160 likes | 262 Views
Self-Securing Devices: Better Security via Smarter Devices. Gregory Ganger and David Nagle Parallel Data Lab, CMU Presented by Jia Guo. Motivation: Intrusion Survival. Intrusions are a fact of modern computing E-mail worms, virus-infected software, crackers
E N D
Self-Securing Devices:Better Security via Smarter Devices Gregory Ganger and David Nagle Parallel Data Lab, CMU Presented by Jia Guo
Motivation: Intrusion Survival • Intrusions are a fact of modern computing • E-mail worms, virus-infected software, crackers • Never going to have rock-solid kernels or firewalls • Dilemma: all hope placed in single perimeter defence • Better approach: many independent perimeters
Programs Main Memory Kernel NIC SIC Network Disks Today’s security perimeter Graphics Card Video Capture
What makes the current model so bad? • Large border must support many needs • Codes are too complex • system is too complex • Successful intruder controls all resources • no state remain trustable • no foothold for detection, diagnosis, or recovery • Central security checks don’t scale • trade-off between security and performance
Programs Main Memory Kernel NIC SIC Network Disks Today’s security perimeter Graphics Card Video Capture
Lots of distinct “computers” in this system Network cards SCSI cards Video cards … and disks too
Programs Main Memory Kernel NIC SIC Network Disks More good places for security perimeters Graphics Card Video Capture
What makes self-securing devices better? • Many additional perimeters • each is smaller and specialized • each is very different from others (heterogeneous) • Successful intruder controls fewer resources • many observations in system remain trustable • many footholds for detection, diagnosis, or recovery • Decentralized security checks do scale • can be more aggressive in what to check
Two major research questions • What should the device do after the perimeter • Depends on the nature of device • How should the security administrators coordinate? • Yet to be answered • Partial information exchange • How to exchange effectively and securely
Example: self-securing storage devices • Protect stored data and audit storage accesses • even if OS is compromised • Griffin at el “On the Feasibility of Intrusion Detection Inside Workstation Disks”
Four issues are solved • Specify access policies • Securely administer the IDS (Intruder detection system) • Monitor storage activity for policy violation • Respond to policy violation
Performance evaluation • Can detect • 83% of 18 intrusion tools who modified system files • The CPU and memory costs are quite small • Feasible to include IDS in disk drives.
Example: self-securing NICs • Protect each side from the other • especially when “the other” is not acting nice… • Can observe, filter, modify communications • Incoming: firewall, proxy, etc… • Outgoing: throttle misbehaving system, tag traffic, … • What self-securing NICs enable • distributed, coordinated traffic analysis • including insiders and more detailed checks • rapid deployment of new policies • dynamic response to attacks, worms, and partial compromises
Summary: device-embedded security • Self-securing devices are an opportunity • creates more and independent perimeters • separate hardware+software gives strong base • PDL is developing this new paradigm • exploring what can be done behind each perimeter • … and the associated hardware requirements • developing tools for coordinating dynamic action • automating detection, containment, diagnosis, recovery • developing tools for administering devices