Topic:
"Setup for Failure: Defeating SecureBoot"
 |
| Corey Kallenberg |
Corey Kallenberg is a security researcher for The MITRE Corporation who has spent
several years investigating operating system and firmware security on Intel
computers. In 2012 he coauthored work presented at DEFCON and IEEE S&P on using
timing based attestation to detect Windows kernel hooks. In 2013 he helped
discover critical problems with current implementations of the Trusted Computing
Group's "Static Root of Trust for Measurement" and co-presented this work at
NoSuchCon and Blackhat USA. Later, he discovered several vulnerabilities which
allowed bypassing of "signed BIOS enforcement" on a number of systems, allowing
an attacker to make malicious modifications to the platform firmware. These
attacks were presented at EkoParty, HITB, and PacSec.
 |
| Xeno Kovah |
Xeno is a Lead InfoSec Engineer at The MITRE Corporation, a not-‐for-‐profit company
that runs 6 federally funded research and development centers (FFRDCs) as well as
manages CVE. He is the team lead for the BIOS Analysis for Detection of Advanced
System Subversion project. On the predecessor project, Checkmate, he investigated
kernel/userspace memory integrity verification & timing-‐based attestation. Both
projects have a special emphasis on how to make it so that the measurement agent
can't just be made to lie by an attacker. Xeno has also contributed 8 days of classes
on deep system security to OpenSecurityTraining.info, with an additional 2 day class
on Intel TXT to be added soon.
 |
| John Butterworth |
John Butterworth is a security researcher at The MITRE Corporation who
specializes in low level system security. He is applying his electrical engineering
background and firmware engineering background to investigate UEFI/BIOS
security.
 |
| Sam Cornwell |
Sam Cornwell is a Sr. InfoSec Engineer at The MITRE Corporation. Since 2011 he has
been working on projects such as Checkmate, a kernel and userspace memory
integrity verification & timing-‐based attestation tool, Copernicus, a BIOS extractor
and configuration checker, and numerous other private security sensors designed to
combat sophisticated threats.
No comments:
Post a Comment