Self-Securing Devices: Better Security via Smarter Devices

1
Self-Securing DevicesBetter Security via
Smarter Devices

• Greg Ganger
• Director, Parallel Data Lab

2
Motivation Intrusion Survival

• Intrusions are a fact of modern computing
• E-mail worms, virus-infected software, crackers,
  
• Never going to have rock-solid kernels or
  firewalls
• Dilemma all hope placed in perimeter defense
• Difficult to defend fully
• Difficult to recover from breaches
• Difficulties scale with amount of stuff protected
• Better approach many independent perimeters

3
Some components of a computer system
Graphics Card
Video Capture
4
Todays security perimeter
Graphics Card
Video Capture
5
What makes the current model so bad?

• Large, singular borders must support many needs
• code too complex to get perfect
• system too complex to administer perfectly
• Successful intruder controls all resources
• no observations or state remain trustable
• no foothold for detection, diagnosis, or recovery
• Central security checks dont scale
• result trade-off between security and performance

6
Todays security perimeter
Graphics Card
Video Capture
7
Lots of distinct computers in this system
Network cards
SCSI cards
Video cards
and disks too
8
More good places for security perimeters
Graphics Card
Video Capture
9
What makes self-securing devices better?

• Many additional perimeters
• each is easier to harden (small, specialized)
• each is very different from others
  (heterogeneous)
• Successful intruder controls fewer resources
• many observations in system remain trustable
• many footholds for detection, diagnosis, or
  recovery
• Decentralized security checks do scale
• can be more aggressive in what checked when

10
Example self-securing storage devices

• Protect stored data and audit storage accesses
• even if OS is compromised
• Can save and observe anything inside device
• retain all versions of all data
• collect audit log of all requests
• What self-securing storage enables
• storage-based intrusion detection
• faster, better recovery
• informed analysis of security compromises

11
Example self-securing NICs

• Protect each side from the other
• especially when the other is not acting nice
• Can observe, filter, modify communications
• Incoming firewall, proxy, NAT, etc
• Outgoing throttle misbehaving system, tag
  traffic,
• What self-securing NICs enable
• distributed, coordinated traffic analysis
• including insiders and more detailed checks
• rapid deployment of new policies
• dynamic response to attacks, worms, and partial
  compromises

12
Summary device-embedded security

• Self-securing devices are an opportunity
• creates more and independent perimeters
• separate hardwaresoftware gives strong base
• PDL is developing this new paradigm
• exploring what can be done behind each perimeter
• and the associated hardware requirements
• developing tools for coordinating dynamic action
• automating detection, containment, diagnosis,
  recovery
• developing tools for administering devices

13
For more informationhttp//www.pdl.cmu.edu/

• Greg.Ganger_at_cmu.edu
• Director, Parallel Data Lab