NoSec knows that Confidential Compute (TEE) is not the only answer for Data-In-Use Security. The motto of Confidential Compute theory and implementation is logical isolation of execution environments ad processes. Although we focus on the opposite of “isolation” as a Web3 strategy due to known issues with Web2 Confidential Compute especially at the hardware server level. Instead the Web3 strategy is reverse isolation, and execution of processes and data anywhere. With reliance on Zero Trust Model, Zero Knowledge Proofs (ZK), and Distributed Ledger the world opens up to a new way of compute. To reiterate, we are talking about Web3 networking and computing as mutually inclusive layers of the IT stack.
There are many common approaches to compute runtime protections especially in Linux machines (and even on Windows Machines; such as Trusted Execution Environment (TEE), Structured Exception Handler Overwrite Protection (SEHOP), Address Space Layout Randomization (ASLR), Data Execution Protection (DEP), and many more RAM/ROM execution level security best practices. These setups make it difficult for any piece of code to take over a system, however these solution workarounds have issues and are difficult to maintain on many systems. NoSec strives for innate protection and security solutions in systems which is more toward an evolved Web3 approach instead of a deprecated Web2 approach.
Example: Structured Exception Handler Overwrite Protection (SEHOP) attempts to make stack overflows harder to accomplish by checking to make sure that chains of exception handlers (interruptions) aren’t hijacked…but…
It is still hackable, especially in Microsoft servers. This is old school technology.
Example: Address Space Layout Randomization (ASLR) moves pieces of programs around randomly in portions of memory in an attempt to make it harder for nefarious code segments to jump to some place in memory that they shouldn’t.
This is old school technology. It is still hackable, especially in Microsoft servers.
Example: Data Execution Prevention (DEP) an attempt to prevent programs from executing in memory locations that should contain data and not code.
This is prone to issues and software chaos. None ever knows whats actually going on under the hood.
NoSec Cybersecurity Consulting focus on advanced new technologies and Web3 implementations, not cosmetic fixes to old school technology patterns of Web2.
NoSec is against cybersecurity wastes and common IT acceptance of normal patterns. Lets secure our digital future with the available modern technologies.