let's talk a bit 892 00:32:03,430 --> 00:32:06,039 about what Kemel tell us. 893 00:32:06,040 --> 00:32:07,899 So I guess, you know, Attila's hipster 894 00:32:07,900 --> 00:32:10,119 business as I was into before Heartbleed. 895 00:32:11,950 --> 00:32:13,239 Yeah. 896 00:32:13,240 --> 00:32:15,309 Now I try to wrap up 897 00:32:15,310 --> 00:32:17,089 or actually go into details how exactly 898 00:32:17,090 --> 00:32:18,999 you think you've just seen is laid out 899 00:32:19,000 --> 00:32:21,129 inside, because that's the important part 900 00:32:21,130 --> 00:32:22,959 here. It's not just thinking, well, 901 00:32:22,960 --> 00:32:25,029 another Tila's, it's like making Attila's 902 00:32:25,030 --> 00:32:26,030 in another way. 903 00:32:28,570 --> 00:32:31,089 So we basically have several libraries 904 00:32:31,090 --> 00:32:32,859 to handle subtests which are involved in 905 00:32:32,860 --> 00:32:34,869 this security protocol. 906 00:32:34,870 --> 00:32:37,089 So we have the crypto library 907 00:32:37,090 --> 00:32:39,189 and we have the CERT library, 908 00:32:40,210 --> 00:32:42,679 which basically passes and validate 909 00:32:42,680 --> 00:32:45,279 certificates and we have 910 00:32:45,280 --> 00:32:48,189 the overall DELYS built on top of that. 911 00:32:48,190 --> 00:32:50,259 And the crucial part is 912 00:32:50,260 --> 00:32:51,939 that we're aiming for simplicity, but 913 00:32:51,940 --> 00:32:53,649 throughout, inside and outside. 914 00:32:53,650 --> 00:32:55,629 So we want to have the code to the simple 915 00:32:55,630 --> 00:32:57,759 and the code, the not to 916 00:32:57,760 --> 00:32:59,649 be prone to the spooky action at a 917 00:32:59,650 --> 00:33:01,899 distance, to be easier to reason about. 918 00:33:01,900 --> 00:33:03,399 But we also wanted the code to be simple 919 00:33:03,400 --> 00:33:05,529 to use, and it's actually 920 00:33:05,530 --> 00:33:07,629 a published Deficiency of Nonfuel 921 00:33:07,630 --> 00:33:09,849 ASX. There was an actual 922 00:33:09,850 --> 00:33:11,949 published paper about how 923 00:33:11,950 --> 00:33:14,409 the unworldliness of Openness 924 00:33:14,410 --> 00:33:16,629 sells API leads to 925 00:33:16,630 --> 00:33:18,579 in the wild security problems. 926 00:33:18,580 --> 00:33:20,949 And that's because it's called the book, 927 00:33:20,950 --> 00:33:22,389 which is called Back to to Check. 928 00:33:22,390 --> 00:33:24,609 The Certificate's is quite 929 00:33:24,610 --> 00:33:26,769 difficult to implement correctly. 930 00:33:26,770 --> 00:33:28,389 So we're actually aiming to do something 931 00:33:28,390 --> 00:33:31,449 really simple spot on and 932 00:33:31,450 --> 00:33:33,369 as small as possible for everybody 933 00:33:33,370 --> 00:33:34,449 involved. 934 00:33:34,450 --> 00:33:36,849 And we have a few libraries 935 00:33:36,850 --> 00:33:38,769 to do that. And probably the most 936 00:33:38,770 --> 00:33:40,869 interesting one, like below the 937 00:33:40,870 --> 00:33:42,939 Telus level is the crypto 938 00:33:42,940 --> 00:33:45,519 library. And it's also the most 939 00:33:45,520 --> 00:33:47,019 the one most difficult to defend because, 940 00:33:47,020 --> 00:33:48,389 well, you just never developed their own 941 00:33:48,390 --> 00:33:49,389 crypto, right? 942 00:33:49,390 --> 00:33:51,909 We had to because it has to run on Miraj 943 00:33:51,910 --> 00:33:54,129 and it had to be mostly no Camil. 944 00:33:54,130 --> 00:33:56,259 So this then all the crypto 945 00:33:56,260 --> 00:33:59,229 library and 946 00:33:59,230 --> 00:34:00,230 well, 947 00:34:01,630 --> 00:34:04,029 the essential trick 948 00:34:04,030 --> 00:34:06,109 was to try and and not 949 00:34:06,110 --> 00:34:08,468 drown ourselves and the potential 950 00:34:08,469 --> 00:34:10,539 timing channel attacks, other than the 951 00:34:10,540 --> 00:34:12,249 basic correctness, which is not horrible, 952 00:34:12,250 --> 00:34:13,599 difficult to achieve is actually 953 00:34:13,600 --> 00:34:15,759 surprisingly simple. To achieve, we 954 00:34:15,760 --> 00:34:17,259 have to be mindful of all the other 955 00:34:17,260 --> 00:34:19,329 problems that crypto library 956 00:34:19,330 --> 00:34:20,769 can be plagued with. 957 00:34:20,770 --> 00:34:22,718 I might expand on that later on if 958 00:34:22,719 --> 00:34:24,789 anybody's interested in one on 959 00:34:24,790 --> 00:34:25,899 one talk or something. 960 00:34:25,900 --> 00:34:28,299 But as far as timing side channels 961 00:34:28,300 --> 00:34:30,908 and garbage collectors go, 962 00:34:30,909 --> 00:34:32,499 the trick was to separate the 963 00:34:32,500 --> 00:34:34,479 computation, have the very cipher, of 964 00:34:34,480 --> 00:34:36,849 course, the very cryptic course in sit 965 00:34:36,850 --> 00:34:39,009 still, the void of 966 00:34:39,010 --> 00:34:40,869 amplification of the timing differences 967 00:34:40,870 --> 00:34:43,238 through the garbage collector. 968 00:34:43,239 --> 00:34:44,529 So that's our basic defense. 969 00:34:44,530 --> 00:34:46,019 What are we doing? Implementing. 970 00:34:46,020 --> 00:34:47,119 A.K.A. 971 00:34:47,120 --> 00:34:49,189 the timing, crucial parts are 972 00:34:49,190 --> 00:34:51,138 not the camel, but most of the complex, 973 00:34:51,139 --> 00:34:53,509 however, logic is, and that proved to be 974 00:34:53,510 --> 00:34:55,329 simplifying, very much simplified. 975 00:34:56,900 --> 00:34:57,900 So, yeah, we have 976 00:35:00,350 --> 00:35:02,429 we don't really have much crypto yet, but 977 00:35:02,430 --> 00:35:04,789 we have what was necessary to support 978 00:35:04,790 --> 00:35:06,139 our tools. 979 00:35:06,140 --> 00:35:08,719 And lighter note, that has been like 980 00:35:08,720 --> 00:35:11,420 for kicks, we have an RPG 981 00:35:12,860 --> 00:35:14,270 which is thought to be strong. 982 00:35:15,680 --> 00:35:17,929 Entropy sources are still debated 983 00:35:17,930 --> 00:35:19,679 on, but at least there have been mixed. 984 00:35:19,680 --> 00:35:22,089 Well, we have a few 985 00:35:22,090 --> 00:35:23,809 public Kikki algorithms. 