System Transparency Blog

A security architecture for bare-metal servers

  • Trillian log sequencing: demystified?

    One way to view Trillian is as a database with an append-only Merkle tree. That Merkle tree is managed by a separate component called a log signer. It runs in a dedicated process that basically merges pending leaves that have yet to be incorporated into the Merkle tree. This part of the log signer is structured as a sequencing job that runs periodically. I spent a few hours learning more about the details and thought shared knowledge is better.

    Read more…
  • Observations from a Trillian play-date

    Have you ever heard about Trillian in the context of transparency logging? Perhaps you view it as an integral part of Certificate Transparency, a solution for arbitrary transparency applications, or both. Even if you know Certificate Transparency quite well the Trillian details might be a bit blurry until you sit down and get some hands-on experience: at least that was the case for me. Therefore, Trillian and I had a little play-date.

    Read more…
  • Hold on to your hat and learn System Transparency in five minutes!

    What do we really know about the systems that run our critical applications? Not enough is probably a fair summary: much can go wrong between device reset and execution of a user-land application. System Transparency helps you verify that what you think is running remotely actually runs, and not, say, a modified operating system that contains a secret backdoor. I will break it down top-to-bottom after first motivating the rationale and objective briefly.

    Read more…
  • What happened at CT days 2020?

    This year’s CT days were hosted remotely on September 8–9. The agenda covered a wide range of topics, such as making CT more newcomer friendly, updating user-agent policies, and what it takes to operate a log at scale. I do not intend to write about all of it, and especially not every little detail. You will be brought up to speed on some highlights and get further reading. All credit obviously goes to the people who presented sessions on this material.

    Read more…