This site provides information on new research in operating systems, networks,
and security and archives of past work. The main researcher
and maintainer is Nate Lawson, currently at
- rdist blog: all my latest articles are now posted here
Public Key Signature Vulnerabilities - Analysis of the RSA padding
bug in various libraries, explaining how the attack works in simple terms.
Also, we go into some flaws that are present in implementations of other
- rsa_calcmod - python code to
calculate RSA modulus n given two signatures
- hexf - ASCII to binary filter for interactive programs
When Crypto Attacks! (Yahoo 2009) -
In-depth list of attacks against various crypto implementations.
Developers seem to have gotten the message not to design their own
ciphers. Now, we're trying to get the message out that you shouldn't
be implementing your own crypto protocols or constructions, using
low-level crypto libraries. Instead, developers should work at a higher
level, using libraries like GPGME, Keyczar, or cryptlib.
If you do end up designing/implementing your own construction, getting
it reviewed by a third party is an expensive but vital task.
Highway to Hell: Hacking Toll Systems (Blackhat 2008) -
summary blog post
Designing and Attacking DRM (RSA 2008) -
Why software protection matters to everyone, including IT professionals.
Design principles for making more robust DRM. Attacker tools. Provides
a framework in two variables (L and T) for evaluating the longer term
success of a DRM system. Gives an update on the latest DRM cracks.
TLS/SSL MAC security flaw (iSec Forum) -
Analysis of one of the CBC attacks on TLS that resulted in the bump from
1.0 to 1.1.
TLS/SSL Protocol Design (Cal Poly) -
Introduction to the design principles behind SSL. This was a relatively
basic talk since the audience was a networking class with no previous
Don't Tell Joanna the Virtualized Rootkit is Dead (Blackhat 2007) -
Analysis of virtualized rootkit detection methods. Introduces "Samsara",
our framework for detecting virtualization and an implementation of
data/instruction TLB sizing, HPET timer, and VT errata tests.
We predict the future will be cat-and-mouse, where each side analyzes
and responds to the behavior of their opponent, ad infinitum.
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007) -
History and future of copy protection. Builds on the property of asymmetry
as a way of analyzing copy protection features. Defenders only need to
increase cost to attackers, not build an impenetrable wall. Included a live
demo of reading a C64 game and cracking its protection, as well as an
intro to the Xbox 360 drive hacks. Ended with some simple recommendations
for repairing the 360 hacks.
ACPI and FreeBSD (Part 2) (Bay Area FreeBSD Users Group) -
An introduction to ACPI for users. Covers how to configure ACPI on
FreeBSD and what is currently supported.
ACPI and FreeBSD (Part 1) (Bay Area FreeBSD Users Group) -
An introduction to ACPI for developers. Includes an example tracing a
power management event from the hardware up through the OS and back down.
Intended to get other kernel developers interested in helping me maintain
FreeBSD's ACPI layer.
Foundations of Platform Security (SJSU Security Class) -
Uses the concept of asymmetry as a foundation for analyzing the security
of various systems. Asymmetry in security is the property where mounting
an attack is much more difficult for the attacker than the defender's
effort required to maintain security. Platform design principles,
including a study of sendmail vs. qmail architectures, are recommended for
those who are designing their own systems.
Using FreeBSD to Design a Secure Digital Cinema Server (Usenix 2004) -
Case study of a project I did of interfacing a proprietary digital cinema
server to a FreeBSD machine, configured to act as a SCSI target. Also
contains an analysis of NetBSD's CGD disk encryption with respect to
several less common security models. While CGD (and similar products)
focus on providing privacy if an attacker has one-time read-only access
to the ciphertext, they were not designed to address other threat models.
Designing and Attacking Virtual Machines (RSA 2004) -
Describes using VMs for attack and defense and talks about the need for good
partitioning in commodity hardware (i.e., bring LPAR from IBM's VM to x86
today.) Introduces the metric of "cross-section", which is the number/size of
unique inputs that need to be recorded to reproduce the VM state.
Beyond Applied Cryptography: Designing a Secure Application
(Infosec World 2004) -
Gives various principles necessary to design a secure application --
adding encryption is not sufficient. Also describes a simple process for
doing secure protocol design (suggested by Ben Jun of CRI).
Peering Behind the Curtain: Evaluating Your Security Vendor
(Pentagon PENTCIRT 2003) -
Recommends customers of products commission a security evaluation.
Typically, the customer would choose a security evaluator and request the
vendor provide any information the evaluator needs to determine the security
of the product. Each party's interest is aligned with good security --
the vendor wants the sale, the customer wants to be secure, and the evaluator
wants to find holes. This is very different from a vendor-commissioned
report, where the evaluator is often pressured to sugar-coat the results.
The suggestion slides were provided by Paul Kocher of CRI.
- Security Conference Calendar -
If you're writing a paper or looking for a conference to attend, this
schedule should make it easy to see what needs to be submitted when.
There is some leeway with what I consider a security conference.
- TCP/IP Development -
archive of historical notes and presentations on the development
of TCP/IP including many important lessons for us today