8
The New Era of Mega Trends: Hardware Rooted Security AHMED SALLAM, VP and CTO, Hardware, Security, IP and Emerging Solutions Earlier this year, I delivered a talk at the ARM TechCon conference. One of the key points I made was that we are now in the era of mega trends that will take us to a new world. I intend to write a series of blogs talking about each of these mega trends, along with a closing blog putting the pieces of the puzzle together envisioning the new world these mega trends will take us to. We will start with Hardware Rooted Security. For close to three decades security has failed to stand up to the challenges imposed by malware authors and by the underground cyber crimes. Malware attacks take place underneath the host operating system, comprising the entire computing experience in such a way that nothing is far from the reach of malware authors. One of the advanced attacks towards the end of 2009 was Operation Aurora. I happened to be one of the principal forensic analysts who worked on figuring out what happened during the attack including how it started, what went wrong and what was stolen. We never published our findings officially but it was clear that the bad guys were able to access the source code behind the software powering most of today's digital infrastructure including: devices, servers, networks, storage and the cloud. This incident was not isolated. Since then, a considerable number of carefully and cleverly coordinated attacks have taken place, which could potentially result in some catastrophic tragedies, that and challenge the stability of the modern digital economy. In analyzing several advanced attacks, by 2010, many things became clear:

The new era of mega trends securtity

Embed Size (px)

Citation preview

Page 1: The new era of mega trends securtity

TheNewEraofMegaTrends:HardwareRootedSecurityAHMEDSALLAM,VPandCTO,Hardware,Security,IPandEmergingSolutions

Earlier this year, I delivered a talk at the ARM TechCon conference. One of the key points I made was that we are now in the era of mega trends that will take us to a new world. I intend to write a series of blogs talking about each of these mega trends, along with a closing blog putting the pieces of the puzzle together envisioning the new world these mega trends will take us to. We will start with Hardware Rooted Security.

For close to three decades security has failed to stand up to the challenges imposed by malware authors and by the underground cyber crimes. Malware attacks take place underneath the host operating system, comprising the entire computing experience in such a way that nothing is far from the reach of malware authors.

One of the advanced attacks towards the end of 2009 was Operation Aurora. I happened to be one of the principal forensic analysts who worked on figuring out what happened during the attack including how it started, what went wrong and what was stolen. We never published our findings officially but it was clear that the bad guys were able to access the source code behind the software powering most of today's digital infrastructure including: devices, servers, networks, storage and the cloud.

This incident was not isolated. Since then, a considerable number of carefully and cleverly coordinated attacks have taken place, which could potentially result in some catastrophic tragedies, that and challenge the stability of the modern digital economy.

In analyzing several advanced attacks, by 2010, many things became clear:

Page 2: The new era of mega trends securtity

1. Pure software-based security solutions are not capable of preventing waves of advanced, persistent attacks.

2. Security has to live underneath the operating system, not on top of it, and be further assisted by the system hardware.

3. APT (advanced persistent threat) attacks will continue to target stolen software products as seen during Operation Aurora.

4. Data can no longer be protected once; the bad guys know the software security algorithms used to protect them.

5. Some private keys have already been stolen and have compromised the validity of the asymmetric public crypto infrastructure.

Even with all of the above, one can still say that today we are at a much stronger defensive position. This is mainly due to the development of many hardware-rooted security technologies that provide out-of-band security assurances.

Obviously, I would start by mentioning the work at Intel and McAfee developing the DeepSAFE vision and technology. The main vision was to develop an out-of-band security that meets the following criteria:

1. Can be fully isolated from the reach of an un-trusted code. 2. Has full control and visibility to execution environment. 3. Can fully access, trigger, trap and instrument the execution environment. 4. Has the ability to change the flow of execution with no limit. 5. Can safely inject and replace code modules with no restriction. 6. Can protect any piece of code from untrusted read, write and execute

access. 7. Can partition execution environment into containers associating different

access controls and privileges to each. 8. Provide continuous protection through: disk, CPU, GPU, memory and

network operations. 9. Can tag and track data move operations across hardware subsystems.

