Self-Securing Devices: Better Security via Smarter Devices - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Self-Securing Devices: Better Security via Smarter Devices

Description:

Self-Securing Devices: Better Security via Smarter Devices Greg Ganger Director, Parallel Data Lab Motivation: Intrusion Survival Intrusions are a fact of modern ... – PowerPoint PPT presentation

Number of Views:97
Avg rating:3.0/5.0
Slides: 14
Provided by: GregG45
Category:

less

Transcript and Presenter's Notes

Title: Self-Securing Devices: Better Security via Smarter Devices


1
Self-Securing DevicesBetter Security via
Smarter Devices
  • Greg Ganger
  • Director, Parallel Data Lab

2
Motivation Intrusion Survival
  • Intrusions are a fact of modern computing
  • E-mail worms, virus-infected software, crackers,
  • Never going to have rock-solid kernels or
    firewalls
  • Dilemma all hope placed in perimeter defense
  • Difficult to defend fully
  • Difficult to recover from breaches
  • Difficulties scale with amount of stuff protected
  • Better approach many independent perimeters

3
Some components of a computer system
Graphics Card
Video Capture
4
Todays security perimeter
Graphics Card
Video Capture
5
What makes the current model so bad?
  • Large, singular borders must support many needs
  • code too complex to get perfect
  • system too complex to administer perfectly
  • Successful intruder controls all resources
  • no observations or state remain trustable
  • no foothold for detection, diagnosis, or recovery
  • Central security checks dont scale
  • result trade-off between security and performance

6
Todays security perimeter
Graphics Card
Video Capture
7
Lots of distinct computers in this system
Network cards
SCSI cards
Video cards
and disks too
8
More good places for security perimeters
Graphics Card
Video Capture
9
What makes self-securing devices better?
  • Many additional perimeters
  • each is easier to harden (small, specialized)
  • each is very different from others
    (heterogeneous)
  • Successful intruder controls fewer resources
  • many observations in system remain trustable
  • many footholds for detection, diagnosis, or
    recovery
  • Decentralized security checks do scale
  • can be more aggressive in what checked when

10
Example self-securing storage devices
  • Protect stored data and audit storage accesses
  • even if OS is compromised
  • Can save and observe anything inside device
  • retain all versions of all data
  • collect audit log of all requests
  • What self-securing storage enables
  • storage-based intrusion detection
  • faster, better recovery
  • informed analysis of security compromises

11
Example self-securing NICs
  • Protect each side from the other
  • especially when the other is not acting nice
  • Can observe, filter, modify communications
  • Incoming firewall, proxy, NAT, etc
  • Outgoing throttle misbehaving system, tag
    traffic,
  • What self-securing NICs enable
  • distributed, coordinated traffic analysis
  • including insiders and more detailed checks
  • rapid deployment of new policies
  • dynamic response to attacks, worms, and partial
    compromises

12
Summary device-embedded security
  • Self-securing devices are an opportunity
  • creates more and independent perimeters
  • separate hardwaresoftware gives strong base
  • PDL is developing this new paradigm
  • exploring what can be done behind each perimeter
  • and the associated hardware requirements
  • developing tools for coordinating dynamic action
  • automating detection, containment, diagnosis,
    recovery
  • developing tools for administering devices

13
For more informationhttp//www.pdl.cmu.edu/
  • Greg.Ganger_at_cmu.edu
  • Director, Parallel Data Lab
Write a Comment
User Comments (0)
About PowerShow.com