This presentation will explain how to create bad threat models (just keep doing what you're doing), why abstractions are the work of the devil (and a necessary evil), and what happens when processor flaws meet traditional software exploitation (nothing good). I will illustrate my arguments with stick figures and an explanation of our recent BlindSide attack.
Herbert Bos is full professor at Vrije Universiteit Amsterdam where he co-leads the VUSec Systems Security group. His research interests include OS design, microarchitectural attacks and defenses, fuzzing, exploitation, networking, and dependable systems. He is very proud of his current and former students whose research results have led to five PWNIE Awards as well as changes in all major operating systems, all major browsers and all Intel CPUs. He is no fan of climate skeptics and xenophobes. He likes the Beatles.