Page 3: The new era of mega trends securtity

10. Can store its data securely and communicate out-of-band with each other via networks and local buses.

The usage of Intel's hardware virtualization and TXT has proven to work allowing out-of-band protection for the Windows kernel and applications.

In the Windows-Intel ecosystem that was not the only key development, as other brilliant technologies were developed across the industry. Windows 8 in particular came with a new set of out-of-band protection taking advantage of hardware TPM to measure and secure system firmware and Windows boot environment.

Page 4: The new era of mega trends securtity

On the ARM side, the TrustZone technology provides a hardware-enabled trusted execution environment that can safely host critical sensitive operations like: video, decoding, data decryption, e-payment transactions, etc.

Apple has also published an elegantly written, deep technical paper discussing the use of hardware as a root of trust to ensure the security of iOS devices. It is this hardware rooted security that is allowing Apple to develop Apple Pay, hence defining how financial transactions and electronic payments take place.

Page 5: The new era of mega trends securtity

Hardware-rooted-security is truly a game changer and a clear mandatory requirement for building any secure end-to-end system. Nonetheless, one

Page 6: The new era of mega trends securtity

can't assume that it can solve all elements of system security. A simple example is the recent attack over iCloud, which demonstrated the need to further focus on those attacks that don’t target the system itself but rather focus on user identity, or user-defined security. It is true that hardware can and should play a much stronger role even in prevent such attacks over user credentials. But that would be a topic I'll be covering in future blog posts.

Before concluding this article, I’d emphasize three properties of software systems that should be hardware rooted as illustrated in the figure below:

Conclusion, final words and next steps

Hardware Rooted-Security delivers a protection value that has been historically unavailable through traditional software-based security solutions. It makes safety a core component of every computer system regardless of its own operating system. It further helps in unifying the set of security features available across consumer devices and infrastructure servers hence facilitating the secure exchange of data from devices all the way to clouds.

Isolateuponexecute

Controlinterfacingand

motion

Measureuponlaunch

Page 7: The new era of mega trends securtity

Hardware innovation will continue evolving to meet the ever-changing security needs and challenges we face. Some of the areas that I think need further attention are the following:

• Tying authorization and access to resources into the holistic set of contextual relational properties focusing around locations and places, wireless networks and other forms of measuring sensors available on mobile devices.

• Tying human driven sensory properties (biological measurements, senses, affection, natural language processing) into the practice of managing, tracking and controlling users activities.

• Unifying and bridging common security features across the two dominant hardware architectures: ARM and x86.

• Unifying hardware security features across devices and servers given the inclusion of common SoC (system on a chip) modules in their chipset platforms.

Finally, I intend to continue this series, sharing my personal thoughts and experience. My hope is that series can generate useful healthy debate and further bring awareness to those evolving mega trends that will change our digital economy and human lives forever.

AbouttheauthorAhmedSallamisCitrixcross-functionalVPandCTOleadingtechnologydevelopment,emergingsolutionsandproductsstrategyinnewemergingeraofsmartdevices,IoT,IIoT,IoE,systemvirtualization,serverphysicalizationandsecurity.Hisfocusisonnewemergingend-to-endsolutionsrangingfromdevicestonetworkstocloudsacrossCitrixlinesofproducts.HealsodrivesIntellectualPropertygrowthopportunitiesandmonetizationstrategy.WorkscloselywithsoftwareandhardwareecosystempartnersintegratingintoCitrixopenplatforms.PriortoCitrix,AhmedwasCTOofAdvancedTechnologyandChiefArchitectatMcAfee/Intel.developingglobalthreatintelligencealongwith(PPP)ProactivePredicativePreventiveanti-malwaresecuritysolutions.Ahmedistheco-inventorandarchitectofIntel/McAfee’sDeepSAFEtechnologyandco-designerofVMware’sVMMCPUsecuritytechnologyknownasVMsafe.PriortoMcAfee,AhmedwasaSeniorArchitectwithNokia’ssecuritydivisionandaPrincipalEngineerat