986 00:35:25,040 --> 00:35:27,949 We have the basic core block cyphers 987 00:35:27,950 --> 00:35:30,559 that spreads and the Reindl as 988 00:35:30,560 --> 00:35:31,909 and basically through this was for 989 00:35:31,910 --> 00:35:34,309 testing. So we have Reindl and 990 00:35:34,310 --> 00:35:36,449 we have a bunch of hashas which do show 991 00:35:36,450 --> 00:35:38,569 families and the fire and 992 00:35:38,570 --> 00:35:40,019 the separation is always the same. 993 00:35:40,020 --> 00:35:42,919 Ah, with, with the block at things 994 00:35:42,920 --> 00:35:45,529 the block operations are in c always 995 00:35:45,530 --> 00:35:47,479 for speed and to avoid going through a 996 00:35:47,480 --> 00:35:49,539 garbage collector or the 997 00:35:49,540 --> 00:35:51,619 Republican Krypto is in old Camil and 998 00:35:51,620 --> 00:35:53,359 it is very nice to write it in O'Carroll 999 00:35:53,360 --> 00:35:55,189 because each single algorithm together 1000 00:35:55,190 --> 00:35:56,959 with all the utilities and then it is 1001 00:35:56,960 --> 00:35:58,279 about how many lines of code and very 1002 00:35:58,280 --> 00:35:59,449 stretched wide. 1003 00:35:59,450 --> 00:36:01,159 So it's nice environment to code in. 1004 00:36:02,330 --> 00:36:02,809 Yeah. 1005 00:36:02,810 --> 00:36:05,089 And we also have this Essel every now 1006 00:36:05,090 --> 00:36:07,849 and then is the same encoding 1007 00:36:07,850 --> 00:36:09,409 basically does develop in the early 1008 00:36:09,410 --> 00:36:11,539 eighties by telecom industry and 1009 00:36:11,540 --> 00:36:13,789 shows and it's 1010 00:36:13,790 --> 00:36:15,349 it sounds very abstract syntax notation, 1011 00:36:15,350 --> 00:36:17,509 which means that it's it's 1012 00:36:17,510 --> 00:36:19,159 a language that defined the structure of 1013 00:36:19,160 --> 00:36:21,199 data and then have the on the wire 1014 00:36:21,200 --> 00:36:22,939 encoding of data, the automatically 1015 00:36:22,940 --> 00:36:24,619 derived from the structure it actually 1016 00:36:24,620 --> 00:36:26,569 prescribed encoding wants to give it the 1017 00:36:26,570 --> 00:36:29,009 structure and it's a snippet of it. 1018 00:36:29,010 --> 00:36:31,339 I'm not going into detail that looks 1019 00:36:31,340 --> 00:36:33,289 its language in its own right and be 1020 00:36:33,290 --> 00:36:34,249 completely relevant. 1021 00:36:34,250 --> 00:36:36,379 It's only used for cert then I think one 1022 00:36:36,380 --> 00:36:38,509 other message type in the Telus 1023 00:36:38,510 --> 00:36:40,309 handshake. So it wouldn't be interesting 1024 00:36:40,310 --> 00:36:42,499 if it wasn't a notorious 1025 00:36:42,500 --> 00:36:44,689 surface attack vector in 1026 00:36:44,690 --> 00:36:46,939 the past because the former district 1027 00:36:46,940 --> 00:36:49,069 of Pass and very often 1028 00:36:49,070 --> 00:36:51,379 the other libraries don't pass it 1029 00:36:51,380 --> 00:36:52,309 safely. 1030 00:36:52,310 --> 00:36:54,439 So now and again 1031 00:36:54,440 --> 00:36:56,989 of bed exploits 1032 00:36:56,990 --> 00:36:59,299 are precisely in their celaya 1033 00:36:59,300 --> 00:37:00,650 to this Dasan 1034 00:37:02,280 --> 00:37:03,280 the solution to our son. 1035 00:37:04,850 --> 00:37:06,919 Yeah, we have something pasada. 1036 00:37:06,920 --> 00:37:08,539 There is something to focus on the 1037 00:37:08,540 --> 00:37:10,639 snippets of code, the previous 1038 00:37:10,640 --> 00:37:12,739 one and the next one. 1039 00:37:14,590 --> 00:37:16,809 So he'll go over the surface 1040 00:37:16,810 --> 00:37:18,640 index was slightly different. 1041 00:37:19,960 --> 00:37:20,960 What connects those? 1042 00:37:22,510 --> 00:37:24,609 Not a lot of thinking 1043 00:37:24,610 --> 00:37:27,309 and it is that we have an embedded light 1044 00:37:27,310 --> 00:37:29,649 because an account the outcome 1045 00:37:29,650 --> 00:37:31,749 is a very nice language to embed other 1046 00:37:31,750 --> 00:37:32,949 languages in. 1047 00:37:32,950 --> 00:37:34,389 So instead of going in, doing all the 1048 00:37:34,390 --> 00:37:36,549 passing that's usually been 1049 00:37:36,550 --> 00:37:38,979 done, just step aside, solve 1050 00:37:38,980 --> 00:37:41,739 the problem of passing in isolation, 1051 00:37:41,740 --> 00:37:43,269 and then build language like this to 1052 00:37:43,270 --> 00:37:44,529 express what they actually need to be 1053 00:37:44,530 --> 00:37:47,259 passed in the crypto context. 1054 00:37:47,260 --> 00:37:49,149 So this is one of the one of the examples 1055 00:37:49,150 --> 00:37:51,039 where there's a camel actually shiz to 1056 00:37:51,040 --> 00:37:52,600 separate concerns. 1057 00:37:55,090 --> 00:37:56,409 We also have the library that delivered 1058 00:37:56,410 --> 00:37:58,359 certificates, which might actually be 1059 00:37:58,360 --> 00:38:00,699 extended the soon to to to be 1060 00:38:00,700 --> 00:38:02,919 a standalone utility for or for 1061 00:38:02,920 --> 00:38:04,299 various things to want to do with your 1062 00:38:04,300 --> 00:38:05,409 certificates. 1063 00:38:05,410 --> 00:38:06,410 And 1064 00:38:07,840 --> 00:38:09,639 maybe the most interesting thing to note 1065 00:38:09,640 --> 00:38:12,199 is the simplicity of Teppei. 1066 00:38:12,200 --> 00:38:13,599 Essentially, we have two ways to 1067 00:38:13,600 --> 00:38:15,609 construct something that authenticates 1068 00:38:15,610 --> 00:38:16,809 your certificates. 1069 00:38:16,810 --> 00:38:18,489 And we implement the standard chain of 1070 00:38:18,490 --> 00:38:19,659 trust where you 1071 00:38:20,920 --> 00:38:23,579 provide the library with a certificate, 1072 00:38:23,580 --> 00:38:26,079 the roads and certificates, 1073 00:38:26,080 --> 00:38:28,449 and it can be queried 1074 00:38:28,450 --> 00:38:30,159 with another certificate and or 1075 00:38:30,160 --> 00:38:32,579 certificate stack and check itself, pass 1076 00:38:32,580 --> 00:38:34,299 by letters and everything and check the 1077 00:38:34,300 --> 00:38:35,799 chain whether your certificate 1078 00:38:35,800 --> 00:38:37,959 authorities actually did sign 1079 00:38:37,960 --> 00:38:39,279 the chain ultimately. 1080 00:38:39,280 --> 00:38:41,349 And they also have another kind of 1081 00:38:41,350 --> 00:38:43,629 checking built in, which is checking 1082 00:38:43,630 --> 00:38:45,849 off fingerprints, which can then 1083 00:38:45,850 --> 00:38:47,949 be accumulated, which is the basis 1084 00:38:47,950 --> 00:38:49,989 for trust in the first use mechanism. 1085 00:38:51,250 --> 00:38:54,009 So these are the parts and 1086 00:38:54,010 --> 00:38:55,839 then there is the topmost delays. 1087 00:38:55,840 --> 00:38:58,299 And this is a mouthful, definitely. 1088 00:38:58,300 --> 00:39:00,489 But what's to say is that the 1089 00:39:00,490 --> 00:39:02,589 DOE Network library you've 1090 00:39:02,590 --> 00:39:04,689 just seen in action boils down to 1091 00:39:04,690 --> 00:39:06,969 two anthropoid functions, nothing more 1092 00:39:06,970 --> 00:39:09,519 to one function to to process that 1093 00:39:09,520 --> 00:39:11,649 data that came from the outside and 1094 00:39:11,650 --> 00:39:13,209 other function to process data, which is 1095 00:39:13,210 --> 00:39:14,919 to be sent to the outside. 1096 00:39:14,920 --> 00:39:16,179 And it's more or less at 1097 00:39:18,550 --> 00:39:19,959 the time. Signature of the first one 1098 00:39:19,960 --> 00:39:21,249 itself is still multiple. 1099 00:39:21,250 --> 00:39:23,259 But it was the real one to say is that it 1100 00:39:23,260 --> 00:39:25,869 takes two things 1101 00:39:25,870 --> 00:39:27,669 into three things. 1102 00:39:27,670 --> 00:39:30,039 It takes whatever describes the state 1103 00:39:30,040 --> 00:39:32,469 of the session in progress 1104 00:39:32,470 --> 00:39:34,809 and a by tractor and 1105 00:39:34,810 --> 00:39:37,269 produces the next state after processing 1106 00:39:37,270 --> 00:39:39,519 the tractor, maybe by a factor 1107 00:39:39,520 --> 00:39:40,899 which is intended for the application to 1108 00:39:40,900 --> 00:39:42,849 resume, and maybe a third by vector, 1109 00:39:42,850 --> 00:39:44,709 which is the immediate response. 1110 00:39:44,710 --> 00:39:46,629 And that's all. 1111 00:39:46,630 --> 00:39:47,829 It doesn't do anything else. 1112 00:39:47,830 --> 00:39:49,449 It doesn't even keep state. 1113 00:39:49,450 --> 00:39:51,759 Its state is a value, just a description 1114 00:39:51,760 --> 00:39:53,879 of of a session in progress, which 1115 00:39:53,880 --> 00:39:56,059 you can actually store and provide back, 1116 00:39:56,060 --> 00:39:57,699 get out of sync with the other end point. 1117 00:39:57,700 --> 00:39:59,769 But you can do that. 1118 00:39:59,770 --> 00:40:01,959 And as for sending, it's also incredibly 1119 00:40:01,960 --> 00:40:02,960 well, just one little 1120 00:40:04,060 --> 00:40:06,159 it up there into triple, 1121 00:40:06,160 --> 00:40:07,149 but not exactly. 1122 00:40:07,150 --> 00:40:09,429 It lets it there into either a triple 1123 00:40:09,430 --> 00:40:11,709 or a value that describes an error. 1124 00:40:11,710 --> 00:40:13,179 So they are handling is completely 1125 00:40:13,180 --> 00:40:15,069 localized in that return value is 1126 00:40:15,070 --> 00:40:16,569 completely explicit. If you want to run 1127 00:40:16,570 --> 00:40:18,039 it, you have to check if there was an 1128 00:40:18,040 --> 00:40:19,389 error. It's very easy to do 1129 00:40:20,620 --> 00:40:22,749 that. That kind of simplicity aiming at 1130 00:40:22,750 --> 00:40:24,999 and the their function is essentially 1131 00:40:25,000 --> 00:40:26,469 give it the state and then give it to a 1132 00:40:26,470 --> 00:40:28,359 bunch of byte vectors to process and it 1133 00:40:28,360 --> 00:40:29,679 will give in your state and something to 1134 00:40:29,680 --> 00:40:30,909 send over a letter. 1135 00:40:30,910 --> 00:40:33,159 So this entire 1136 00:40:33,160 --> 00:40:35,379 apparatus of doing 1137 00:40:35,380 --> 00:40:36,939 the protocol is. 1138 00:40:38,020 --> 00:40:39,269 Contained in a 1139 00:40:40,390 --> 00:40:42,729 pure bit of code, doesn't even know about 1140 00:40:42,730 --> 00:40:45,339 sockets, it doesn't know about state. 1141 00:40:45,340 --> 00:40:46,869 It doesn't know about network. 1142 00:40:46,870 --> 00:40:48,369 You know about almost nothing. 1143 00:40:48,370 --> 00:40:50,169 It just takes some values and computes 1144 00:40:50,170 --> 00:40:51,519 some other values. 1145 00:40:51,520 --> 00:40:53,739 And that's a really good position 1146 00:40:53,740 --> 00:40:55,629 to be in when writing a security 1147 00:40:55,630 --> 00:40:56,630 protocol. 1148 00:40:57,790 --> 00:40:59,259 And of course, you don't want to use that 1149 00:40:59,260 --> 00:41:01,369 directly. So that's the core. 1150 00:41:01,370 --> 00:41:02,370 And then we have some. 1151 00:41:03,420 --> 00:41:05,289 Then sends some top of that, which 1152 00:41:05,290 --> 00:41:07,439 actually give you more or less idiomatic 1153 00:41:07,440 --> 00:41:10,229 interfaces to work with for various 1154 00:41:10,230 --> 00:41:11,609 libraries that the person might use. 1155 00:41:11,610 --> 00:41:13,709 No, Colonel, this, for example, 1156 00:41:13,710 --> 00:41:15,809 one this is one example where you can 1157 00:41:15,810 --> 00:41:18,119 accept the connection of the private 1158 00:41:18,120 --> 00:41:20,279 material and a file descriptor and get 1159 00:41:20,280 --> 00:41:22,169 the pair of channels to communicate on 1160 00:41:22,170 --> 00:41:24,209 and the address of the other end point 1161 00:41:24,210 --> 00:41:26,399 and relatively similar to the 1162 00:41:26,400 --> 00:41:28,839 function that you give it, the phone 1163 00:41:28,840 --> 00:41:30,929 notification of the difficulty which you 1164 00:41:30,930 --> 00:41:32,999 somehow synthesize the other end point 1165 00:41:33,000 --> 00:41:34,439 and it connects. 1166 00:41:34,440 --> 00:41:35,819 This is not important. What's important 1167 00:41:35,820 --> 00:41:37,619 is that if you have a completely pure 1168 00:41:37,620 --> 00:41:39,689 core, not only you can reason about it, 1169 00:41:39,690 --> 00:41:41,189 you can also glue it into whichever 1170 00:41:41,190 --> 00:41:42,149 context you want. 1171 00:41:42,150 --> 00:41:44,309 This is one of the links we have either, 1172 00:41:44,310 --> 00:41:45,929 and this is not even the main one, 1173 00:41:45,930 --> 00:41:48,089 because this is not the API we can 1174 00:41:48,090 --> 00:41:50,639 manufacture, however, many 1175 00:41:50,640 --> 00:41:52,499 of those we want, because incredible 1176 00:41:52,500 --> 00:41:54,269 flexible not to have an interaction with 1177 00:41:54,270 --> 00:41:55,270 the outside world. 1178 00:41:59,700 --> 00:42:01,919 So what is the status of all 1179 00:42:01,920 --> 00:42:02,929 camel? 1180 00:42:02,930 --> 00:42:05,339 Well, I just showed you this, the 1181 00:42:05,340 --> 00:42:07,469 last handshake and that was running on 1182 00:42:07,470 --> 00:42:09,569 our own t stack on the 1183 00:42:09,570 --> 00:42:10,739 server side. 1184 00:42:10,740 --> 00:42:13,179 And we have that demo server life 1185 00:42:13,180 --> 00:42:15,659 since July ursu this year. 1186 00:42:15,660 --> 00:42:18,269 And we served over 50000 sessions 1187 00:42:18,270 --> 00:42:20,339 and we successfully serve them. 1188 00:42:20,340 --> 00:42:22,439 So we have interoperability with 1189 00:42:22,440 --> 00:42:24,779 a lot of different elastics. 1190 00:42:24,780 --> 00:42:26,279 Well, unfortunately, there aren't that 1191 00:42:26,280 --> 00:42:27,689 many tools out there. 