OWASP Ottawa Nov 12th 2025: "Your Trusted Hardware Isn’t" with René Walendy
Details
Welcome to our in-Person Meetup at the University of Ottawa
In-Person Location:
150 Louis-Pasteur Private, Ottawa,
University of Ottawa
Room 564
We will continue to Live Stream on our YouTube channel. (https://www.youtube.com/@OWASP_Ottawa). Subscribe to our YouTube channel, set a reminder and you’ll get a notification as soon as we go live!
YouTube Live Stream Link: TBA!
6:00 PM EST Arrival, setup, mingle, PIZZA!!!
6:30 PM EST Technical Talks
- Introduction to OWASP Ottawa, Public Announcements.
- "Your Trusted Hardware Isn’t: Why Silicon Belongs in the Threat Model" with René Walendy
Abstract:
Your Trusted Hardware Isn’t: Why Silicon Belongs in the Threat Model
Modern security stacks assume that hardware is honest: CPUs execute the correct instructions, random number generators are truly random, and "secure enclaves" are actually secure. But none of these assumptions are guaranteed -- especially when today's chips are designed by dozens of third-party IP vendors and fabricated across a global supply chain.
This talk explores hardware Trojans: malicious modifications buried in silicon that can leak secrets, weaken cryptography, or silently bypass your best defenses. We’ll follow a concrete example -- sabotaging a CPU's true random number generator -- and see how a few altered transistors can undermine TLS, disk encryption, and authentication without leaving software-visible evidence. Taking a look at recent red-team vs. blue-team research on real chips, we’ll then show what it takes for hardware defenders to detect and counteract such threats in practice.
We’ll end with what software and security teams can do right now to treat silicon as part of the threat model, not a trusted black box. If your threat model ends at the instruction set, this talk will extend it to the transistors underneath -- without requiring you to be a chip designer.
Speaker:
René Walendy hacks hardware for science. As a PhD researcher at the Max Planck Institute for Security and Privacy and Ruhr University Bochum, he explores how humans reverse engineer chips, how to make that smarter, and where current tooling and training fall short. His work combines hands-on attack scenarios with controlled studies, building and using open research platforms to bring scientific rigor into traditionally opaque reverse engineering workflows.
Beyond the lab, René regularly speaks at academic and hacker conferences, including Chaos Communication Congress, HARRIS, and ACM CHI, and teaches hands-on training sessions at venues like Hardwear.io. He works to bring hardware security closer to the broader security community, bridging the gap between traditional security disciplines and low-level silicon hacking.