Page 8: The new era of mega trends securtity

Symantec.Priortothat,Mr.Sallamwasafoundingengineer/director/chiefarchitectatthreestart-ups.Ahmedisarenownedexpertacrosstheindustrywellknownforpioneeringnewmodelsincomputersystemvirtualization,securityandmanagementdeliveringflexible,safer,well-managedandsecurecomputingexperience.Heholds40issuedUSpatents.Heisafrequentkeynoteandsessionspeakeratmanyconferencesincluding:CitrixSynergy,McAfeeFocus,RSAConference,VMworldandARMTechCon


MEGA - MEGA Impact 2015 Championship

MEGA - MEGA Impact 2015 Championship

Environment
MEGA-BERGERAC Pattern Guide PATTERNSEXPO-TECHSPEC-MEGABERGERAC-15 TECHNICAL SPECIFICATIONS MEGA-BERGERAC PATTERNS MEGA-BERGERAC ® MBERG03-A MEGA-BERGERAC Pattern …

MEGA-BERGERAC Pattern Guide PATTERNSEXPO-TECHSPEC-MEGABERGERAC-15 TECHNICAL SPECIFICATIONS MEGA-BERGERAC PATTERNS MEGA-BERGERAC ® MBERG03-A MEGA-BERGERAC Pattern …

Documents
Ten Challenges for the Right to Information in the Era of Mega-Leaks

Ten Challenges for the Right to Information in the Era of Mega-Leaks

Documents
MEGA MEGA SRI SRI YOGA

MEGA MEGA SRI SRI YOGA

Documents
IPhone Securtity Analysis

IPhone Securtity Analysis

Documents
Mega Development and Mega Myths - English Edition (A4)

Mega Development and Mega Myths - English Edition (A4)

Documents
New era mega promo 2015

New era mega promo 2015

Marketing
Guide Ice Mega MenuGuide Ice Mega Menu

Guide Ice Mega MenuGuide Ice Mega Menu

Documents
The container port of Buenos Aires in the mega-ship era · PDF fileThe container port of Buenos Aires in the mega-ship era Draft Discussion Paper 2017 Prepared for the Roundtable on

The container port of Buenos Aires in the mega-ship era · PDF fileThe container port of Buenos Aires in the mega-ship era Draft Discussion Paper 2017 Prepared for the Roundtable on

Documents
MEGA - MEGA Impact Championship 2016: Finals and Closing

MEGA - MEGA Impact Championship 2016: Finals and Closing

Environment
MEGA Anywhere/MEGA Advisor 2009 SP5 Installation Guide

MEGA Anywhere/MEGA Advisor 2009 SP5 Installation Guide

Documents
SUPER MEGA MEGA

SUPER MEGA MEGA

Documents
MEGA - Closing of MEGA Impact 2015 Championship

MEGA - Closing of MEGA Impact 2015 Championship

Environment
North Carolina Insurance Markets in an Era of Mega-Catastrophes Insurance Federation of North Carolina Legislative Day 2006 Raleigh, NC June 14, 2006

North Carolina Insurance Markets in an Era of Mega-Catastrophes Insurance Federation of North Carolina Legislative Day 2006 Raleigh, NC June 14, 2006

Documents
MEGA-UNIVERSITY 2003 World Summit of Mega-universities 2003 World Summit of Mega-universities Shanghai, China 7-9 November 2003 Mega-universities = Mega-impact

MEGA-UNIVERSITY 2003 World Summit of Mega-universities 2003 World Summit of Mega-universities Shanghai, China 7-9 November 2003 Mega-universities = Mega-impact

Documents
Colombo International Logistics Conference · considerable scale to meet customer needs • In an era of mega-vessels and alliances, single operator, integrated transhipment hubs

Colombo International Logistics Conference · considerable scale to meet customer needs • In an era of mega-vessels and alliances, single operator, integrated transhipment hubs

Documents
Preparing for the era of the mega-fund May 2012 D Glenn Sedgwick

Preparing for the era of the mega-fund May 2012 D Glenn Sedgwick

Documents
THE SECURITY DOORS · EN1627 to RC4, LPS 1175 to SR4 Securtity Rating D10, LPS 2081 to Securtity Rating B Openings up to 4000mm x 4000mm Ballistic and prison versions available Polyester

