Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
Computer Security Innovation
IMHO v5.3
Presented for your consideration by: Fred Seigneur
Copies of the Power Point file will be posted to slide share available at:
http://www.slideshare.net/WFredSeigneur/
2014 Cybersecurity Innovation
Forum In January 2014, I attended the 2014
Cybersecurity Innovation Forum, in
Baltimore.
One reason I attended was that I was
impressed with the Forum’s stated vision.
2014 Cybersecurity Innovation
Forum – Background and Vision
In spite of this insightful and accurate assessment that our current approach to
Cybersecurity is unsustainable, and non-scalable, rather little innovation to
“define and embrace a fundamentally different approach to enterprise architecture
security – one that builds security in from the beginning as a robust and solid
foundation upon which to conduct our transactions” was presented.
Foundational Weaknesses
Helms Deep
Photo Source
Foundational Weaknesses
Such weaknesses exist, but are poorly understood and generally ignored
Photo Source
Computer Security - Defense in Depth
Helms Deep had Defense in Depth Photo Source
Computer Security - Defense in Depth
But, the fatal flaw was in the foundation Photo Source
The Root(s) of the Problem
Today’s Operating Systems are not secure
and are too complex to secure by retrofit.
Few Operating Systems or Applications
are rugged.
Don’t verify inputs.
Crash leaving attack vectors for malicious
code.
Most current security “solutions” are
“Band-Aid” approaches.
Operating Systems and Applications
Lack a Basic Immune System
Like someone who must be
protected by an external
bubble
What’s wrong with this
picture? David Vetter, a young boy from Texas, lived his
life - in a plastic bubble. Nicknamed "Bubble
Boy," David was born in 1971 with severe
combined immunodeficiency, and was forced to
live in a specially constructed sterile plastic
bubble from birth until he died at age 12. (The
photo is from a movie based, inappropriately, on
David’s plight.)
What’s wrong with (motion) picture?
http://www.youtube.com/watch?v=uxKmDWDUZ5A
Photo Source
Foundational Immune System Deficiencies
Two very serious foundational software problems
Operating Systems
Applications Software
Both of these have the same root cause
Software Developers do not write robust code. Why?
They don’t know how
They don’t know why it’s important
They did not learn how, or why it’s so critical
Foundational Immune
Deficiencies (Cont.)
Two very serious foundational educational problems
Software developers have NOT been taught why or how to write robust and defensive code.
Many CS Professors don’t know how to write robust and defensive code, or why it is necessary to teach it.
Long Term Solutions Better Education
Better Computer Security Education
Better CS and Engineering Education
Include Basic Computer Security Education
Thread in Virtually All University/College
Departments
Create Demand for Foundational Security
Solutions
IT Procurement Authorities & Staff
Users
University/College Accreditation Authorities
How Can This be Done?
Some Universities understand these
issues
A few Educational Institutions have
realized that they can differentiate
themselves in the educational market by
implementing steps such as those above.
Plan Ahead
Your dam WILL break
Start planning a downstream dam ASAP
Existing components, available today, can be
integrated to create a Secure Computing
InFrastructure (SCIF*)
* SCIF – A compartmentalized infrastructure for
processing sensitive information
Secure Computing Infrastructure (SCIF) The SCIF can be used in an embedded system (such as IoT , Smart
Grid, SDN White Box Switches) or as an SDN Controller and executes
Erlang functions as transactions. One envisioned SCIF application is
as a Secure Network Interface Function (SNIF), which can be used to
authenticate inputs to and outputs from a secure enclave. With two or
more SCIF boards in a system, fault tolerance is supported using
Erlang fault tolerance.
A Trusted SCIF Interactive Development Environment (SIDE) for SCIF
applications, based on SysML and a SCIF Management System (SMS)
for Administration of the SCIF and SNIF are supported via Erlang
running on a virtualized instance of Linux, atop seL4 and will be fault
tolerant, using Erlang's inherent fault tolerance capabilities
The SCIF architecture can be used to host other Linux applications in a
more trusted and fault tolerant environment than with off the shelf
Linux.
Block diagrams for the SCIF hardware and software follow.
Recent Progress The Parallella board seems ideally suited for the SCIF
prototype.
The Erlang Virtual Machine runs on the Adaptiva
Epiphany chip.
The secure seL4 microkernel runs on the ARM Cortex
A9 in the XILINX ZYNQ portion of the Parallella along
with drivers, TCP/IP protocol processing and the
Secure Network Interface Function.
A SCIF is used to
Applications run securely on the Epiphany in Erlang, a
functional programming language that supports soft
real-time, like a Software Defined Networking (SDN)
controller
Engineer at Twitter builds
Supercomputer Brian’s Parallella
Cluster
Secure Computing InfFastructure
(SCIF*) Software Architecture
User M
od
e P
artitio
ns
Trusted
Device
Drivers
Separation Kernel (seL4)
Hardware w/Trusted Platform Module (TPM)
Kern
el
Mo
de
Trusted
Encryption
Services
Secure
Network
Interface
Function
ARM Cortex A9 on XILIX ZYNQ Adaptiva Epiphany Multi Processor
Erlang
Virtual
Machine
Code
Erlang
Byte
Code
Program 1
Erlang
Byte
Code
Program n
* SCIF – A compartmentalized infrastructure for processing sensitive information
Current Status of Secure
Computing Innovation Foundation SecureComputingInnovationFoundation.org domain name
secured.
Currently, only forwards emails to my gmail account.
I need about $20k now for:
Legal expenses to incorporate as 501 c(3), non profit corporation
Conference registration fees & travel
Any help you give me until I get the non-profit incorporated and
a TIN established at the IRS WILL NOT BE CONSIDERED Tax
Deductible.
AND, I will have to pay personal income tax on what you give.
So, please don’t anyone put down more than $100
Later I will reward your personal and corporate tax deductible
gifts as per the reward categories on the draft at KickStarter
Current Status of Secure
Computing Innovation Foundation
I’m establishing an account at Wells Fargo
Bank for the start-up non-profit.
I will next set up a paypal account for “the
Foundation”.
I originally wanted to get funding for research
by proposing to write a Study Report, like I did
for the ROADS Model on KickStarter.
The project categories and “rewards” from the
draft KickStarter project are now on slide share