The future of security is in the hands of developers

first_img Log in to Reply Continue Reading Previous Using DSPs for audio AI at the edgeNext Top IoT concerns: security, connectivity, and data Share this:TwitterFacebookLinkedInMoreRedditTumblrPinterestWhatsAppSkypePocketTelegram Tags: Supply Chain Companies often don’t build security into their products from the start. Instead, they add on cryptographic algorithms and primitives to achieve confidentiality and authenticity properties, but this add-on approach makes the product a target of possible attacks.Attacks might include exploitable software bugs, the most common vulnerability, or hardware leaks, physical attacks, logical attacks and remote and localized attacks. Newly identified vulnerabilities such as Spectre, Meltdown, Foreshadow and Spoiler have shown that problems such as side-channel attacks also exist in hardware designs, and that there are likely many more vulnerabilities in current solutions from hardware vendors.Secure hardware needs to become an industry mandate. All too often companies take shortcuts in design assurance and secure design, trying to meet certain performance, area, speed and cost requirements.Without secure hardware, design flaws will continue to be discovered and exploited, risking serious data breaches and other serious consequences. It’s time for the industry to move away from the principle of security by obscurity and embrace open architectures like RISC-V which enable anyone to inspect and analyze the instruction set architecture (ISA) to assess its security.A few years ago, DARPA created its System Security Integration Through Hardware and Firmware (SSITH) program to break the cycle of vulnerability exploitation. The goal of SSITH is to develop new hardware security architectures and associated design tools that provide security against hardware vulnerabilities that are exploited through software.RISC-V Foundation member Galois is one of the companies participating in the SSITH program, developing tools and techniques for quantitatively measuring and reasoning for system security, particularly for hardware. As part of this program, Galois is working to develop baseline processors from which security improvements will be measured, port and support baseline operating systems and compilers for those CPUs and develop a demonstration application for secure hardware.DARPA recently announced that Galois will be developing a voting system as the demonstration vehicle for this secure system, built with fully open source hardware and software. While the voting system is not intended for production, it serves as an important demonstration of how DARPA technology can be used for a critical infrastructure system.The voting system will be built on open source RISC-V CPUs and will incorporate auditable software components, enabling the public to review both the software and the hardware since the RISC-V ISA is public and standardized. The purpose of this system is to spur continued research and innovation to develop more secure hardware and software solutions for the benefit of everyone.The voting system will be publicly “red teamed” in the voting village at DEF CON 2019 and DEF CON 2020 so attendees can examine it and conduct penetration tests to gauge its security. The demonstration will include both an end-to-end verifiable and a traditional non-verifiable voting system.In 2019 there will be a smart ballot box on SSITH hardware, while the 2020 event will feature all components on SSITH hardware, including both the ballot marking device and optical scan systems. A scaled down, low cost version of the system will be made available via Crowd Supply so anyone can buy it, experiment with it and use it to run even informal elections such as for school clubs or sports teams. University teams also will be participating in this program to enhance their own security research efforts.The RISC-V Foundation expects this project will yield significant learnings for universities and researchers, and we look forward to seeing more industry traction as more companies move to open source hardware. Over the past few years there has been an uptick in companies working on RISC-V based secure processors, and a number of such solutions are already commercially available.We believe industry collaboration is essential for tackling security challenges. Last year we formed a Security Standing Committee to bring together industry leaders to develop consensus around best security practices and identify potential security improvements for RISC-V implementations.The Foundation also supports a group working on a trusted execution environment for microcontroller-class processors. It is developing a specification that will serve as an extension of a privilege specification. A cryptography extensions group is building on early proposals for ISA extensions for the standardized and secure execution of popular cryptography algorithms.The future of security is in the hands of developers. We strongly encourage everyone to get involved and work together to tackle the dynamic security demands of this new era of innovation.–Helena Handschuh is chair of the RISC-V Foundation’s security standing committee and a Fellow at Rambus. >> This article was originally published on our sister site, EE Times: “RISC-V, DARPA Advance Security.” Leave a Reply Cancel reply You must Register or Login to post a comment. This site uses Akismet to reduce spam. Learn how your comment data is processed. April 30, 2019 at 2:38 am “We have seen countless news articles on various organisations losing the battle to cyber attackers in recent times. The situation is highly worrying as the more advanced technology becomes, the more advanced the hacking game progresses. Without consistent UdyRegan says: 1 thought on “The future of security is in the hands of developers” last_img read more

