Timing-Based Attestation: Sexy Defense, or the Sexiest?

ShmooCon X - 2014

Presented by: John Butterworth, Corey Kallenberg, Xeno Kovah
Date: Saturday January 18, 2014
Time: 17:00 - 17:50
Location: Belay It room
Track: Belay it

What if I told you it's possible to ask a drunk person if he's drunk - and get an accurate answer, by measuring the reaction time? What if I told you it's possible to design security software under the assumption that the attacker has the same privileges as the defender, and the attacker can scribble over and modify the defender's code as much as he wants, but he'll still get caught? This is what timing-based attestation is all about. Come hear about how this technique has been used in everything from PCs to PDAs and Smart Phones to wireless sensor embedded systems to the firmware for NICs and Apple USB keyboards. Then hear about how we've been stealing this fire from the ivory tower, and building it into Windows kernel drivers and Dell BIOSes, and how you can to!

Xeno Kovah

Xeno, Corey, and John are Trusted Computing researchers at The MITRE Corporation. They focus on deep system security at the kernel level and below, and they have all also contributed material about these topics to OpenSecurityTraining.info.

Corey Kallenberg

Xeno, Corey, and John are Trusted Computing researchers at The MITRE Corporation. They focus on deep system security at the kernel level and below, and they have all also contributed material about these topics to OpenSecurityTraining.info.

John Butterworth

Xeno, Corey, and John are Trusted Computing researchers at The MITRE Corporation. They focus on deep system security at the kernel level and below, and they have all also contributed material about these topics to OpenSecurityTraining.info.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats