SlideShare a Scribd company logo

Security by Design for The Machine

Download as PPTX, PDF
James Salter
James Salter

This document discusses security for a new computing architecture called The Machine. It begins by providing examples of technological innovations from the past 60 years. It then discusses the shift from processor-centric to memory-driven computing in The Machine. The rest of the document outlines the security framework for The Machine, including building security in from the ground up, protecting data at rest and in flight, secure boot and firmware, runtime monitoring, and access control. It also discusses capabilities for detection of compromised components or tampering and recovery from security incidents.

Technology
1 of 19
Security for The Machine: By Design James Salter, Research Manager Security and Manageability Lab
2014 DNS Logging Trafodion Location Aware 1967 Cesium-beam atomic clock 1966 Light-Emitting Diode (LED) 1972 Pocket Scientific Calculator 1975 Standard for Interface Bus 1980 Office Laser Printer 1984 Inkjet Printer 1986 3D graphics workstations 1980 64-channel Ultrasound 1989 Digital Data Storage Drive 1994 64-bit architecture 1999 Molecular Logic Gate 2001 Utility Data Center 2002 Rewritable DVD for standard players 2003 Smart Cooling 2005 Virus Throttle 2010 ePrint 2011 MagCloud 2011 3D Photon Engine 2011 StoreOnce 2012 StoreAll 2013 Threat Central 2013 SureStart 2014 3D Printing Technology Innovation is our legacy and our future 1966 1968 Programmable Desktop Calculator 1986 Commercialized RISC chips 2008 Memristor discovered 2012 OpenFlow switches 2013 HP Moonshot 2015 Distributed R HP Labs
Innovation is our legacy and our future
The Past 60 Years 4 1950s 1960s 1970s 1980s 1990s 2000s Today
5 The Machine
6 I/O Copper
7 Copper
8 Copper
9
From processor-centric computing… 10 Memory Memory Memory Memory SoC SoC SoC SoC SoC SoC SoC SoC Memory + Fabric …to Memory-Driven Computing
Security challenges 11 Scale New architecture Which control points? Performance bottleneck Resource constraints
Principles Security by design, not as an afterthought A secure foundation for applications 12
The Machine security framework 13 The first computer with security built-in from the ground up Data always protected: in use, in flight and at rest Secure boot and firmware Run time monitoring Access control Low energy encryption Protect Giving The Machine the ability to protect itself, even against completely unknown threats Compromised components Firmware and kernel tampering Runtime malware monitoring Monitoring for data leakage Detect Always safe, always recoverable, without sacrificing performance Recovery at the firmware layer OS, application, and data recovery Systematic recovery at scale with minimal human intervention Recover
Protect: Access control at different layers 14 Hardware Application Thread Data Data Data Application Thread Data Data Data Operating System
Detect: Tamper-proof monitoring/introspection 15 Operating System Hardware and Firmware Normal mode Monitor Secure mode
Detect: Primitives to enable detection outside The Machine 16 HPE DNS Malware Analytics Where to collect data from? – problems placing probes Primitives/APIs for event collection
Recover: Recovery from malicious actions 17 Recovery at the firmware layer OS, application and data recovery Systematic recovery at scale with minimal human intervention Example: Recover from kernel level malware attack • Out-of-band integrity measures trigger an alarm • Migrate workload to a new core • Perform secure reboot to restore trusted state • Freeze machine core and send for forensic analysis • Turn on advanced monitoring
Security for The Machine 18 Efficient Resilient Scalable Manageable • An opportunity to design and implement security from the ground up • Security is not an afterthought, but a conscious design decision
Thank you james.salter@hpe.com 19

Recommended

Big data ... for security
Big data ... for securityBig data ... for security
Big data ... for securityJames Salter
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Chris Sistrunk
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
Motion based security alarm
Motion based security alarmMotion based security alarm
Motion based security alarmAkshay Surve
 
Intelligent Wireless Sensor Network based Monitoring for Process Automation
Intelligent Wireless Sensor Network based Monitoring for Process AutomationIntelligent Wireless Sensor Network based Monitoring for Process Automation
Intelligent Wireless Sensor Network based Monitoring for Process AutomationDharmik Rana
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security ProductsDigital Bond
 
Software Defined Substation Intelligence, Automation and Control
Software Defined Substation Intelligence, Automation and ControlSoftware Defined Substation Intelligence, Automation and Control
Software Defined Substation Intelligence, Automation and ControlBastian Fischer
 

Recommended

Big data ... for security
Big data ... for securityBig data ... for security
Big data ... for securityJames Salter
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Chris Sistrunk
 
DHS ICS Security Presentation
DHS ICS Security PresentationDHS ICS Security Presentation
DHS ICS Security Presentationguest85a34f
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
Motion based security alarm
Motion based security alarmMotion based security alarm
Motion based security alarmAkshay Surve
 
Intelligent Wireless Sensor Network based Monitoring for Process Automation
Intelligent Wireless Sensor Network based Monitoring for Process AutomationIntelligent Wireless Sensor Network based Monitoring for Process Automation
Intelligent Wireless Sensor Network based Monitoring for Process AutomationDharmik Rana
 
The Future of ICS Security Products
The Future of ICS Security ProductsThe Future of ICS Security Products
The Future of ICS Security ProductsDigital Bond
 
Software Defined Substation Intelligence, Automation and Control
Software Defined Substation Intelligence, Automation and ControlSoftware Defined Substation Intelligence, Automation and Control
Software Defined Substation Intelligence, Automation and ControlBastian Fischer
 
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and DemoTechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and DemoIntergen
 
Chapter 1 pdf
Chapter 1 pdfChapter 1 pdf
Chapter 1 pdfChAnushaECE
 
October 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat DetectionOctober 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat DetectionSqrrl
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMImproving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMAnton Goncharov
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSChris Sistrunk
 
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...David Sidhu
 
Master Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageMaster Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageChris Sistrunk
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...promediakw
 
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) ArkhipovaOWASP Russia
 
Meeting 3 network administrator tools
Meeting 3 network administrator toolsMeeting 3 network administrator tools
Meeting 3 network administrator toolsSyaiful Ahdan
 
Internet of things v1.2
Internet of things v1.2Internet of things v1.2
Internet of things v1.2Nicky Eichmann
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended Larry Vandenaweele
 
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Priyanka Aash
 
Big Data Shouldn't Be Big
Big Data Shouldn't Be BigBig Data Shouldn't Be Big
Big Data Shouldn't Be BigNapier University
 
Protecting Your DNP3 Networks
Protecting Your DNP3 NetworksProtecting Your DNP3 Networks
Protecting Your DNP3 NetworksChris Sistrunk
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 
Final presentation
Final presentationFinal presentation
Final presentationSikander Shareef
 
Nt1330 Unit 1 Problem Analysis Paper
Nt1330 Unit 1 Problem Analysis PaperNt1330 Unit 1 Problem Analysis Paper
Nt1330 Unit 1 Problem Analysis PaperJoanna Paulsen
 
Apache Spark for Cyber Security in an Enterprise Company
Apache Spark for Cyber Security in an Enterprise CompanyApache Spark for Cyber Security in an Enterprise Company
Apache Spark for Cyber Security in an Enterprise CompanyDatabricks
 

More Related Content

What's hot

TechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and DemoTechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and DemoIntergen
 
October 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat DetectionOctober 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat DetectionSqrrl
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMImproving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMAnton Goncharov
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Joan Figueras Tugas
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSChris Sistrunk
 
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...David Sidhu
 
Master Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageMaster Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageChris Sistrunk
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...promediakw
 
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) ArkhipovaOWASP Russia
 
Meeting 3 network administrator tools
Meeting 3 network administrator toolsMeeting 3 network administrator tools
Meeting 3 network administrator toolsSyaiful Ahdan
 
Internet of things v1.2
Internet of things v1.2Internet of things v1.2
Internet of things v1.2Nicky Eichmann
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended Larry Vandenaweele
 
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Priyanka Aash
 
Protecting Your DNP3 Networks
Protecting Your DNP3 NetworksProtecting Your DNP3 Networks
Protecting Your DNP3 NetworksChris Sistrunk
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityChris Sistrunk
 

What's hot (20)

TechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and DemoTechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
TechEd NZ 2014: Intelligent Systems Service - Concept, Code and Demo
 
Chapter 1 pdf
Chapter 1 pdfChapter 1 pdf
Chapter 1 pdf
 
October 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat DetectionOctober 2014 Webinar: Cybersecurity Threat Detection
October 2014 Webinar: Cybersecurity Threat Detection
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
 
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESMImproving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
Improving IR Workflow - Using Risk-Based Escalation in HP ArcSight ESM
 
Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)Cybersecurity in Industrial Control Systems (ICS)
Cybersecurity in Industrial Control Systems (ICS)
 
DEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICSDEF CON 23 - NSM 101 for ICS
DEF CON 23 - NSM 101 for ICS
 
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
Zones IoT Substation Protection and Security Solution NERC CIPv5-014 Overview...
 
Master Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS VillageMaster Serial Killer - DEF CON 22 - ICS Village
Master Serial Killer - DEF CON 22 - ICS Village
 
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
Mr. Sayed Rabbani - Quality Assurance - The 80% of Industrial Control System ...
 
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
[2.3] Large enterprise SIEM: get ready for oversize - Svetlana (Mona) Arkhipova
 
Meeting 3 network administrator tools
Meeting 3 network administrator toolsMeeting 3 network administrator tools
Meeting 3 network administrator tools
 
Internet of things v1.2
Internet of things v1.2Internet of things v1.2
Internet of things v1.2
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy Sector
 
The journey to ICS - Extended
The journey to ICS - Extended The journey to ICS - Extended
The journey to ICS - Extended
 
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
Defcon 22-aaron-bayles-alxrogan-protecting-scada-dc101
 
Big Data Shouldn't Be Big
Big Data Shouldn't Be BigBig Data Shouldn't Be Big
Big Data Shouldn't Be Big
 
Protecting Your DNP3 Networks
Protecting Your DNP3 NetworksProtecting Your DNP3 Networks
Protecting Your DNP3 Networks
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
 
Final presentation
Final presentationFinal presentation
Final presentation
 

Similar to Security by Design for The Machine

Nt1330 Unit 1 Problem Analysis Paper
Nt1330 Unit 1 Problem Analysis PaperNt1330 Unit 1 Problem Analysis Paper
Nt1330 Unit 1 Problem Analysis PaperJoanna Paulsen
 
Apache Spark for Cyber Security in an Enterprise Company
Apache Spark for Cyber Security in an Enterprise CompanyApache Spark for Cyber Security in an Enterprise Company
Apache Spark for Cyber Security in an Enterprise CompanyDatabricks
 
Innovation with ai at scale on the edge vt sept 2019 v0
Innovation with ai at scale on the edge vt sept 2019 v0Innovation with ai at scale on the edge vt sept 2019 v0
Innovation with ai at scale on the edge vt sept 2019 v0Ganesan Narayanasamy
 
The Next AMPLab: Real-Time, Intelligent, and Secure Computing
The Next AMPLab: Real-Time, Intelligent, and Secure ComputingThe Next AMPLab: Real-Time, Intelligent, and Secure Computing
The Next AMPLab: Real-Time, Intelligent, and Secure ComputingSpark Summit
 
Lec no. 4 hardware and software basic
Lec no. 4 hardware and software basicLec no. 4 hardware and software basic
Lec no. 4 hardware and software basicJiian Francisco
 
Spark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure Execution
Spark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure ExecutionSpark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure Execution
Spark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure ExecutionDatabricks
 
Persistent Memory Programming: The Current State of the Ecosystem
Persistent Memory Programming: The Current State of the EcosystemPersistent Memory Programming: The Current State of the Ecosystem
Persistent Memory Programming: The Current State of the Ecosysteminside-BigData.com
 
Understanding and Improving Device Access Complexity
Understanding and Improving Device Access ComplexityUnderstanding and Improving Device Access Complexity
Understanding and Improving Device Access Complexityasimkadav
 
Ceph on Intel: Intel Storage Components, Benchmarks, and Contributions
Ceph on Intel: Intel Storage Components, Benchmarks, and ContributionsCeph on Intel: Intel Storage Components, Benchmarks, and Contributions
Ceph on Intel: Intel Storage Components, Benchmarks, and ContributionsRed_Hat_Storage
 
