Digital twins are rapidly gaining popularity for the design and management of complex systems. The rise in availability of modeling tools coupled with continuous streams of real time data from live processes have turned the use of digital twins into a must for the system owner and operator. But what is the twin in the hands of a potential hacker? Read Dave Belt’s new blog…
In the latest Cloakware Cate video Catherine shows us how commonly available tools like debuggers can be used, with live data, by a hacker to effectively subvert an application. This simple demonstration captures the essentials […]
In the field of software security, the term ‘obfuscation’ is often used, particularly when it is desired to protect software in a fully automated, “hands-free” manner. Software obfuscation is the modification of source-code (or sometimes […]
This past week I’ve been reading the specifications for Trusted Platform Modules (TPM) published by the Trusted Computing Group of companies. It seems to me they’ve done a lot of things right, but a TPM is […]
Software Protection: Integrity, Diversity, Entanglement and Renewability (SPIDER) We’ve spent a lot of time finding a suitable analogy to explain the more subtle aspects of defense in depth and the multi-layered approach to cybersecurity that […]
Ofttimes it has been difficult to explain the role of software protection in hardware-protected secure systems, but recently security researchers have helped us out by providing many examples of zero-day exploits where flaws that are baked into hardware or firmware lead to exploitable vulnerabilities in systems. In this article we are having a look at Spectre & Meltdown and explore how these attacks could have been avoided using application protection technology.
Some of you will remember the Target and Home Depot cyberattacks in 2013 & 2014, which resulted in $202 million (Sruthi Ramakrishnan, 2017) and $134.5 million USD (Roberts, 2017) of damages respectively. In this blog article, let’s examine these and other infamous hacks in detail to glean important lessons about system and application security.