Download - Cyber security innovation_imho v5.3
Computer Security Innovation
IMHO v5.3
Presented for your consideration by: Fred Seigneur
Copies of the Power Point file will be posted to slide share available at:
http://www.slideshare.net/WFredSeigneur/
2014 Cybersecurity Innovation Forum
In January 2014, I attended the 2014 Cybersecurity Innovation Forum, in Baltimore.
One reason I attended was that I was impressed with the Forum’s stated vision.
2014 Cybersecurity Innovation Forum – Background and Vision
In spite of this insightful and accurate assessment that our current approach to Cybersecurity is unsustainable, and non-scalable, rather little innovation to “define and embrace a fundamentally different approach to enterprise architecture security – one that builds security in from the beginning as a robust and solid foundation upon which to conduct our transactions” was presented.
Foundational Weaknesses
Helms Deep
Photo Source
Foundational Weaknesses
Such weaknesses exist, but are poorly understood and generally ignored
Photo Source
Computer Security - Defense in Depth
Helms Deep had Defense in DepthPhoto Source
Computer Security - Defense in Depth
But, the fatal flaw was in the foundationPhoto Source
The Root(s) of the Problem
Today’s Operating Systems are not secure and are too complex to secure by retrofit.
Few Operating Systems or Applications are rugged. Don’t verify inputs. Crash leaving attack vectors for malicious
code.
Most current security “solutions” are “Band-Aid” approaches.
Operating Systems and Applications Lack a Basic Immune System
Like someone who must be protected by an external bubble
What’s wrong with this picture?
David Vetter, a young boy from Texas, lived his life - in a plastic bubble. Nicknamed "Bubble Boy," David was born in 1971 with severe combined immunodeficiency, and was forced to live in a specially constructed sterile plastic bubble from birth until he died at age 12. (The photo is from a movie based, inappropriately, on David’s plight.)
What’s wrong with (motion) picture? http://www.youtube.com/watch?v=uxKmDWDUZ5A Photo Source
Foundational Immune System Deficiencies Two very serious foundational software
problems
Operating Systems Applications Software
Both of these have the same root cause
Software Developers do not write robust code. Why?
They don’t know how They don’t know why it’s important They did not learn how, or why it’s so critical
Foundational Immune Deficiencies (Cont.)
Two very serious foundational educational problems
Software developers have NOT been taught why or how to write robust and defensive code.
Many CS Professors don’t know how to write robust and defensive code, or why it is necessary to teach it.
Long Term Solutions Better Education
Better Computer Security Education Better CS and Engineering Education Include Basic Computer Security Education
Thread in Virtually All University/College Departments
Create Demand for Foundational Security Solutions IT Procurement Authorities & Staff Users University/College Accreditation Authorities
How Can This be Done? Some Universities understand these
issues A few Educational Institutions have
realized that they can differentiate themselves in the educational market by implementing steps such as those above.
The Current State of Cyber Security Practice
Patch known holes
Hope we fixed ALL the holes
Small leaks can get bigger and some still remain undetected
But, then …
It is not IF your dam will break, it’s WHEN
Plan Ahead
Your dam WILL break Start planning a downstream dam ASAP Existing components, available today, can be
integrated to create a Secure Computing InFrastructure (SCIF*)
* SCIF – A compartmentalized infrastructure for processing sensitive information
Secure Computing Infrastructure (SCIF) The SCIF can be used in an embedded system (such as IoT ,
Smart Grid, SDN White Box Switches) or as an SDN Controller and executes Erlang functions as transactions. One envisioned SCIF application is as a Secure Network Interface Function (SNIF), which can be used to authenticate inputs to and outputs from a secure enclave. With two or more SCIF boards in a system, fault tolerance is supported using Erlang fault tolerance.
A Trusted SCIF Interactive Development Environment (SIDE) for SCIF applications, based on SysML and a SCIF Management System (SMS) for Administration of the SCIF and SNIF are supported via Erlang running on a virtualized instance of Linux, atop seL4 and will be fault tolerant, using Erlang's inherent fault tolerance capabilities
The SCIF architecture can be used to host other Linux applications in a more trusted and fault tolerant environment than with off the shelf Linux.
Block diagrams for the SCIF hardware and software follow.
Recent Progress The Parallella board seems ideally suited for the SCIF
prototype. The Erlang Virtual Machine runs on the Adaptiva
Epiphany chip. The secure seL4 microkernel runs on the ARM Cortex
A9 in the XILINX ZYNQ portion of the Parallella along with drivers, TCP/IP protocol processing and the Secure Network Interface Function.
A SCIF is used to Applications run securely on the Epiphany in Erlang, a
functional programming language that supports soft real-time, like a Software Defined Networking (SDN) controller
Photos of Parallella 16 Core BoardTop View
Bottom View
Parallella Cluster
Engineer at Twitter builds Supercomputer
Brian’s Parallella Cluster
Parallella Architecture
Secure Computing InfFastructure(SCIF*) Software Architecture
User M
od
e Partitio
ns
TrustedDeviceDrivers
Separation Kernel (seL4)
Hardware w/Trusted Platform Module (TPM)
Kern
elM
od
e
Trusted
Encryption
Services
Secure
Network
Interface
Function
ARM Cortex A9 on XILIX ZYNQ Adaptiva Epiphany Multi Processor
Erlang
Virtual
Machine
Code
ErlangByteCode
Program 1
Erlang
Byte
Code
Program n
* SCIF – A compartmentalized infrastructure for processing sensitive information
Current Status of Secure Computing Innovation Foundation
SecureComputingInnovationFoundation.org domain name secured.
Currently, only forwards emails to my gmail account. I need about $20k now for:
Legal expenses to incorporate as 501 c(3), non profit corporation Conference registration fees & travel
Any help you give me until I get the non-profit incorporated and a TIN established at the IRS WILL NOT BE CONSIDERED Tax Deductible.
AND, I will have to pay personal income tax on what you give. So, please don’t anyone put down more than $100
Later I will reward your personal and corporate tax deductible gifts as per the reward categories on the draft at KickStarter
Current Status of Secure Computing Innovation Foundation
I’m establishing an account at Wells Fargo Bank for the start-up non-profit.
I will next set up a paypal account for “the Foundation”.
I originally wanted to get funding for research by proposing to write a Study Report, like I did for the ROADS Model on KickStarter.
The project categories and “rewards” from the draft KickStarter project are now on slide share