Ceph on Intel: Intel Storage Components, Benchmarks, and Contributions
Ceph on Intel: Intel Storage Components, Benchmarks, and ContributionsCeph on Intel: Intel Storage Components, Benchmarks, and Contributions
Ceph on Intel: Intel Storage Components, Benchmarks, and ContributionsColleen Corrice
 
Spectrum Scale final
Spectrum Scale finalSpectrum Scale final
Spectrum Scale finalJoe Krotz
 
How to not fail at security data analytics (by CxOSidekick)
How to not fail at security data analytics (by CxOSidekick)How to not fail at security data analytics (by CxOSidekick)
How to not fail at security data analytics (by CxOSidekick)Dinis Cruz
 
Zero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xenZero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xenBitdefender Enterprise
 
“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...
“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...
“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...Edge AI and Vision Alliance
 

Similar to Security by Design for The Machine (20)

Nt1330 Unit 1 Problem Analysis Paper
Nt1330 Unit 1 Problem Analysis PaperNt1330 Unit 1 Problem Analysis Paper
Nt1330 Unit 1 Problem Analysis Paper
 
Apache Spark for Cyber Security in an Enterprise Company
Apache Spark for Cyber Security in an Enterprise CompanyApache Spark for Cyber Security in an Enterprise Company
Apache Spark for Cyber Security in an Enterprise Company
 
Review of QNX
Review of QNXReview of QNX
Review of QNX
 
Cat info mgt
Cat info mgtCat info mgt
Cat info mgt
 
Innovation with ai at scale on the edge vt sept 2019 v0
Innovation with ai at scale on the edge vt sept 2019 v0Innovation with ai at scale on the edge vt sept 2019 v0
Innovation with ai at scale on the edge vt sept 2019 v0
 
The Next AMPLab: Real-Time, Intelligent, and Secure Computing
The Next AMPLab: Real-Time, Intelligent, and Secure ComputingThe Next AMPLab: Real-Time, Intelligent, and Secure Computing
The Next AMPLab: Real-Time, Intelligent, and Secure Computing
 
Lec no. 4 hardware and software basic
Lec no. 4 hardware and software basicLec no. 4 hardware and software basic
Lec no. 4 hardware and software basic
 
Spark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure Execution
Spark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure ExecutionSpark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure Execution
Spark Summit EU 2016: The Next AMPLab: Real-time Intelligent Secure Execution
 
Persistent Memory Programming: The Current State of the Ecosystem
Persistent Memory Programming: The Current State of the EcosystemPersistent Memory Programming: The Current State of the Ecosystem
Persistent Memory Programming: The Current State of the Ecosystem
 
Understanding and Improving Device Access Complexity
Understanding and Improving Device Access ComplexityUnderstanding and Improving Device Access Complexity
Understanding and Improving Device Access Complexity
 
Network
NetworkNetwork
Network
 
Hardware
HardwareHardware
Hardware
 
Hardware and Software Basics With Dr. Poirot
Hardware and Software Basics With Dr. PoirotHardware and Software Basics With Dr. Poirot
Hardware and Software Basics With Dr. Poirot
 
Hwswb
HwswbHwswb
Hwswb
 
Ceph on Intel: Intel Storage Components, Benchmarks, and Contributions
Ceph on Intel: Intel Storage Components, Benchmarks, and ContributionsCeph on Intel: Intel Storage Components, Benchmarks, and Contributions
Ceph on Intel: Intel Storage Components, Benchmarks, and Contributions
 
Ceph on Intel: Intel Storage Components, Benchmarks, and Contributions
Ceph on Intel: Intel Storage Components, Benchmarks, and ContributionsCeph on Intel: Intel Storage Components, Benchmarks, and Contributions
Ceph on Intel: Intel Storage Components, Benchmarks, and Contributions
 
Spectrum Scale final
Spectrum Scale finalSpectrum Scale final
Spectrum Scale final
 
How to not fail at security data analytics (by CxOSidekick)
How to not fail at security data analytics (by CxOSidekick)How to not fail at security data analytics (by CxOSidekick)
How to not fail at security data analytics (by CxOSidekick)
 
Zero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xenZero footprint guest memory introspection from xen
Zero footprint guest memory introspection from xen
 
“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...
“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...
“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...
 