THE SECURITY DOORS · EN1627 to RC4, LPS 1175 to SR4 Securtity Rating D10, LPS 2081 to Securtity Rating B Openings up to 4000mm x 4000mm Ballistic and prison versions available Polyester

Documents
MEGA Recruits MEGA Leader Agents

MEGA Recruits MEGA Leader Agents

Documents
Entering the era of mega-genomics - Schatzlab - Welcome

Entering the era of mega-genomics - Schatzlab - Welcome

Documents
MEGA STEEL STRUCTURES DIGEST - EraGroup News Letter_March.pdf · MEGA STEEL STRUCTURES DIGEST An Era Buildsys Newsletter Vol. 03 ... ntPc, KaHalgaon arani PoWErs, HydEraBad nalco,

MEGA STEEL STRUCTURES DIGEST - EraGroup News Letter_March.pdf · MEGA STEEL STRUCTURES DIGEST An Era Buildsys Newsletter Vol. 03 ... ntPc, KaHalgaon arani PoWErs, HydEraBad nalco,

Documents
Presentation of ETSI TC M2M security features Group Name: WG4 Securtity Source: Francois Ennesser, Gemalto Meeting Date: 2013-04-15 Agenda Item: SEC

Presentation of ETSI TC M2M security features Group Name: WG4 Securtity Source: Francois Ennesser, Gemalto Meeting Date: 2013-04-15 Agenda Item: SEC

Documents
Catastrophe Funds & Catastrophic Risk in New York State Public/Private Partnerships in the Era of Mega-Disasters New York Insurance Association Lake Placid,

Catastrophe Funds & Catastrophic Risk in New York State Public/Private Partnerships in the Era of Mega-Disasters New York Insurance Association Lake Placid,

Documents
Chapter I East Asia as the hub of a mega-competition era

Chapter I East Asia as the hub of a mega-competition era

Documents
Securtity and Democracy in Nigeria

Securtity and Democracy in Nigeria

Documents
Meta analysis: Mega-silly or mega-useful?

Meta analysis: Mega-silly or mega-useful?

Data & Analytics
MEGA Shores - National Forming Systemsnationalforming.com/assets/nfs-mega-shores.pdf · 2 MEGA SHORES 1-888-870-0090 3 MEGA TOWER - Maximized load bearing capacity Four MEGA Shores,

MEGA Shores - National Forming Systemsnationalforming.com/assets/nfs-mega-shores.pdf · 2 MEGA SHORES 1-888-870-0090 3 MEGA TOWER - Maximized load bearing capacity Four MEGA Shores,

Documents
BU505M/BU302M Series Users Guide - TOSHIBA TELI...20 : 2.0 mega pixels 23 : 2.3 mega pixels 30 : 3.0 mega pixels 40 : 4.0 mega pixels 50 : 5.0 mega pixels 60 : 6.0 mega pixels 65 :

BU505M/BU302M Series Users Guide - TOSHIBA TELI...20 : 2.0 mega pixels 23 : 2.3 mega pixels 30 : 3.0 mega pixels 40 : 4.0 mega pixels 50 : 5.0 mega pixels 60 : 6.0 mega pixels 65 :

Documents
PT BANK MEGA Tbk Menara Bank Mega Mega Call...Strategi Keberlanutan P Bank Mega bk 5 SUSTAINABILITY STRATEGY PT Bank Mega Tbk (Bank Mega) is committed to implement sustainable finance

PT BANK MEGA Tbk Menara Bank Mega Mega Call...Strategi Keberlanutan P Bank Mega bk 5 SUSTAINABILITY STRATEGY PT Bank Mega Tbk (Bank Mega) is committed to implement sustainable finance

Documents
White Paper - iLinc – Web Collaboration and Virtual · PDF fileknowledge-driven era, ... Mega-Trends in Enterprise Learning The field of enterprise training, ... Facebook, LinkedIn,

White Paper - iLinc – Web Collaboration and Virtual · PDF fileknowledge-driven era, ... Mega-Trends in Enterprise Learning The field of enterprise training, ... Facebook, LinkedIn,

Documents