The presentation discusses the challenges of building a secure operating system in a world where architectural manuals provide less information. It highlights the mitigations implemented in the Zircon microkernel to address speculative execution side-channel vulnerabilities and introduces Safe Side, an open-source suite of programs to test side-channel mitigations.
- Building a secure operating system is challenging due to the lack of information provided by architectural manuals
- Mitigations have been implemented in the Zircon microkernel to address speculative execution side-channel vulnerabilities
- Safe Side is an open-source suite of programs that can be used to test side-channel mitigations
- Reading everything from reputable sources, looking at what Linux does, and testing are the three tactics found to be most effective in building mitigations
The speaker emphasizes the importance of testing mitigations, as it is often uncommon. Safe Side, an open-source suite of programs, was developed to test side-channel mitigations. The tests have already found impactful bugs, including a failure in Linux's mitigation for Spectre Variant 2 that broke isolation between Chrome renderer processes.