More from James Salter

The Machine - a vision for the future of computing
The Machine - a vision for the future of computingThe Machine - a vision for the future of computing
The Machine - a vision for the future of computingJames Salter
 
Accumulo: A Quick Introduction
Accumulo: A Quick IntroductionAccumulo: A Quick Introduction
Accumulo: A Quick IntroductionJames Salter
 
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...James Salter
 
INC 2005 - ROME: Optimising DHT-based Peer-to-Peer Networks
INC 2005 - ROME: Optimising DHT-based Peer-to-Peer NetworksINC 2005 - ROME: Optimising DHT-based Peer-to-Peer Networks
INC 2005 - ROME: Optimising DHT-based Peer-to-Peer NetworksJames Salter
 
PDPTA 05 Poster: ROME: Optimising Lookup and Load-Balancing in DHT-Based P2P ...
PDPTA 05 Poster: ROME: Optimising Lookup and Load-Balancing in DHT-Based P2P ...PDPTA 05 Poster: ROME: Optimising Lookup and Load-Balancing in DHT-Based P2P ...
PDPTA 05 Poster: ROME: Optimising Lookup and Load-Balancing in DHT-Based P2P ...James Salter
 
FCS 05: A Multi-Ring Method for Efficient Multi-Dimensional Data Lookup in P2...
FCS 05: A Multi-Ring Method for Efficient Multi-Dimensional Data Lookup in P2...FCS 05: A Multi-Ring Method for Efficient Multi-Dimensional Data Lookup in P2...
FCS 05: A Multi-Ring Method for Efficient Multi-Dimensional Data Lookup in P2...James Salter
 
Agents and P2P Networks
Agents and P2P NetworksAgents and P2P Networks
Agents and P2P NetworksJames Salter
 
Lecture - Network Technologies: Peer-to-Peer Networks
Lecture - Network Technologies: Peer-to-Peer NetworksLecture - Network Technologies: Peer-to-Peer Networks
Lecture - Network Technologies: Peer-to-Peer NetworksJames Salter
 
Lecture: Software Agents and P2P
Lecture: Software Agents and P2PLecture: Software Agents and P2P
Lecture: Software Agents and P2PJames Salter
 
INC 2004: An Efficient Mechanism for Adaptive Resource Discovery in Grids
INC 2004: An Efficient Mechanism for Adaptive Resource Discovery in GridsINC 2004: An Efficient Mechanism for Adaptive Resource Discovery in Grids
INC 2004: An Efficient Mechanism for Adaptive Resource Discovery in GridsJames Salter
 

More from James Salter (10)

The Machine - a vision for the future of computing
The Machine - a vision for the future of computingThe Machine - a vision for the future of computing
The Machine - a vision for the future of computing
 
Accumulo: A Quick Introduction
Accumulo: A Quick IntroductionAccumulo: A Quick Introduction
Accumulo: A Quick Introduction
 
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...
An Efficient Reactive Model for Resource Discovery in DHT-Based Peer-to-Peer ...
 
INC 2005 - ROME: Optimising DHT-based Peer-to-Peer Networks
INC 2005 - ROME: Optimising DHT-based Peer-to-Peer NetworksINC 2005 - ROME: Optimising DHT-based Peer-to-Peer Networks
INC 2005 - ROME: Optimising DHT-based Peer-to-Peer Networks
 
PDPTA 05 Poster: ROME: Optimising Lookup and Load-Balancing in DHT-Based P2P ...
PDPTA 05 Poster: ROME: Optimising Lookup and Load-Balancing in DHT-Based P2P ...PDPTA 05 Poster: ROME: Optimising Lookup and Load-Balancing in DHT-Based P2P ...
PDPTA 05 Poster: ROME: Optimising Lookup and Load-Balancing in DHT-Based P2P ...
 
