Computer Security InnovationComputer Security Innovation

IMHOIMHO

Presented for your consideration by: Fred SeigneurPresented for your consideration by: Fred Seigneur

2014 Cybersecurity Innovation 2014 Cybersecurity Innovation Forum – Forum – Background and VisionBackground and Vision

In spite of this insightful and accurate assessment that our current approach to Cybersecurity is unsustainable, and non-scalable, rather little innovation to “define and embrace a fundamentally different approach to enterprise architecture security – one that builds security in from the beginning as a robust and solid foundation upon which to conduct our transactions” was presented.

Foundational WeaknessesFoundational Weaknesses

Helms DeepHelms Deep

Photo Source

Foundational WeaknessesFoundational Weaknesses

Such weaknesses exist, but are poorly understood and generally ignored

Photo Source

Computer Security - Defense in DepthComputer Security - Defense in Depth

Helms Deep had Defense in DepthHelms Deep had Defense in DepthPhoto Source

Computer Security - Defense in DepthComputer Security - Defense in Depth

But, the fatal flaw was in the foundationBut, the fatal flaw was in the foundationPhoto Source

The Root(s) of the ProblemThe Root(s) of the Problem

Today’s Operating Systems are not secure Today’s Operating Systems are not secure and are too complex to secure by retrofit.and are too complex to secure by retrofit.

Few Operating Systems or Applications Few Operating Systems or Applications are rugged. are rugged. Don’t verify inputs.Don’t verify inputs. Crash leaving attack vectors for malicious Crash leaving attack vectors for malicious

code.code.

Most current security “solutions” are Most current security “solutions” are “Band-Aid” approaches.“Band-Aid” approaches.

Operating Systems and Applications Operating Systems and Applications Lack a Basic Immune SystemLack a Basic Immune System

Like someone who must be Like someone who must be protected by an external protected by an external bubblebubble

What’s wrong with this What’s wrong with this picture?picture?

David Vetter, a young boy from Texas, David Vetter, a young boy from Texas, lived his life - in a plastic bubble. lived his life - in a plastic bubble. Nicknamed "Bubble Boy," David was born Nicknamed "Bubble Boy," David was born in 1971 with severe combined in 1971 with severe combined immunodeficiency, and was forced to live in immunodeficiency, and was forced to live in a specially constructed sterile plastic a specially constructed sterile plastic bubble from birth until he died at age 12.bubble from birth until he died at age 12.

Photo Source

Foundational Immune System Deficiencies Foundational Immune System Deficiencies Two very serious foundational software Two very serious foundational software

problemsproblems

Operating SystemsOperating Systems Applications SoftwareApplications Software

Both of these have the same root causeBoth of these have the same root cause

Software Developers do not write robust Software Developers do not write robust code. Why?code. Why?

They don’t know howThey don’t know how They don’t know why it’s importantThey don’t know why it’s important They did not learn how, or why it’s so criticalThey did not learn how, or why it’s so critical

Foundational Immune Foundational Immune Deficiencies (Cont.)Deficiencies (Cont.)

Two very serious foundational Two very serious foundational educational problemseducational problems

Software developers have NOT been Software developers have NOT been taught why or how to write robust and taught why or how to write robust and defensive code.defensive code.

Many CS Professors don’t know how to Many CS Professors don’t know how to write robust and defensive code, or why it write robust and defensive code, or why it is necessary to teach it.is necessary to teach it.

Long Term SolutionsLong Term Solutions Better EducationBetter Education

Better Computer Security EducationBetter Computer Security Education Better CS and Engineering EducationBetter CS and Engineering Education Include Basic Computer Security Education Include Basic Computer Security Education

Thread in Virtually All University/College Thread in Virtually All University/College DepartmentsDepartments

Create Demand for Foundational Security Create Demand for Foundational Security SolutionsSolutions IT Procurement Authorities & StaffIT Procurement Authorities & Staff UsersUsers University/College Accreditation AuthoritiesUniversity/College Accreditation Authorities

How Can This be Done?How Can This be Done? Some Universities understand these Some Universities understand these

issuesissues A few Educational Institutions have A few Educational Institutions have

realized that they can differentiate realized that they can differentiate themselves in the educational market by themselves in the educational market by implementing steps such as those above.implementing steps such as those above.

The Current State of Cyber The Current State of Cyber Security PracticeSecurity Practice

Patch known holesPatch known holes

Hope we fixed ALL the holesHope we fixed ALL the holes

Small leaks can get bigger and Small leaks can get bigger and some still remain undetectedsome still remain undetected

But, then …But, then …

It is not IF your dam will break, it’s WHENIt is not IF your dam will break, it’s WHEN

Plan AheadPlan Ahead

Your dam WILL breakYour dam WILL break Start planning a downstream dam ASAPStart planning a downstream dam ASAP Existing components, available today, can be Existing components, available today, can be

integrated to create a Secure Computing integrated to create a Secure Computing InFrastructure (SCIF*)InFrastructure (SCIF*)

* SCIF – A compartmentalized infrastructure for * SCIF – A compartmentalized infrastructure for processing sensitive informationprocessing sensitive information

Secure Computing InfrastructureSecure Computing InfrastructurePreliminary Block DiagramPreliminary Block Diagram

User M

od

e Partitio

ns

TrustedNetworkDrivers

Erlang Virtual

Machine

Separation Kernel (seL4)

Hardware w/Trusted Platform Module (TPM)

Kern

elM

od

e

User 1 Erlang

Program

User n Erlang

Program

Encryption

Services

Secure Computing Secure Computing InfrastructureInfrastructure

The block diagram in the previous slide is for the basic SCIF. It can The block diagram in the previous slide is for the basic SCIF. It can be used in an embedded system and executes Erlang functions as be used in an embedded system and executes Erlang functions as transactions. One envisioned application is as a Secure Network transactions. One envisioned application is as a Secure Network Interface (SNIF), which can be used to verify and authenticate Interface (SNIF), which can be used to verify and authenticate inputs to and outputs from a secure enclave. With two or more SCIF inputs to and outputs from a secure enclave. With two or more SCIF boards in a system, fault tolerance is supported using Erlang fault boards in a system, fault tolerance is supported using Erlang fault tolerance.tolerance.

Development of SCIF applications and Administration of the SCIF Development of SCIF applications and Administration of the SCIF and SNIF are supported via a virtualized instance of Linux, ruining and SNIF are supported via a virtualized instance of Linux, ruining atop seL4. This SCIF Management System (SMS) will also be fault atop seL4. This SCIF Management System (SMS) will also be fault tolerant, using Erlang's inherent fault tolerant capabilities.tolerant, using Erlang's inherent fault tolerant capabilities.

The same architecture can be used to host other Linux applications The same architecture can be used to host other Linux applications in a more trusted and fault tolerant environment than with off the in a more trusted and fault tolerant environment than with off the shelf Linux.shelf Linux.

Phased Integration PlanPhased Integration Plan

Phase I – Feasibility StudyPhase I – Feasibility Study Phase II - Proof of Concept/DemonstrationPhase II - Proof of Concept/Demonstration Phase III – Field TrialsPhase III – Field Trials