Profile Image

Joanna Rutkowska

@rootkovska ↗

Deleted tweet detection is currently running at reduced capacity due to changes to the Twitter API. Some tweets that have been deleted by the tweet author may not be labeled as deleted in the PolitiTweet interface.

Showing page 81 of 151.

Profile Image

Joanna Rutkowska @rootkovska

@petertoddbtc Production Intel Attestation Server (as opposed to testing IAS, for which it's easy to obtain generic SSL client certs). — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

@petertoddbtc Because these are clearly two different mechanisms, which can be enforced (and get around :) in different ways. — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

@petertoddbtc You sure this is for attestation use (production IAS), rather than for getting one's keys whitelisted for enclaves signing? — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

@scriptjunkie1 Yup, there is a limit for EPC size (~128MB in current impl), but SGX supports swapping to DRAM. @hypervista — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

@avsm Yeah, it's unclear to me whether SCONE supports swap-to-DRAM? @justincormack @jessfraz — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

@avsm For tiny enclaves, sure. But what if one wanted to run, say, Chrome Browser? @justincormack @jessfraz — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

@avsm See IA32_SGXLEPUBKEYHASH[0-3]. Haven't tried that though on Skylake. @justincormack @jessfraz — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

@tdierks All depends on how it fits into the overall architecture and your threat model :) @MrDBCross — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

@scriptjunkie1 @hypervista What do you mean? — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

@justincormack Heh. @jessfraz — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

(Of course this is all for server applications, useless for desktop currently, because no trusted human input and output) — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

@justincormack @jessfraz Is the code available somewhere? — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

Other limitations: 1) no remote attestation support (so, mostly useless in production), 2) no fork/exec. But these seems workaround-able. — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

(Even though other syscalls might not be returning any sensitive data, the app (in the enclave) still needs to parse the results...) — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

They use encryption syscall proxy (shield) for (select) file and network I/O. Unclear how protect apps from other syscalls? — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

An interesting paper about putting Linux apps into SGX enclaves and run as docker containers (h/t @jessfraz):… https://t.co/rgEwqw8dRM — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

@justincormack Well, the MSR for specifying custom LE hash is already in the SDM... I'd worry more about remote attestation... @jessfraz — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

@pyerm Is there anything concrete that makes 3.2 unsuitable for you? :) — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

@justincormack Curious to learn what you consider as the biggest pains? @jessfraz — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

@AndreaBarisani Does that mean USB Armory will now ship with an A/V preinstalled? ;P — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

RT @AndreaBarisani: A big day for us, we are proud to announce that Inverse Path is now part of F-Secure. https://t.co/UZp6F9jpmD https:/… — PolitiTweet.org

Posted Feb. 16, 2017 Retweet
Profile Image

Joanna Rutkowska @rootkovska

@AndreaBarisani Congrats! — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

Note I'm familiar with Microsoft's Drawbridge papers (which are useless for all of us, because: no code available). — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

Better yet: to run a @docker container as SGX enclave(s)? :) — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

Are there any ongoing efforts to run unmodified POSIX apps (e.g. a Web browser) within an SGX enclave? (Ok if recompilation required). — PolitiTweet.org

Posted Feb. 16, 2017
Profile Image

Joanna Rutkowska @rootkovska

RT @FAANews: Today we honor Willa Brown the first woman in the United States to have both a pilot's and mechanic's license. #BlackHistoryMo… — PolitiTweet.org

Posted Feb. 15, 2017 Retweet
Profile Image

Joanna Rutkowska @rootkovska

@MarioVilas You can go for a war to defend Euclidean Geometry, or you can realize other geometries are equally possible.. — PolitiTweet.org

Posted Feb. 15, 2017
Profile Image

Joanna Rutkowska @rootkovska

@MarioVilas Euclidean 5th postulate:) — PolitiTweet.org

Posted Feb. 15, 2017
Profile Image

Joanna Rutkowska @rootkovska

@MarioVilas Yes, although many people seem not to realize this. E.g. many consider declaration of human rights to be like a law of physics. — PolitiTweet.org

Posted Feb. 15, 2017
Profile Image

Joanna Rutkowska @rootkovska

@MarioVilas Yes, but most religions start with an assumption that the universe is _not_ indifferent. — PolitiTweet.org

Posted Feb. 15, 2017