back

Taming the Chaos: Can we build systems that actually work?

Possible paths from today's ghastly hackery to what computing should be

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:58:52
Language
English
Abstract
We rely on mainstream computer engineering every day, but it's insanely complex, poorly understood, unreliable, and, as CCC reminds us every year, chronically insecure. This talk will explain some ways that we can do better: taming parts of this this chaos with precise understanding - illustrated with disturbing facts and clean models for current architectures and the C language, from the <a href="https://www.cl.cam.ac.uk/~pes20/rems/">REMS</a> project, and principled but pragmatic new alternatives, that build in more hardware and software security protection,as developed in the <a href="https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/">CHERI</a> project.

Computing has been massively successful, and we routinely trust computer systems with our personal, financial, medical, commercial, and governmental information. But at the same time, these systems are pervasively prone to security flaws and subject to malicious attacks. We have to trust them, but they are not *trustworthy*.

There are two root causes. First, the pan-industry computing infrastructure, of processors, programming languages, and operating systems, is based on designs from a more forgiving time, with simpler systems and little incentive to design-in strong security protection. Second, the conventional engineering techniques we use (prose specifications, manually written tests, and test-and-debug development) are good enough to make systems work in common cases, but cannot exclude all errors - and a single coding error can lead to a devastating exploit.

Are we doomed? Perhaps not. This talk will highlight the sorry state of the art and then draw on cutting-edge research, from the University of Cambridge, SRI International, ARM, and other partners, to show some ways we can do better. First, we'll show how it's become possible to build and use rigorous models for key existing interfaces to improve engineering: for the ARMv8-A and RISC-V architectures, and the C language, in the <a href="https://www.cl.cam.ac.uk/~pes20/rems/">REMS</a> project. Then we'll describe a principled but pragmatic path to build in more hardware and software security protection to future systems, as developed in the <a href="https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/">CHERI</a> project. These are joint work by many people over the last 10 years.

Talk ID
9647
Event:
35c3
Day
1
Room
Adams
Start
2:10 p.m.
Duration
01:00:00
Track
Resilience
Type of
lecture
Speaker
Peter Sewell
Talk Slug & media link
35c3-9647-taming_the_chaos_can_we_build_systems_that_actually_work

Talk & Speaker speed statistics

Very rough underestimation:
134.6 wpm
742.0 spm
141.8 wpm
777.8 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
134.6 wpm
742.0 spm
codehardwarebitmemorythingsangelcapabilitiesthingcheriquestionpointersoftwarenumbersewellpeopletalksystemmiccapabilityarchitecturebetterstandardsecurityexistinggoodfactworklanguageaddbasicallyinternetbuildingaddresssystemshardcostbehaviordesignideaallocationinterfacearmmathematicalimplementationaccessimaginetimechecksecurebad
Peter Sewell:
141.8 wpm
777.8 spm
codememorybitthingsthinghardwarecapabilitiespeoplearchitecturebettercapabilitytalkpointersecuritymathematicalinterfaceaddstandardfactarmnumbersbadbasicallylanguagedesignbehaviorideaallocationtimecheriprogramengineeringworknumberbuildrigorousaddressundefinedstuffsoftwaresystemsexactlygoodexecutionimplementationalloweddefinitionloadinstructionexisting