San Diego County sheriffs deputy arrested on suspicion of lewd acts with

first_img 00:00 00:00 spaceplay / pause qunload | stop ffullscreenshift + ←→slower / faster ↑↓volume mmute ←→seek  . seek to previous 12… 6 seek to 10%, 20% … 60% XColor SettingsAaAaAaAaTextBackgroundOpacity SettingsTextOpaqueSemi-TransparentBackgroundSemi-TransparentOpaqueTransparentFont SettingsSize||TypeSerif MonospaceSerifSans Serif MonospaceSans SerifCasualCursiveSmallCapsResetSave SettingsSAN DIEGO (KUSI) — A San Diego County sheriff’s deputy was free on bail Thursday following his arrest by Riverside County authorities on suspicion of lewd acts with a child.Sam Thomas Knight, 40, was arrested Tuesday and booked on suspicion of lewd acts with a child and child molestation, according to Riverside County jail records. He was released the following day on $65,000 bail.Details of the alleged crimes were not immediately available.San Diego County sheriff’s officials said Knight has been placed on leave and relieved of his law-enforcement authority.The Sheriff’s Department was made aware of this investigation from the beginning and cooperated fully with the Riverside sheriff’s detectives,” San Diego sheriff’s officials said. “The sheriff’s department has no comment on Mr. Knights’ current arrest.”In 2014, Sheriff Bill Gore tried to fire Knight for using a banned chokehold on a handcuffed inmate in a county jail facility. Gore ultimately failed in his attempt to fire Knight for using improper force and for not reporting the incident because of a ruling by the County Civil Service Commision.The Commissioners ruled against Gore and allowed Deputy Knight to keep his job and also collect back-pay.It was a decision a San Diego Union-Tribune editorial board referred to as a “dereliction of duty” and that the commissioners forced the sheriff’s department to tolerate officer misconduct.As far as the child molestation arrest is concerned, the Sheriff’s Department released a statement that reads in part, “It is clear that Sheriff Gore felt that Mr. Knight should not be a sheriff’s deputy, and the sheriff’s department did everything possible to ensure that was in fact the case.”Knight is the second sheriff’s deputy to be arrested over the last month.On Feb. 22, Deputy Richard Fischer was arraigned in connection with 14 charges of sexual assault and sexual battery for crimes allegedly committed against women while he was on duty. FacebookTwitter Categories: Local San Diego News March 22, 2018 Posted: March 22, 2018 John Soderman Updated: 10:26 PM San Diego County sheriffs deputy arrested on suspicion of lewd acts with a child John Soderman, last_img read more

United States led air strikes hit Al Qaeda affiliate in Syria

first_imgThe Syrian Observatory for Human Rights, a monitoring group, said the strikes were on an office and a vehicle in Idlib province in northwest Syria, where last week the group routed Western-backed Syrian rebels.Residents said one strike targeted a car used by Nusra commanders, near an internet cafe in the Nusra-controlled town of Sarmada close to the Turkish border.A rebel from another Western-backed group operating in northern Syria confirmed the air strikes on the Nusra Front and hardline Islamist group Ahrar al-Sham near the border with Turkey, and said they took place at around 1 a.m.‘The strength of strikes and their accuracy confirms that they were carried out by the alliance,’ the rebel said, speaking on condition of anonymity.The Nusra Front vehicle struck in the attack had been carrying ammunition, he said. In neighbouring Harem, residents said at least four children had been killed and dozens injured in an attack they believed was launched by the coalition.The Observatory also reported the first air strikes against Ahrar al-Sham.Residents around the rebel-held Bab al-Hawa border crossing, a strategic gateway to Turkey, said a missile flattened the group’s headquarters nearby and killed Abu al-Nasr, the head of its arms procurement division.Rami Abdulrahman, head of the Observatory, said it marked the second time the Nusra Front had been hit in the U.S.-led campaign. The first was on Sept. 23, the first day of U.S. air strikes in Syria, which are part of Washington’s strategy to ‘degrade and destroy’ Islamic State.Nusra, which has been trying with allies to remove its name from the U.N. terrorist list, was taken by surprise when coalition warplanes bombed several of its positions then. Several commanders are believed to have been killed in the September strikes, including Kuwaiti-born Mohsin al-Fadhli — also known as Abu Asmaa al-Jazrawi — reputedly a former member of Osama bin Laden’s inner circle.Nusra Front last week seized control of areas of Idlib province from Western-backed rebel leader Jamal Maarouf, head of the Syria Revolutionaries’ Front in northern Syria, confiscating its weapons.last_img read more