1 / 16

Self-Securing Devices: Better Security via Smarter Devices

Self-Securing Devices: Better Security via Smarter Devices. Gregory Ganger and David Nagle Parallel Data Lab, CMU Presented by Jia Guo. Motivation: Intrusion Survival. Intrusions are a fact of modern computing E-mail worms, virus-infected software, crackers

macey-nunez
Download Presentation

Self-Securing Devices: Better Security via Smarter Devices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Self-Securing Devices:Better Security via Smarter Devices Gregory Ganger and David Nagle Parallel Data Lab, CMU Presented by Jia Guo

  2. Motivation: Intrusion Survival • Intrusions are a fact of modern computing • E-mail worms, virus-infected software, crackers • Never going to have rock-solid kernels or firewalls • Dilemma: all hope placed in single perimeter defence • Better approach: many independent perimeters

  3. Programs Main Memory Kernel NIC SIC Network Disks Today’s security perimeter Graphics Card Video Capture

  4. What makes the current model so bad? • Large border must support many needs • Codes are too complex • system is too complex • Successful intruder controls all resources • no state remain trustable • no foothold for detection, diagnosis, or recovery • Central security checks don’t scale • trade-off between security and performance

  5. Siege warfare in internet age

  6. Programs Main Memory Kernel NIC SIC Network Disks Today’s security perimeter Graphics Card Video Capture

  7. Lots of distinct “computers” in this system Network cards SCSI cards Video cards … and disks too

  8. Programs Main Memory Kernel NIC SIC Network Disks More good places for security perimeters Graphics Card Video Capture

  9. What makes self-securing devices better? • Many additional perimeters • each is smaller and specialized • each is very different from others (heterogeneous) • Successful intruder controls fewer resources • many observations in system remain trustable • many footholds for detection, diagnosis, or recovery • Decentralized security checks do scale • can be more aggressive in what to check

  10. Two major research questions • What should the device do after the perimeter • Depends on the nature of device • How should the security administrators coordinate? • Yet to be answered • Partial information exchange • How to exchange effectively and securely

  11. Example: self-securing storage devices • Protect stored data and audit storage accesses • even if OS is compromised • Griffin at el “On the Feasibility of Intrusion Detection Inside Workstation Disks”

  12. Four issues are solved • Specify access policies • Securely administer the IDS (Intruder detection system) • Monitor storage activity for policy violation • Respond to policy violation

  13. Performance evaluation • Can detect • 83% of 18 intrusion tools who modified system files • The CPU and memory costs are quite small • Feasible to include IDS in disk drives.

  14. Example: self-securing NICs • Protect each side from the other • especially when “the other” is not acting nice… • Can observe, filter, modify communications • Incoming: firewall, proxy, etc… • Outgoing: throttle misbehaving system, tag traffic, … • What self-securing NICs enable • distributed, coordinated traffic analysis • including insiders and more detailed checks • rapid deployment of new policies • dynamic response to attacks, worms, and partial compromises

  15. Summary: device-embedded security • Self-securing devices are an opportunity • creates more and independent perimeters • separate hardware+software gives strong base • PDL is developing this new paradigm • exploring what can be done behind each perimeter • … and the associated hardware requirements • developing tools for coordinating dynamic action • automating detection, containment, diagnosis, recovery • developing tools for administering devices

  16. For more information:http://www.pdl.cmu.edu/

More Related