FCS 05: A Multi-Ring Method for Efficient Multi-Dimensional Data Lookup in P2...
FCS 05: A Multi-Ring Method for Efficient Multi-Dimensional Data Lookup in P2...FCS 05: A Multi-Ring Method for Efficient Multi-Dimensional Data Lookup in P2...
FCS 05: A Multi-Ring Method for Efficient Multi-Dimensional Data Lookup in P2...
 
Agents and P2P Networks
Agents and P2P NetworksAgents and P2P Networks
Agents and P2P Networks
 
Lecture - Network Technologies: Peer-to-Peer Networks
Lecture - Network Technologies: Peer-to-Peer NetworksLecture - Network Technologies: Peer-to-Peer Networks
Lecture - Network Technologies: Peer-to-Peer Networks
 
Lecture: Software Agents and P2P
Lecture: Software Agents and P2PLecture: Software Agents and P2P
Lecture: Software Agents and P2P
 
INC 2004: An Efficient Mechanism for Adaptive Resource Discovery in Grids
INC 2004: An Efficient Mechanism for Adaptive Resource Discovery in GridsINC 2004: An Efficient Mechanism for Adaptive Resource Discovery in Grids
INC 2004: An Efficient Mechanism for Adaptive Resource Discovery in Grids
 

Recently uploaded

costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

Security by Design for The Machine

  • 1. Security for The Machine: By Design James Salter, Research Manager Security and Manageability Lab
  • 2. 2014 DNS Logging Trafodion Location Aware 1967 Cesium-beam atomic clock 1966 Light-Emitting Diode (LED) 1972 Pocket Scientific Calculator 1975 Standard for Interface Bus 1980 Office Laser Printer 1984 Inkjet Printer 1986 3D graphics workstations 1980 64-channel Ultrasound 1989 Digital Data Storage Drive 1994 64-bit architecture 1999 Molecular Logic Gate 2001 Utility Data Center 2002 Rewritable DVD for standard players 2003 Smart Cooling 2005 Virus Throttle 2010 ePrint 2011 MagCloud 2011 3D Photon Engine 2011 StoreOnce 2012 StoreAll 2013 Threat Central 2013 SureStart 2014 3D Printing Technology Innovation is our legacy and our future 1966 1968 Programmable Desktop Calculator 1986 Commercialized RISC chips 2008 Memristor discovered 2012 OpenFlow switches 2013 HP Moonshot 2015 Distributed R HP Labs
  • 3. Innovation is our legacy and our future
  • 4. The Past 60 Years 4 1950s 1960s 1970s 1980s 1990s 2000s Today
  • 9. 9
  • 11. Security challenges 11 Scale New architecture Which control points? Performance bottleneck Resource constraints
  • 12. Principles Security by design, not as an afterthought A secure foundation for applications 12
  • 13. The Machine security framework 13 The first computer with security built-in from the ground up Data always protected: in use, in flight and at rest Secure boot and firmware Run time monitoring Access control Low energy encryption Protect Giving The Machine the ability to protect itself, even against completely unknown threats Compromised components Firmware and kernel tampering Runtime malware monitoring Monitoring for data leakage Detect Always safe, always recoverable, without sacrificing performance Recovery at the firmware layer OS, application, and data recovery Systematic recovery at scale with minimal human intervention Recover
  • 14. Protect: Access control at different layers 14 Hardware Application Thread Data Data Data Application Thread Data Data Data Operating System
  • 15. Detect: Tamper-proof monitoring/introspection 15 Operating System Hardware and Firmware Normal mode Monitor Secure mode
  • 16. Detect: Primitives to enable detection outside The Machine 16 HPE DNS Malware Analytics Where to collect data from? – problems placing probes Primitives/APIs for event collection
  • 17. Recover: Recovery from malicious actions 17 Recovery at the firmware layer OS, application and data recovery Systematic recovery at scale with minimal human intervention Example: Recover from kernel level malware attack • Out-of-band integrity measures trigger an alarm • Migrate workload to a new core • Perform secure reboot to restore trusted state • Freeze machine core and send for forensic analysis • Turn on advanced monitoring
  • 18. Security for The Machine 18 Efficient Resilient Scalable Manageable • An opportunity to design and implement security from the ground up • Security is not an afterthought, but a conscious design decision