Pinnedlei zhouinSystem WeaknessCase Study: Google Pixel 6 phone security & Privacy (Part 1 — Threat Analysis and Countermeasures)Note: All technical information or diagrams referenced in this blog are publicly available online from vendor’s website. In case no…9 min read·Dec 12, 2021----
lei zhouEstablish device trustworthiness via attestation and TPM2.0’s roleAndroid PlayIntergity API helps you check that service requests are coming from your genuine app binary running on a genuine Android device…4 min read·May 2, 2024----
lei zhouConfidential computing and open compute Project — Part 2: Interconnect and Security ProtocolWith confidential computing’s threat model discussed in part 1, we are now deep-diving into heterogenous computing platform and understand…6 min read·Apr 11, 2024----
lei zhouConfidential computing and open compute Project(OCP) — Part OneTransport Layer Security(TLS) protects data communication on IP network, which provides following security properties:3 min read·Mar 18, 2024----
lei zhouSCADA system’s threat model and Zero Trust Architecture as mitigationSCADA system E2E full-stack use cases range from RTU, industrial field bus, PLC, frontend/backend integration and physical connectivity…4 min read·Apr 13, 2023----
lei zhouLinux kernel USB gadget driver frameworkUSB communication system comprises of two parts: USB host and multiple USB devices(up to 127 devices, USB hub can be used to connect to…2 min read·Jan 7, 2023----
lei zhouEnable OP-TEE on OSD32MP1-BRK (STM32MP15x) platformThis article will discuss STM32MP1x Trusted Execution Environment(TEE) firmware stacks briefly and then details how to enable/bring-up…4 min read·Jun 20, 2022----
lei zhouConfidential computing solution case studies(Intel SGX, AMD SEV-SNP and ARM CCA comparison)AMD SEV-SNP(Secure encryption virtualization-Secure nested paging). Virtual machine(VM) based confidential computing solution with…9 min read·May 23, 2022--3--3
lei zhouBuild highly secure IOT device: secure boot, measured boot and attestation, secure storage etcSecure Boot is the mechanism that validates the integrity of every mutable code being loaded before passing control to it. Secure boot is…7 min read·Apr 2, 2022--1--1
lei zhouBlockchain, Hash and Merkle-tree: data immutability and integrity, append-only databaseHash chaining and merkle hash tree play important role in many applications to provide data immutability and system integrity protection…5 min read·Feb 13, 2022----