Secure Computer Systems (Shrobe)


Published on

Presentation from the Colloquium on Future Directions in Cyber Security on Nov 7, 2011.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Secure Computer Systems (Shrobe)

  1. 1. Howard ShrobeProgram Manager, Information Innovation Office Secure Computer Systems DARPA Cyber Colloquium Arlington, VA November 7, 2011 Approved for Public Release, Distribution Unlimited.
  2. 2. Today’s Practice P4: Perimeter Protection, Patch & Pray isn’t Convergent with The Threat • It’s not about better firewalls • It’s not about better virusSecurity software detection • It’s not about better intrusion detection Malware: • It’s not about better programmer practices It’s about learning from biology Attacker Effort: and societies how to design secure, adaptive and resilient systems. Defender Effort Approved for Public Release, Distribution Unlimited.
  3. 3. Humans Have Two Immune Systems: Innate and Adaptive neutrophils Fast, but inflexible, I macrophages covers fixed sets of N pathogen that are N always present. Supports A dendritic cells the adaptive immune T system. E CD16/ natural killer 56 (NK) cells A CD3/CD4 D CD4 T cell Slower, learns to A recognize new sets of thymus P pathogens, distinguishes T CD3/CD8 CD8 T cell self from non-self, I retains memory to guard V against future attacks. E CD19 B cellsAt least 20 – 30% of the body’s resources are involved inconstant surveillance and containment. Approved for Public Release, Distribution Unlimited.
  4. 4. Three Big Problems1. Systems can be easily penetrated2. Once penetrated, cleanup is prohibitively expensive, time-consuming, and unpredictable3. If one system can be penetrated, then nearly all of them can Approved for Public Release, Distribution Unlimited.
  5. 5. Mission-oriented Resilient Clouds Using the power of a computational community to protect massively shared computational infrastructureYour Software Lives Here Virtual Machine Virtual Machine Virtual Virtual Machine Machine Your Software Lives On A Network with 100K Other Virtual Machines and No Firewalls Modular Data Center Blade Server Blade Server Containers Racks Network Approved for Public Release, Distribution Unlimited.
  6. 6. Resilient Clouds: A Community that uses the Network as a Defensive Amplifier TODAY RESILIENT CLOUDS (CRASH++)Acting as individuals makes the Acting as a community makes theenterprise weaker than the sum of its enterprise stronger than the sum ofparts its parts• “Box” Oriented • Mission Optimized• Vulnerable Components • CRASH-worthy components• Static Sitting Duck • Moving Target• Shared Vulnerabilities • Resilience through Diversity• Implicit Trust is Amplifier • Collective Diagnosis is Damper Approved for Public Release, Distribution Unlimited.
  7. 7. Resilient Clouds Technology AreasCombined Goal of CRASH& Resilient Clouds Cyber-Mission ResilienceResilient Clouds Technologies Mission-Aware Optimizing Mission Networking and Resources Innate Distributed Shared Situational Awareness, Manageable & Taskable Defense Trust Modeling, and Diagnosis DiversityCRASH Technologies Innate Immunity Adaptive Immunity Manageable Diversity  Information flowFor more info see:  Control flow Approved for Public Release, Distribution Unlimited.
  8. 8. Secure Computer Systems CRASHClean-slate design of Resilient, Adaptive, Secure Hosts Approved for Public Release, Distribution Unlimited.
  9. 9. CRASH Applies Biological Principles to Computation Innate Immunity: New hardware & operating system architectures that eliminate all common technical vulnerabilities Adaptive Immunity Middleware that: • Diagnoses root causes of vulnerabilities and builds situational assessment • Quickly adapts & reconfigures • Learns from previous attacks and gets better at self-protection Population Diversity Computational techniques that: • Increase entropy in time and space • Make every system unique • Raise work factor of attacker for each system Approved for Public Release, Distribution Unlimited.
  10. 10. Innate Immunity: An Example Hardware Solution Conventional Computer Memory Register File Result Data Operand 1 A Data Data L Operand 2 U Tag 1 Tag Tag Tag 2 Trap Signal Instruction Tags Unit Result Tag Bounds Type Thread’s Principal Access Rules ProvenanceSoftware and hybrid solutions are Meta-computing Systemalso possible (e.g. PROCEED) Approved for Public Release, Distribution Unlimited.
  11. 11. Adaptive Immunity System 4. System model is adapted with Model new attack-specific detector 3. System model is used to perform diagnosis (e.g. localization and characterization) 2. Software system analog of adaptive1. Hardware analog immune system is 5. Adaptive immune of innate immune signaled system synthesizes plan system detects to get around problem anomaly and patch to remove specific vulnerability Approved for Public Release, Distribution Unlimited.
  12. 12. Dynamic Diversity Makes a Single Host Different from Moment to MomentAddress Space Randomization Instruction Set Randomization Disk Memory ICache Code and/or data blocks Instruction-1 Encrypted-1 Instruction-1 are periodically Instruction-2 Encrypted-2 Instruction-2 repositioned in memory so that attacker has to work Instruction-3 Encrypted-3 Instruction-3 harder to find a target. Garbage-collected memory Instruction-4 Encrypted-4 Instruction-4 has the property inherently, new methods may optimize Instruction-5 Injected-1 Encrypted-1 for increased entropy. Instruction-6 Injected-2 Encrypted-1 Encrypted-5 Instruction-5 Encrypted-6 Instruction-6Functional Redundancy & DecisionTheoretic Dispatch Code is encrypted as it enters memory and Decrypted as it enters There are multiple methods Goali the instruction cache (or translation for achieving each goal buffer). Injected code in native (“n-version programming”). instruction set is then encrypted Each distinct method has and not executable. Encryption key different qualities of service. can be varied by process and time. Method selection is driven Methodij QoSij both by preferences over QoS and by need for unpredictability. Approved for Public Release, Distribution Unlimited.
  13. 13. Turn the Tables: Make The Attacker Do The Work x x Attacker Attacker Attacker Effort: Effort: Effort: Defender Defender Defender Effort Effort EffortInnate Immunity Adaptive Immunity Dynamic Diversity• Novel Hardware • Policy Weaving • Compiler generated Diversity• Separation OS’s • Automatic Patching • Algorithmic• Information Flow • Selective Playback Diversity• Formal Methods • Symbiotes • Instruction Set Randomization Approved for Public Release, Distribution Unlimited.
  14. 14. An opportunity… Smartphone > PC shipments within 2 yearsImplies very rapid, land grab evolution of internet access Approved for Public Release, Distribution Unlimited.
  15. 15. Our goal……is to get CRASH & MRC technologies into your machines.• If you make computers, operating systems, middleware…• If you use these and can influence the people who make them• If you think there’s a great startup opportunity• Then we want to talk with you about how to transition our technologies into the real world.• Contact us at Approved for Public Release, Distribution Unlimited.