The world of IT infrastructure is intimately familiar with virtual machines (VMs) for dynamically dividing large amounts of server hardware to run different applications and improving the total cost of ownership (TCO) on IT investments. Increasingly, this technology is shifting from inside premises to cloud infrastructure and, in time, we will see this infrastructure reside between the cloud and the Enterprise. Yes the infamous “Edge” word!
This opens up new attack threats. Infrastructure companies have done a pretty good job of securing the “front door." The focus for hackers, however, has always been to look for the weakest link. There have been reports of bringing down infrastructure via the cooling systems as one example. Toward the end of 2019, the results of a detailed investigation by the Wall Street Journal were released (details here, subscription required). Cyber security investigators first identified aspects of the hack, called Cloud Hopper by the security researchers who first uncovered it. The attack came in through cloud service providers, where companies thought their data was safely stored. Once they got in, they could freely and anonymously hop from client to client, and defied investigators’ attempts to kick them out for years. A number of analysts have commented since on some of the considerations resulting from this attack.
Security features are necessary to protect fundamental system integrity, data authenticity, and data privacy properties. There is a limit however; a point at which a system gets too complicated and costly for those managing it to know whether those features are properly deployed. Given the realization of the connected world and the use of highly virtualized hardware, it is fair to take a step back and ask:
The answer to these questions comes from assurance.
At a high level, a secure system is a system that behaves precisely as the IT stakeholder expects it to and is resilient to subversive attempts to change its behavior over the lifetime of the system.
More concretely, it is a system running on an authentic processor that hands control to the software platform in an authentic state—the platform then enforces a policy consistent with the stakeholders expected behavior and is resilient to subversive change attempt from all exposed interfaces.
Regardless of what security technology IT stakeholders choose to invest in, it is important to understand that at the bottom of any IT security solution is a processor and resource management software that security features inherit. Far too often the foundational integrity properties of CPU and software platform level services are taken for granted.
The Lynx MOSA.icTM modular development framework gives the ability to IT stakeholders to precisely define the expected behavior of computer systems and to enforce polices that ensure their security technology investments are making valid assumptions based on underlying platform integrity properties.
The featured diagram demonstrates a security system that provides the ability for users to concurrently access public and private data on a single computing device. The system is carefully architected to ensure that private data is guaranteed to reside within private rooms and is resilient to malicious attempts to ex-filtrate data or to subvert the underlying platform in order to bypass information flow policy enforcement.