From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,caa8ecf96e8cf189 X-Google-Attributes: gid103376,public From: Andi Kleen Subject: Re: Trusting GNAT for security software Date: 1998/03/02 Message-ID: #1/1 X-Deja-AN: 329902841 Sender: andi@fred.muc.de References: <34F421F6.3A5FFF59@towson.edu> <34F5A906.1704@gsfc.nasa.gov> <34F68913.2FF865DA@cl.cam.ac.uk> <6d67j5$474$1@news.nyu.edu> <34F9444D.D2F588@cl.cam.ac.uk> <1998Mar1.142220.1@eisner> Distribution: world Organization: [posted via] Leibniz-Rechenzentrum, Muenchen (Germany) Newsgroups: comp.lang.ada Date: 1998-03-02T00:00:00+00:00 List-Id: kilgallen@eisner.decus.org (Larry Kilgallen) writes: > > Actually I think a university project, particularly one working with > > openly available sources, would be extremely hard to subvert in the manner > > that Marcus' paranoid thinking suggests. Many students had full access to > > every bit of information throughtout the development. > > But those involved in security work are supposed to think paranoid. > If you don't have a list of possible attacks against which you do not > have a provable defense, then you haven't thought hard enough. AMD > might have a special circuit inside their chips that recognizes code > generated by GNAT and if it finds it is doing triple-DES squirrels > away the key in a secret register. Another funny thing. Most newer Intel chips (PPro+) are rumoured to have loadable Microcode [SCO apparently once released a OS update that fixed microcode bugs]. Now you could patch the microcode to detect some known codes... -Andi