WHEN IS A SYSTEM SECURE?
SECURITY FEATURES VS. ASSURANCE
The world of IT infrastructure is intimately familiar with virtual machines (VMs) for dynamically dividing large amounts of server hardware to run different applications and improving the total cost of ownership (TCO) on IT investments. Increasingly, this technology is shifting from inside premises to cloud infrastructure and, in time, we will see this infrastructure reside between the cloud and the Enterprise. Yes, the infamous “Edge” word.
While some companies may have the luxury of a greenfield environment, the vast majority are faced with delivering this functionality by upgrading equipment that is already deployed. Discussions with companies up and down the value chain associated with delivering connected, secure platforms has led Lynx to view the following as the “best practice” path:
- Make IoT servers systems managed. This means that it is possible to monitor, deploy security patches and update applications
- Establish a cloud presence. Systems should be able to securely deploy at least one workload to the system, such as a machine learning inference engine. Then manage those workloads from the cloud
- Run applications from multiple tenants on an Edge compute node, saving power, cost, and footprint of electronics. While consolidation is an advantage, the real benefit comes from the ability to leverage applications that need to acquire data from the OT applications
- Enable all of the tenants and their different apps to deliver new capabilities that can execute locally, while maintaining isolation between the different workloads and the existing data permissions
COST OF INSECURE SOFTWARE
Estimated global spend on security software by 2025
CVEs in 2021 alone
ASSURANCE MEANS KNOWING A SYSTEM IS SECURE
At a high level, a secure system is a system that behaves precisely as the IT stakeholder expects it to and is resilient to subversive attempts to change its behavior over the lifetime of the system. More concretely, it is a system running on an authentic processor that hands control to the software platform in an authentic state—the platform then enforces a policy consistent with the stakeholders expected behavior and is resilient to subversive change attempt from all exposed interfaces.
"Assurance is often what separates actually secure systems from ones that are merely claimed to be secure."
— Steve Bellovin
Columbia University Computer Science
AT&T Labs Fellow
IT STARTS WITH THE PROCESSOR
Regardless of what security technology IT stakeholders choose to invest in, it is important to understand that at the bottom of any IT security solution is a processor and resource management software that security features inherit. Far too often the foundational integrity properties of CPU and software platform level services are taken for granted.
- What good is a whitelist if malicious threads can masquerade in authorized processes?
- Of what use is a hypervisor if guests can escape?
- How valuable is a malware detector if the detector can be compromised?
- What good is hard drive encryption if authentication keys are leaked?
- What if an application can extract all physical memory data through a side-channel?
REQUIRES A ROBUST FOUNDATION
Examples of relevant security designs include:
- Boot Security
- Data Protection
- Data and Control Plane Separation
- Separation of Enterprise and Control
- Read-only Monitoring