1192 00:42:29,860 --> 00:42:31,959 And we managed to develop a 1193 00:42:31,960 --> 00:42:34,089 working tea lasting and a robust 1194 00:42:34,090 --> 00:42:36,219 implementation off at the last stake 1195 00:42:36,220 --> 00:42:38,859 in a very short time frame, and that was, 1196 00:42:38,860 --> 00:42:40,419 what, January of this year when we 1197 00:42:40,420 --> 00:42:42,669 started. So less than three months 1198 00:42:42,670 --> 00:42:43,999 to work on implementation? 1199 00:42:44,000 --> 00:42:46,149 Yeah, roughly three months to to 1200 00:42:46,150 --> 00:42:48,489 do that. And while doing that, we 1201 00:42:48,490 --> 00:42:50,709 reflected a lot of times our entire 1202 00:42:50,710 --> 00:42:52,869 code base and we learned a lot 1203 00:42:52,870 --> 00:42:55,839 about how to securely 1204 00:42:55,840 --> 00:42:57,969 write or how to write 1205 00:42:57,970 --> 00:42:59,619 robust implementations of security 1206 00:42:59,620 --> 00:43:01,719 protocols inside of a functional 1207 00:43:01,720 --> 00:43:03,639 programing language which has Petten 1208 00:43:03,640 --> 00:43:05,769 Metric basically and 1209 00:43:05,770 --> 00:43:07,509 the statistics life. 1210 00:43:07,510 --> 00:43:09,579 Just use your sealant for line 1211 00:43:09,580 --> 00:43:11,739 counting. And I just counted the entire 1212 00:43:11,740 --> 00:43:14,619 repository. I didn't strip out anything. 1213 00:43:14,620 --> 00:43:16,989 And openness to sell has roughly 1214 00:43:16,990 --> 00:43:18,849 350000 lines of code. 1215 00:43:18,850 --> 00:43:20,889 Well, fortunately, they are the liberals, 1216 00:43:20,890 --> 00:43:23,020 the guys who managed until 1217 00:43:24,100 --> 00:43:26,259 well within a few months to strip 1218 00:43:26,260 --> 00:43:28,089 out at least fifty thousand lines of that 1219 00:43:28,090 --> 00:43:29,090 code. 1220 00:43:29,530 --> 00:43:31,989 So that is a great approach 1221 00:43:31,990 --> 00:43:34,119 to sell another small 1222 00:43:34,120 --> 00:43:36,159 sea base 1223 00:43:37,330 --> 00:43:39,789 implementation is roughly 100000 1224 00:43:39,790 --> 00:43:40,989 lines of code. 1225 00:43:40,990 --> 00:43:43,209 Our code bases currently 1226 00:43:43,210 --> 00:43:44,679 20000 lines of code. 1227 00:43:44,680 --> 00:43:47,559 And we can operate and we have 1228 00:43:47,560 --> 00:43:49,629 nearly all the features we actually 1229 00:43:49,630 --> 00:43:50,949 need to have. 1230 00:43:50,950 --> 00:43:53,349 And also, well, they even operability 1231 00:43:53,350 --> 00:43:55,209 here as shown for the server side, but 1232 00:43:55,210 --> 00:43:57,549 also the client side works with various 1233 00:43:57,550 --> 00:43:58,579 different stacks. 1234 00:44:00,010 --> 00:44:01,599 What is the future? 1235 00:44:01,600 --> 00:44:03,939 Well, we already have some 1236 00:44:03,940 --> 00:44:06,219 preliminary pull requests 1237 00:44:06,220 --> 00:44:09,099 for client authentication data deciphers 1238 00:44:09,100 --> 00:44:11,379 and server side server name 1239 00:44:11,380 --> 00:44:13,239 ID configuration. 1240 00:44:13,240 --> 00:44:15,339 What we currently don't have code for is 1241 00:44:15,340 --> 00:44:17,349 secondary resumption and elliptic curve 1242 00:44:17,350 --> 00:44:19,089 crypto cryptography. 1243 00:44:20,440 --> 00:44:22,509 We might plan to do 1244 00:44:22,510 --> 00:44:24,609 that or not. It's not that 1245 00:44:24,610 --> 00:44:25,929 hugely important, I think, 1246 00:44:27,340 --> 00:44:29,289 but we want to move forward now. 1247 00:44:29,290 --> 00:44:31,389 We have a healthy, functional code 1248 00:44:31,390 --> 00:44:34,179 base, which is rather easy to extend, 1249 00:44:34,180 --> 00:44:36,309 and we actually extended it by 1250 00:44:36,310 --> 00:44:38,409 developing al-Attiyah in 1251 00:44:38,410 --> 00:44:40,209 a very short time frame. 1252 00:44:40,210 --> 00:44:42,339 In order to do that, we need a D 1253 00:44:42,340 --> 00:44:44,529 a support in no crypto and that was 1254 00:44:44,530 --> 00:44:46,689 done within less than a week. 1255 00:44:46,690 --> 00:44:49,179 Our own implementation 1256 00:44:49,180 --> 00:44:51,189 currently doesn't have doesn't implement 1257 00:44:51,190 --> 00:44:54,159 the socialist millionaires' problem for 1258 00:44:54,160 --> 00:44:55,160 authentication, 1259 00:44:56,920 --> 00:44:59,229 but that is only a simple 1260 00:44:59,230 --> 00:45:01,629 matter of programing now and 1261 00:45:01,630 --> 00:45:01,989 then. 1262 00:45:01,990 --> 00:45:04,509 We also have this or Kemel Telus 1263 00:45:04,510 --> 00:45:06,280 is now exposed to all 1264 00:45:07,630 --> 00:45:09,699 or Kemel applications that want 1265 00:45:09,700 --> 00:45:10,869 to use it even. 1266 00:45:10,870 --> 00:45:12,759 We are a framework which is called 1267 00:45:12,760 --> 00:45:15,189 Convit, which is which 1268 00:45:15,190 --> 00:45:16,989 abstracts over the various kinds of 1269 00:45:16,990 --> 00:45:18,279 connections you can have. 1270 00:45:18,280 --> 00:45:20,470 So either shared memory or 1271 00:45:21,850 --> 00:45:24,309 TCP or tearless or 1272 00:45:24,310 --> 00:45:25,569 whatever. 1273 00:45:25,570 --> 00:45:27,999 And the Conrade Library is just 1274 00:45:28,000 --> 00:45:30,369 both server and client site 1275 00:45:30,370 --> 00:45:31,659 and abstraction over that. 1276 00:45:31,660 --> 00:45:33,909 And you just say, oh, I want to talk 1277 00:45:33,910 --> 00:45:35,319 to that host. 1278 00:45:35,320 --> 00:45:37,569 And if it's on the same 1279 00:45:37,570 --> 00:45:39,339 hosted the same physicalness, you can 1280 00:45:39,340 --> 00:45:41,409 just have a virtual machine, 1281 00:45:41,410 --> 00:45:43,269 virtual shared memory 1282 00:45:45,100 --> 00:45:46,100 connection. 1283 00:45:47,140 --> 00:45:49,419 And in December, so this month, they 1284 00:45:49,420 --> 00:45:51,639 also implemented Tech Line, 1285 00:45:51,640 --> 00:45:54,429 which is a command line client 1286 00:45:54,430 --> 00:45:56,729 using our 1287 00:45:56,730 --> 00:45:59,199 Otar library, our Telus Library 1288 00:45:59,200 --> 00:45:59,769 and so on. 1289 00:45:59,770 --> 00:46:02,409 So there is not much C-code 1290 00:46:02,410 --> 00:46:04,479 in this direct line because 1291 00:46:04,480 --> 00:46:06,159 yet only command line. 1292 00:46:06,160 --> 00:46:08,349 And you can see a screenshot I don't 1293 00:46:08,350 --> 00:46:09,759 have at the moment an Internet 1294 00:46:09,760 --> 00:46:11,829 connection, but I'm happy to demonstrate 1295 00:46:11,830 --> 00:46:12,830 to you. 1296 00:46:13,850 --> 00:46:15,949 And what is the trust trusted code base 1297 00:46:15,950 --> 00:46:16,969 in our scenario? 