Computer Security Innovation
IMHO
Presented for your consideration by: Fred Seigneur
Copies of the Power Point file are available at:[email protected]
2014 Cybersecurity Innovation Forum
In January 2014, I attended the 2014 Cybersecurity Innovation Forum, in Baltimore.
One reason I attended was that I was impressed with the Forum’s stated vision.
2014 Cybersecurity Innovation Forum – Background and Vision
In spite of this insightful and accurate assessment that our current approach to Cybersecurity is unsustainable, and non-scalable, rather little innovation to “define and embrace a fundamentally different approach to enterprise architecture security – one that builds security in from the beginning as a robust and solid foundation upon which to conduct our transactions” was presented.
Foundational Weaknesses
Helms Deep
Photo Source
Foundational Weaknesses
Such weaknesses exist, but are poorly understood and generally ignored
Photo Source
Computer Security - Defense in Depth
Helms Deep had Defense in DepthPhoto Source
Computer Security - Defense in Depth
But, the fatal flaw was in the foundationPhoto Source
The Root(s) of the Problem
Today’s Operating Systems are not secure and are too complex to secure by retrofit.
Few Operating Systems or Applications are rugged. Don’t verify inputs. Crash leaving attack vectors for malicious
code.
Most current security “solutions” are “Band-Aid” approaches.
Operating Systems and Applications Lack a Basic Immune System
Like someone who must be protected by an external bubble
What’s wrong with this picture?
David Vetter, a young boy from Texas, lived his life - in a plastic bubble. Nicknamed "Bubble Boy," David was born in 1971 with severe combined immunodeficiency, and was forced to live in a specially constructed sterile plastic bubble from birth until he died at age 12. (The photo is from a movie based, inappropriately, on David’s plight.)
Photo Source
Foundational Immune System Deficiencies Two very serious foundational software
problems
Operating Systems Applications Software
Both of these have the same root cause
Software Developers do not write robust code. Why?
They don’t know how They don’t know why it’s important They did not learn how, or why it’s so critical
Foundational Immune Deficiencies (Cont.)
Two very serious foundational educational problems
Software developers have NOT been taught why or how to write robust and defensive code.
Many CS Professors don’t know how to write robust and defensive code, or why it is necessary to teach it.
Long Term Solutions Better Education
Better Computer Security Education Better CS and Engineering Education Include Basic Computer Security Education
Thread in Virtually All University/College Departments
Create Demand for Foundational Security Solutions IT Procurement Authorities & Staff Users University/College Accreditation Authorities
How Can This be Done? Some Universities understand these
issues A few Educational Institutions have
realized that they can differentiate themselves in the educational market by implementing steps such as those above.
The Current State of Cyber Security Practice
Patch known holes
Hope we fixed ALL the holes
Small leaks can get bigger and some still remain undetected
But, then …
It is not IF your dam will break, it’s WHEN
Plan Ahead
Your dam WILL break Start planning a downstream dam ASAP Existing components, available today, can be
integrated to create a Secure Computing InFrastructure (SCIF*)
* SCIF – A compartmentalized infrastructure for processing sensitive information
Secure Computing InfrastructurePreliminary Block Diagram
User M
od
e Partitio
ns
TrustedNetworkDrivers
Erlang Virtual
Machine
Separation Kernel (seL4)
Hardware w/Trusted Platform Module (TPM)
Kern
elM
od
e
User 1 Erlang
Program
User n Erlang
Program
Encryption
Services
Secure Computing Infrastructure
The block diagram in the previous slide is for the basic SCIF. It can be used in an embedded system (such as IoT) and executes Erlang functions as transactions. One envisioned application is as a Secure Network Interface (SNIF), which can be used to verify and authenticate inputs to and outputs from a secure enclave. With two or more SCIF boards in a system, fault tolerance is supported using Erlang fault tolerance.
Development of SCIF applications and Administration of the SCIF and SNIF are supported via Erlang running on a virtualized instance of Linux, atop seL4. This SCIF Management System (SMS) will also be fault tolerant, using Erlang's inherent fault tolerant capabilities.
The same architecture can be used to host other Linux applications in a more trusted and fault tolerant environment than with off the shelf Linux.
Recent Progress The Parallella board seems ideally suited for
the SCIF prototype. Erlang Virtual Machine runs on Adaptiva Epiphany Secure seL4 microkernel runs on ARM Real-time code on the ARM under seL4 isolates
access to Erlang on the Epiphany chip Applications run securely on the Epiphany in
Erlang, a functional programming language that supports soft real-time, like a Software Defined Networking (SDN) controller
Phased Integration Plan Proposed by the
Secure Computing Innovation Foundation
Phase I – Feasibility Study Phase II - Proof of Concept/Demonstration Phase III – Field Trials