Sergey Bratus

sergey4Speaker Name: Sergey Bratus

Title: Wright’s Principle: a guiding light for hardware security

Abstract

In 2009, security researcher Joshua Wright formulated what became known as Wright’s principle, “Security does not improve until practical tools for exploration of the attack surface are made available.” Without such tools, it’s too easy for engineers working in upper layers of the system to assume that lower layers of abstraction bring only valid, benign inputs and assume only valid states; layers of abstraction become not just boundaries of competence, but are mythologized as validity filters. Unless developers can see, create, and inject invalid inputs and states with ease, myths and superstitions naturally accrete and insecure systems are built on false expectations.

In this talk, I propose an extension to the Wright’s principle: a bus or component that doesn’t come with tools for practical injection of invalid inputs and states should be considered insecure; the longer it misses such tools, the more so. If it ain’t Wright, it’s very likely wrong.

About the Speaker

Sergey Bratus is a Research Associate Professor of Computer Science at Dartmouth College. He sees state-of-the-art hacking as a distinct research and engineering discipline that, although not yet recognized as such, harbors deep insights into the nature of computing. He has a Ph.D. in Mathematics from Northeastern University and worked at BBN Technologies on natural language processing research before coming to Dartmouth.