1298 00:46:16,970 --> 00:46:19,249 So I started this talk with the trusted 1299 00:46:19,250 --> 00:46:21,319 code base and I want to also 1300 00:46:21,320 --> 00:46:23,539 conclude what the trusted code base of 1301 00:46:23,540 --> 00:46:25,999 line of my instant messaging client is 1302 00:46:26,000 --> 00:46:28,039 Follett's then hypervisor, because it 1303 00:46:28,040 --> 00:46:29,249 runs on Zen. 1304 00:46:29,250 --> 00:46:31,519 And on top of then we have a library 1305 00:46:31,520 --> 00:46:33,829 called Mini US, which provides 1306 00:46:33,830 --> 00:46:36,859 you with some sups and 1307 00:46:36,860 --> 00:46:38,389 print functionality. 1308 00:46:38,390 --> 00:46:40,619 Then we use open lip and mouth to mouth 1309 00:46:40,620 --> 00:46:43,189 library. We use noodles 1310 00:46:43,190 --> 00:46:44,929 for the big emetic. 1311 00:46:44,930 --> 00:46:47,299 Then we have the all runtime. 1312 00:46:47,300 --> 00:46:49,070 So the or Kemel 1313 00:46:50,840 --> 00:46:52,159 though Campbell programing language 1314 00:46:52,160 --> 00:46:53,569 runtime, which includes a garbage 1315 00:46:53,570 --> 00:46:55,849 collector and so on, that we have various 1316 00:46:55,850 --> 00:46:57,529 will come a library which which we 1317 00:46:57,530 --> 00:46:59,689 commonly use like Seasprite, which is a 1318 00:46:59,690 --> 00:47:01,339 butt bite vector and so on. 1319 00:47:01,340 --> 00:47:03,469 Next 597 one 1320 00:47:03,470 --> 00:47:04,760 Otara no to 1321 00:47:05,810 --> 00:47:07,849 the library itself and so on. 1322 00:47:07,850 --> 00:47:09,709 And then obviously we also have the 1323 00:47:09,710 --> 00:47:11,779 compiler, Kremlin C compiler, but 1324 00:47:11,780 --> 00:47:14,059 we don't have any lipsey in here 1325 00:47:14,060 --> 00:47:16,369 in the trusted code base or any huge 1326 00:47:16,370 --> 00:47:18,559 Linux kernel because we just 1327 00:47:18,560 --> 00:47:19,560 don't have it. 1328 00:47:20,360 --> 00:47:22,429 So to conclude 1329 00:47:22,430 --> 00:47:24,469 the stock, I think functional operating 1330 00:47:24,470 --> 00:47:25,639 systems are real now. 1331 00:47:25,640 --> 00:47:27,889 I use it. I use decline 1332 00:47:27,890 --> 00:47:29,809 as my day to day and copy client. 1333 00:47:31,040 --> 00:47:32,479 You might ask why. 1334 00:47:32,480 --> 00:47:34,579 Okay, well, because 1335 00:47:34,580 --> 00:47:36,739 Mirage's was there, but there are other 1336 00:47:36,740 --> 00:47:38,779 approaches, other unique kernel based 1337 00:47:38,780 --> 00:47:41,599 approaches in Haskell called Helvey 1338 00:47:41,600 --> 00:47:43,879 and there's Airlangga and then so you can 1339 00:47:43,880 --> 00:47:46,849 execute directly along on the machine 1340 00:47:46,850 --> 00:47:49,159 and I believe legacy and traditions. 1341 00:47:49,160 --> 00:47:51,709 Let's start to build secure and resilient 1342 00:47:51,710 --> 00:47:53,869 systems we phased 1343 00:47:53,870 --> 00:47:54,870 out. 1344 00:47:56,080 --> 00:47:58,149 And in Germany, we managed to 1345 00:47:58,150 --> 00:48:00,339 phase out the nuclear energy by 1346 00:48:00,340 --> 00:48:01,340 2022. 1347 00:48:02,560 --> 00:48:04,749 And that's also 70s technology 1348 00:48:04,750 --> 00:48:06,189 that's similar to Genex. 1349 00:48:06,190 --> 00:48:08,589 Let's phase out Unix as well. 1350 00:48:08,590 --> 00:48:10,839 And that let's keep it simple 1351 00:48:10,840 --> 00:48:12,999 and the complexity is always the enemy 1352 00:48:13,000 --> 00:48:15,309 and remove the layers of abstractions 1353 00:48:15,310 --> 00:48:16,449 which we don't need any longer. 1354 00:48:17,500 --> 00:48:19,749 And so join our new Lipsey 1355 00:48:19,750 --> 00:48:20,750 movement. 1356 00:48:22,150 --> 00:48:23,979 We also need help. 1357 00:48:23,980 --> 00:48:25,659 Try it out. Try Midrash. 1358 00:48:25,660 --> 00:48:26,229 All right. 1359 00:48:26,230 --> 00:48:28,509 Kate ordered the code, break the code, 1360 00:48:28,510 --> 00:48:30,129 discussed the code pieces you are 1361 00:48:30,130 --> 00:48:32,289 interested in with us here at 1362 00:48:32,290 --> 00:48:33,909 the Congress. 1363 00:48:33,910 --> 00:48:36,369 I'm up there at the coffee nuts area 1364 00:48:36,370 --> 00:48:38,769 and I'm happy to serve you some 1365 00:48:38,770 --> 00:48:39,429 espresso. 1366 00:48:39,430 --> 00:48:41,169 While we talk about midrash and 1367 00:48:41,170 --> 00:48:42,170 functional programing, 1368 00:48:44,170 --> 00:48:46,839 let me thank some people involved. 1369 00:48:46,840 --> 00:48:49,479 There's first and foremost, there's 1370 00:48:49,480 --> 00:48:51,579 Mother Fedi who started this 1371 00:48:51,580 --> 00:48:54,369 whole project back in 2009. 1372 00:48:54,370 --> 00:48:56,199 Then I also would like to thank Peter 1373 00:48:56,200 --> 00:48:58,239 Sewel. He's a nice guy. 1374 00:48:58,240 --> 00:48:59,499 He will also talk. 1375 00:48:59,500 --> 00:49:01,389 He is not here yet, but he will talk on 1376 00:49:01,390 --> 00:49:03,609 day four at 1377 00:49:03,610 --> 00:49:05,709 the same time in the other room about why 1378 00:49:05,710 --> 00:49:07,359 computers are so fucked and what we can 1379 00:49:07,360 --> 00:49:08,889 do about it. 1380 00:49:08,890 --> 00:49:11,079 And then lots of various other people 1381 00:49:11,080 --> 00:49:12,280 and all the people I forgot. 1382 00:49:13,630 --> 00:49:15,399 So that is our talk. 1383 00:49:15,400 --> 00:49:17,349 And we are happy to take questions and 1384 00:49:17,350 --> 00:49:18,350 answers. 1385 00:49:19,670 --> 00:49:21,169 OK, thank you very much. 1386 00:49:30,000 --> 00:49:32,129 OK, I said we have about 10 minutes left 1387 00:49:32,130 --> 00:49:34,409 for a question Q&A, so please, 1388 00:49:34,410 --> 00:49:35,669 we have all the way as always, we have 1389 00:49:35,670 --> 00:49:37,319 six microphones in the room. 1390 00:49:37,320 --> 00:49:39,659 Please line up behind the microphones for 1391 00:49:39,660 --> 00:49:41,519 people on the stream and on the Internet. 1392 00:49:41,520 --> 00:49:43,229 We also have a signal angel in the room. 1393 00:49:43,230 --> 00:49:45,389 We can put we can ask your 1394 00:49:45,390 --> 00:49:47,339 questions in room. So please write them 1395 00:49:47,340 --> 00:49:48,479 to question the I.R.S. 1396 00:49:48,480 --> 00:49:50,069 on Twitter wherever. 1397 00:49:50,070 --> 00:49:52,169 And they will get asked the 1398 00:49:52,170 --> 00:49:53,579 first question, please, from microphone 1399 00:49:53,580 --> 00:49:55,019 number three. 1400 00:49:55,020 --> 00:49:56,669 Oh, uh, yeah. 1401 00:49:56,670 --> 00:49:57,669 Thanks for the talk. 1402 00:49:57,670 --> 00:49:59,999 We're cool. Um, I was wondering 1403 00:50:00,000 --> 00:50:02,099 if you lose most 1404 00:50:02,100 --> 00:50:04,289 of the filesystem stuff and all that, 1405 00:50:04,290 --> 00:50:07,019 which usually gives you some entropy. 1406 00:50:07,020 --> 00:50:08,860 Where do you get the reform and 1407 00:50:10,140 --> 00:50:11,140 reduce of? 1408 00:50:12,810 --> 00:50:14,699 You don't really get the entropy from the 1409 00:50:14,700 --> 00:50:15,599 file system. 1410 00:50:15,600 --> 00:50:17,999 You get entropy from anything 1411 00:50:18,000 --> 00:50:19,799 you can get entropy from. 1412 00:50:19,800 --> 00:50:22,679 So get it from Interbrand timings, 1413 00:50:22,680 --> 00:50:24,150 you get it from your Sibiu. 1414 00:50:25,260 --> 00:50:26,610 You get it from your. 1415 00:50:30,230 --> 00:50:32,349 I think actually it 1416 00:50:32,350 --> 00:50:34,659 is, yes, it is, and gathering 1417 00:50:34,660 --> 00:50:36,339 anthropos beside the fact, but so is 1418 00:50:36,340 --> 00:50:37,299 using it. 1419 00:50:37,300 --> 00:50:38,979 And I think we didn't fashion the 1420 00:50:38,980 --> 00:50:41,259 structural IT random number generation 1421 00:50:41,260 --> 00:50:42,999 is a side effect that's retained. 1422 00:50:43,000 --> 00:50:44,169 We do that side effect. 1423 00:50:44,170 --> 00:50:45,489 Sorry. We're sorry. 1424 00:50:45,490 --> 00:50:47,439 Well, I'd go home, but 1425 00:50:48,450 --> 00:50:50,649 to answer that question, so inside 1426 00:50:50,650 --> 00:50:52,719 of the Zen domain, inside 1427 00:50:52,720 --> 00:50:54,849 of a virtual machine, inside 1428 00:50:54,850 --> 00:50:57,399 of Zen, we actually wrote the host. 1429 00:50:57,400 --> 00:51:00,129 So in zero we still have some 1430 00:51:00,130 --> 00:51:02,199 Unix legacy code and that 1431 00:51:02,200 --> 00:51:04,389 one feeds some of its entropy 1432 00:51:04,390 --> 00:51:06,429 to the Vitra guests. 1433 00:51:06,430 --> 00:51:08,509 So we wrote a device for that, 1434 00:51:08,510 --> 00:51:10,899 for doing that and for communicating the 1435 00:51:10,900 --> 00:51:13,239 some entropy into the virtual machine, 1436 00:51:13,240 --> 00:51:15,579 because otherwise we are rather low 1437 00:51:15,580 --> 00:51:16,580 on entropy. 1438 00:51:18,660 --> 00:51:20,219 OK, we take two questions from the 1439 00:51:20,220 --> 00:51:21,719 Internet, please. 1440 00:51:21,720 --> 00:51:23,969 Yeah, OK, so the first question was asked 1441 00:51:23,970 --> 00:51:25,649 quite some time ago, so I'm not quite 1442 00:51:25,650 --> 00:51:27,869 sure if you've already talked to 1443 00:51:27,870 --> 00:51:28,870 that. 1444 00:51:29,370 --> 00:51:31,409 Someone asked how do you account for box 1445 00:51:31,410 --> 00:51:33,899 and the underlying layers like then 1446 00:51:33,900 --> 00:51:36,749 do you want to isolate those layers to 1447 00:51:36,750 --> 00:51:38,939 what about Hata vulnerabilities, 1448 00:51:38,940 --> 00:51:40,979 not vulnerabilities? 1449 00:51:40,980 --> 00:51:43,409 Well, at some point we have to start 1450 00:51:43,410 --> 00:51:45,569 and starting from scratch 1451 00:51:45,570 --> 00:51:46,709 with nothing. 1452 00:51:46,710 --> 00:51:48,929 I don't think my lifetime is enough for 1453 00:51:48,930 --> 00:51:51,699 that. So we decided to start somewhere 1454 00:51:51,700 --> 00:51:53,849 and currently we trust 1455 00:51:53,850 --> 00:51:56,249 the hardware, but hopefully more open 1456 00:51:56,250 --> 00:51:58,509 borders and so on will develop 1457 00:51:58,510 --> 00:52:00,839 so we can actually verify or do some sort 1458 00:52:00,840 --> 00:52:02,399 of verification of hardware. 1459 00:52:02,400 --> 00:52:04,289 And also the same story is true for the 1460 00:52:04,290 --> 00:52:06,779 hypervisor. There are various projects to 1461 00:52:06,780 --> 00:52:09,389 start to verify the correctness 1462 00:52:09,390 --> 00:52:11,759 of hyperbolizes, and we're happy 1463 00:52:11,760 --> 00:52:13,859 to switch over to another 1464 00:52:13,860 --> 00:52:15,749 back and forth for new upcoming 1465 00:52:15,750 --> 00:52:16,750 hypervisor. 1466 00:52:17,910 --> 00:52:20,729 OK, so that second question was that 1467 00:52:20,730 --> 00:52:23,309 as far as I understand, you don't verify 1468 00:52:23,310 --> 00:52:24,839 your code, is that correct? 1469 00:52:24,840 --> 00:52:26,399 And how do you test your code? 1470 00:52:27,930 --> 00:52:29,269 So that is correct. 1471 00:52:29,270 --> 00:52:31,139 I did my dissertation informal 1472 00:52:31,140 --> 00:52:33,599 verification of object oriented code, 1473 00:52:33,600 --> 00:52:36,029 where we fought a lot about 1474 00:52:36,030 --> 00:52:38,549 mutable states and 1475 00:52:38,550 --> 00:52:41,159 that was also tedious to to verify. 1476 00:52:41,160 --> 00:52:43,229 And currently we just write it 1477 00:52:43,230 --> 00:52:45,299 down. It looks in 1478 00:52:45,300 --> 00:52:47,609 this declarative approach, it looks 1479 00:52:47,610 --> 00:52:48,629 really readable. 1480 00:52:48,630 --> 00:52:50,339 And you can actually read the statement, 1481 00:52:50,340 --> 00:52:51,389 read from it. 1482 00:52:51,390 --> 00:52:53,639 And for testing, we have 1483 00:52:53,640 --> 00:52:55,889 obviously interoperability tests, some 1484 00:52:55,890 --> 00:52:58,499 unit tests, and we are also developing 1485 00:52:58,500 --> 00:53:00,599 we are working on a test environment 1486 00:53:00,600 --> 00:53:02,309 for especially those 1487 00:53:03,420 --> 00:53:05,009 protocols. 1488 00:53:05,010 --> 00:53:07,559 Yes, I can expand a little bit on that. 1489 00:53:07,560 --> 00:53:09,179 The next project we're supposed to do is 1490 00:53:09,180 --> 00:53:11,429 actually a very comprehensive test 1491 00:53:11,430 --> 00:53:12,719 for dels. 1492 00:53:12,720 --> 00:53:14,759 So it's through. We don't do a verification, 1493 00:53:14,760 --> 00:53:15,809 but it's a long story. 1494 00:53:15,810 --> 00:53:18,059 It's not really clear what to verify at 1495 00:53:18,060 --> 00:53:20,309 all. There is a very fatalistic, 1496 00:53:20,310 --> 00:53:21,329 but they're very sacred. 1497 00:53:21,330 --> 00:53:24,209 The soundness of Delys, the protocol, 1498 00:53:24,210 --> 00:53:26,219 it's not clear what to verify at all. 1499 00:53:26,220 --> 00:53:27,599 And we don't use the system that would 1500 00:53:27,600 --> 00:53:29,159 allow us to do that. 1501 00:53:29,160 --> 00:53:31,469 But we are just about to do 1502 00:53:31,470 --> 00:53:34,529 a very large test silvertails. 1503 00:53:34,530 --> 00:53:36,689 So if you give me a specification, 1504 00:53:36,690 --> 00:53:38,519 a formal specification of tearless, I'm 1505 00:53:38,520 --> 00:53:39,520 happy to verify. 1506 00:53:43,080 --> 00:53:44,729 OK, next question from microphone number 1507 00:53:44,730 --> 00:53:46,019 two, please. 1508 00:53:46,020 --> 00:53:46,829 Hi. 1509 00:53:46,830 --> 00:53:48,929 So do you have plans 1510 00:53:48,930 --> 00:53:51,419 to have them zeer written in Akana 1511 00:53:51,420 --> 00:53:53,069 or as a unique. 1512 00:53:53,070 --> 00:53:54,299 That's the first question. 1513 00:53:54,300 --> 00:53:56,459 So you and Colonel Seconders, 1514 00:53:56,460 --> 00:53:58,589 do you have plans for a 1515 00:53:58,590 --> 00:54:01,259 targeting desktop systems, so 1516 00:54:01,260 --> 00:54:03,359 specifically doing 1517 00:54:03,360 --> 00:54:06,029 gooier virtualization, using 1518 00:54:06,030 --> 00:54:08,249 or whatever you want to use 1519 00:54:08,250 --> 00:54:09,250 in that case? 1520 00:54:11,100 --> 00:54:13,439 Last question. What and distribution 1521 00:54:13,440 --> 00:54:15,599 do you use personally to use your as 1522 00:54:15,600 --> 00:54:17,779 you said, you use unique 1523 00:54:17,780 --> 00:54:19,409 Col's to run your Javor 1524 00:54:20,610 --> 00:54:22,859 distribution is so in order? 1525 00:54:22,860 --> 00:54:25,259 No, we don't have a Dunsborough and come 1526 00:54:25,260 --> 00:54:27,029 on, do you plan? 1527 00:54:27,030 --> 00:54:29,199 Not right now, because actually 1528 00:54:29,200 --> 00:54:30,809 that's a very interesting question. 1529 00:54:33,090 --> 00:54:34,799 Niraj follows up on a tradition of 1530 00:54:34,800 --> 00:54:36,989 so-called liberal operating systems which 1531 00:54:36,990 --> 00:54:38,729 were built and XO Col's, which means that 1532 00:54:38,730 --> 00:54:41,249 the kernel only provides for separation 1533 00:54:41,250 --> 00:54:43,889 and isolation, but not for facilities. 1534 00:54:43,890 --> 00:54:45,599 I think there are three of those systems. 1535 00:54:45,600 --> 00:54:48,209 All three failed due to the difficulty 1536 00:54:48,210 --> 00:54:49,799 of providing comprehensive drivers 1537 00:54:49,800 --> 00:54:50,909 support. 1538 00:54:50,910 --> 00:54:52,229 The trick with MERAJ is that the 1539 00:54:52,230 --> 00:54:54,329 transcendant and the trick with sand 1540 00:54:54,330 --> 00:54:56,619 is that it runs Linux and Alpro 1541 00:54:56,620 --> 00:54:59,039 as Linux, but with access to your PCI bus 1542 00:54:59,040 --> 00:55:00,899 and the rest to get drivers. 1543 00:55:00,900 --> 00:55:03,089 So more or less right now, no, 1544 00:55:03,090 --> 00:55:05,789 we don't have a plan to build them zero 1545 00:55:05,790 --> 00:55:07,979 in on because we would have to cover 1546 00:55:07,980 --> 00:55:09,699 all the hardware it could possibly run 1547 00:55:09,700 --> 00:55:12,419 on, assuming we can get rid of 1548 00:55:12,420 --> 00:55:14,669 almost all the drivers from zero. 1549 00:55:14,670 --> 00:55:16,079 Would that be feasible then 1550 00:55:17,220 --> 00:55:19,679 if we could have if we could get rid 1551 00:55:19,680 --> 00:55:21,699 of most of the drivers in zero? 1552 00:55:21,700 --> 00:55:22,980 So including Deepu, 1553 00:55:24,030 --> 00:55:25,649 would it be feasible, do you think? 1554 00:55:25,650 --> 00:55:27,719 It probably would be feasible 1555 00:55:27,720 --> 00:55:29,939 to implement DOMS zero for 1556 00:55:29,940 --> 00:55:32,669 the management domain in that case, 1557 00:55:32,670 --> 00:55:33,629 yes. 1558 00:55:33,630 --> 00:55:35,069 For something really small, we don't have 1559 00:55:35,070 --> 00:55:36,479 a concrete plan. 1560 00:55:36,480 --> 00:55:38,399 In principle, it would be feasible, but 1561 00:55:38,400 --> 00:55:39,869 it would be tied to a particular piece of 1562 00:55:39,870 --> 00:55:42,419 hardware, like a particular on board. 1563 00:55:42,420 --> 00:55:44,189 That's the trade of zero, a 1564 00:55:44,190 --> 00:55:46,559 general-purpose one gives the 1565 00:55:46,560 --> 00:55:47,589 hardware. 1566 00:55:47,590 --> 00:55:49,379 OK, the next question was, do you have 1567 00:55:49,380 --> 00:55:51,479 any plans for GUI applications? 1568 00:55:51,480 --> 00:55:53,549 So like desktop applications, web 1569 00:55:53,550 --> 00:55:54,810 browser, etc.? 1570 00:55:56,010 --> 00:55:58,499 Um, not not right now. 1571 00:55:58,500 --> 00:56:00,449 I'm working on this exemptive decline, 1572 00:56:00,450 --> 00:56:02,219 which is all command line based. 1573 00:56:02,220 --> 00:56:03,959 And at the moment I'm mainly interested 1574 00:56:03,960 --> 00:56:06,089 in that because I think that the 1575 00:56:06,090 --> 00:56:08,189 graphical point and use point 1576 00:56:08,190 --> 00:56:10,379 and click interfaces, that that is 1577 00:56:10,380 --> 00:56:12,629 a huge amount of work to to implement. 1578 00:56:12,630 --> 00:56:14,879 And we are currently mainly focusing 1579 00:56:14,880 --> 00:56:18,059 on command line and server side 1580 00:56:18,060 --> 00:56:19,359 and lots and distribution. 1581 00:56:19,360 --> 00:56:21,569 Do you use for your for 1582 00:56:21,570 --> 00:56:24,749 your use personal use arch Linux. 1583 00:56:24,750 --> 00:56:25,859 Well, I use privacy. 1584 00:56:27,150 --> 00:56:28,559 OK, thank you. 1585 00:56:28,560 --> 00:56:30,509 OK, we really have to microphone to 1586 00:56:30,510 --> 00:56:33,539 someone else and make sure no one is 1587 00:56:33,540 --> 00:56:36,149 coming back to white lights and 1588 00:56:36,150 --> 00:56:37,529 state. 1589 00:56:37,530 --> 00:56:39,869 How do you deal with time inside channels 1590 00:56:39,870 --> 00:56:40,889 in your crypto library? 1591 00:56:40,890 --> 00:56:43,319 Because if you reimplemented so 1592 00:56:43,320 --> 00:56:45,489 fast you are begging for 1593 00:56:45,490 --> 00:56:47,829 new time inside Chestnut's and 1594 00:56:47,830 --> 00:56:49,889 Clip-Clop is not 1595 00:56:49,890 --> 00:56:52,289 designed for 1596 00:56:52,290 --> 00:56:54,359 constant execution time of 1597 00:56:54,360 --> 00:56:55,889 large, no multiplication 1598 00:56:57,240 --> 00:56:58,920 and some use even 1599 00:57:00,000 --> 00:57:02,099 time inside channel information in there 1600 00:57:02,100 --> 00:57:03,289 multiply instructions. 1601 00:57:03,290 --> 00:57:05,339 So yeah. So Lepchenko was not designed 1602 00:57:05,340 --> 00:57:07,229 for a constant time, of course, because 1603 00:57:07,230 --> 00:57:09,599 essentially saying Konstantine 1604 00:57:09,600 --> 00:57:11,309 Dignam operations is like saying 1605 00:57:11,310 --> 00:57:13,439 Konstantine string length without 1606 00:57:13,440 --> 00:57:14,519 the length felt. 1607 00:57:14,520 --> 00:57:17,089 But at that level there 1608 00:57:17,090 --> 00:57:19,289 obviously operations were a good size 1609 00:57:19,290 --> 00:57:20,819 and that level with the blending 1610 00:57:20,820 --> 00:57:23,099 traditional countermeasures which are not 1611 00:57:23,100 --> 00:57:25,409 in the constant time primitive 1612 00:57:25,410 --> 00:57:26,879 Artomatic operations, but. 1613 00:57:26,880 --> 00:57:28,619 There are higher up algorithmic level 1614 00:57:28,620 --> 00:57:30,929 like RSA blinding this and blinding 1615 00:57:30,930 --> 00:57:33,029 is still not clear in 1616 00:57:33,030 --> 00:57:35,049 details, but. 1617 00:57:35,050 --> 00:57:37,149 Where timing leaks have presented 1618 00:57:37,150 --> 00:57:39,369 big name code, which is blinded by 1619 00:57:40,450 --> 00:57:43,239 the usual methods, and I 1620 00:57:43,240 --> 00:57:45,009 honestly didn't didn't hear the first 1621 00:57:45,010 --> 00:57:46,789 part of the question we're asking about 1622 00:57:46,790 --> 00:57:48,999 timing aside channels in Low-Level cipher 1623 00:57:49,000 --> 00:57:50,000 code. 1624 00:57:51,220 --> 00:57:53,289 If I understand you correctly, 1625 00:57:53,290 --> 00:57:55,539 you reimplement at Mosiah first in 1626 00:57:55,540 --> 00:57:56,249 Okemah? 1627 00:57:56,250 --> 00:57:58,419 No, that's the trick of actually use 1628 00:57:58,420 --> 00:58:00,579 the reference implementation of Reindl in 1629 00:58:00,580 --> 00:58:03,219 C we did not reimplemented. 1630 00:58:03,220 --> 00:58:05,209 We should switch it at some point. 1631 00:58:05,210 --> 00:58:07,989 Avoid the cash based 1632 00:58:07,990 --> 00:58:10,239 index of Arae timing Leakin 1633 00:58:10,240 --> 00:58:12,279 Reindl. But right now we have the actual 1634 00:58:12,280 --> 00:58:14,409 code signed by the original 1635 00:58:14,410 --> 00:58:15,699 authoress of Reindl. 1636 00:58:15,700 --> 00:58:18,039 The trick is that the code has unrolled 1637 00:58:18,040 --> 00:58:20,769 around loop, no allocation 1638 00:58:20,770 --> 00:58:22,299 and just straight forward. 1639 00:58:22,300 --> 00:58:24,159 So that's what tinsy everything else is 1640 00:58:24,160 --> 00:58:26,079 all kemel. We didn't implement them 1641 00:58:26,080 --> 00:58:28,239 precisely not to do Nasta 1642 00:58:28,240 --> 00:58:29,219 mistakes. 1643 00:58:29,220 --> 00:58:31,009 OK, thank you. 1644 00:58:31,010 --> 00:58:32,919 OK, a quick question from microphone 1645 00:58:32,920 --> 00:58:33,920 number two please. 1646 00:58:34,660 --> 00:58:36,999 I don't really understand why you think 1647 00:58:37,000 --> 00:58:39,249 that the OS will be more secure than 1648 00:58:39,250 --> 00:58:41,409 Linux or Windows because 1649 00:58:41,410 --> 00:58:43,509 now it's a toy OS to have not much 1650 00:58:43,510 --> 00:58:45,609 code. OK, but sometimes it 1651 00:58:45,610 --> 00:58:47,199 will be a feature complete and then it 1652 00:58:47,200 --> 00:58:49,359 will be Eco-System Free PC or 1653 00:58:49,360 --> 00:58:50,469 Linux. 1654 00:58:50,470 --> 00:58:52,659 And just using Okarma will not 1655 00:58:52,660 --> 00:58:55,060 make your code secure by default. 1656 00:58:56,900 --> 00:58:58,969 So in know, Carol, we have 1657 00:58:58,970 --> 00:59:01,159 some language features that 1658 00:59:01,160 --> 00:59:03,649 prevent certain sorts of attacks 1659 00:59:03,650 --> 00:59:05,959 like overflows because we don't 1660 00:59:05,960 --> 00:59:07,759 have many memory management inside of, 1661 00:59:07,760 --> 00:59:10,039 OK, so there's a whole area 1662 00:59:10,040 --> 00:59:12,469 of Backes which we actually prevent 1663 00:59:12,470 --> 00:59:14,779 and the other protists that instead 1664 00:59:14,780 --> 00:59:16,849 of having thirty three hundred 1665 00:59:16,850 --> 00:59:18,469 fifty thousand lines of code, we are 1666 00:59:18,470 --> 00:59:20,529 currently at 20000 lines of code. 1667 00:59:20,530 --> 00:59:22,609 Yeah, it might, it might 1668 00:59:22,610 --> 00:59:24,679 double to be at 1669 00:59:24,680 --> 00:59:26,839 the same level of features, but then it's 1670 00:59:26,840 --> 00:59:29,089 still a factor of 10 smaller than 1671 00:59:29,090 --> 00:59:29,619 openness. 1672 00:59:29,620 --> 00:59:31,699 So I don't believe 1673 00:59:31,700 --> 00:59:34,289 that because 1674 00:59:34,290 --> 00:59:36,469 I'm reviewing code 1675 00:59:36,470 --> 00:59:38,799 written in OK is much more difficult 1676 00:59:38,800 --> 00:59:40,909 than say a cowritten see 1677 00:59:42,020 --> 00:59:42,809 and see. 1678 00:59:42,810 --> 00:59:46,039 Yes, it is actually 1679 00:59:46,040 --> 00:59:48,439 actually the propolis or that question. 1680 00:59:48,440 --> 00:59:50,599 We should compare in detail 1681 00:59:50,600 --> 00:59:52,789 the code for the 1682 00:59:52,790 --> 00:59:55,489 tasks or regions that were affected by 1683 00:59:55,490 --> 00:59:57,679 last year's high profile exploits in 1684 00:59:57,680 --> 00:59:59,119 other Krypto libraries. 1685 00:59:59,120 --> 01:00:01,699 And the contrast is more than stark. 1686 01:00:01,700 --> 01:00:03,769 Something like Heartbleed 1687 01:00:03,770 --> 01:00:05,929 constitutionally cannot happen at 1688 01:00:05,930 --> 01:00:08,299 all. Not yet. The GC did the memory 1689 01:00:08,300 --> 01:00:10,369 safety because we can't reinterpret 1690 01:00:10,370 --> 01:00:13,159 a key as a buffer or a vector. 1691 01:00:13,160 --> 01:00:15,019 On the other hand, there is some logical 1692 01:00:15,020 --> 01:00:17,569 bugs like Chainsawed Forsooth, which is 1693 01:00:17,570 --> 01:00:19,999 which is not quite 1694 01:00:20,000 --> 01:00:21,629 quite a bit of bugs in open air. 1695 01:00:21,630 --> 01:00:23,689 So this year, which is a problem 1696 01:00:23,690 --> 01:00:25,909 in the unwieldiness of encoding 1697 01:00:25,910 --> 01:00:28,249 the state machine in C, 1698 01:00:28,250 --> 01:00:30,109 and if you just see look at the 1699 01:00:30,110 --> 01:00:32,179 difference between code and how obvious 1700 01:00:32,180 --> 01:00:34,189 this problem is, there are no gammel 1701 01:00:34,190 --> 01:00:36,409 implied they are. And see, I 1702 01:00:36,410 --> 01:00:37,489 think you would us. 1703 01:00:39,080 --> 01:00:40,080 Everything's OK. 1704 01:00:41,330 --> 01:00:43,489 OK, I'm sorry, but we ran out of time, 1705 01:00:43,490 --> 01:00:45,469 so please again ask you for one more 1706 01:00:45,470 --> 01:00:47,489 round of applause for Honasan, David, for 1707 01:00:47,490 --> 01:00:48,439 Go Talk. 1708 01:00:48,440 --> 01:00:49,440 Thank you very much.