This document discusses computer security innovation and proposes a Secure Computing Infrastructure (SCIF) as a foundational solution. Some key points: - Current computer security approaches are unsustainable and non-scalable as they do not build security in from the beginning. - Operating systems and applications lack basic immune systems and are not written robustly, leading to vulnerabilities. - The document proposes a SCIF that uses components like the Parallella board running seL4 microkernel with Erlang virtual machine to securely run applications and provide fault tolerance. - A phased approach is outlined to prototype and field trial the SCIF as a more secure computing foundation.

1. Computer Security Innovation
IMHO
Presented for your consideration by: Fred Seigneur
Copies of the Power Point file are available at:
wfredsr@SecureComputingInnovationForum.org

2. 2014 Cybersecurity Innovation
Forum
 In January 2014, I attended the 2014
Cybersecurity Innovation Forum, in
Baltimore.
 One reason I attended was that I was
impressed with the Forum’s stated vision.

3. 2014 Cybersecurity Innovation
Forum – Background and Vision
In spite of this insightful and accurate assessment that our current approach to
Cybersecurity is unsustainable, and non-scalable, rather little innovation to
“define and embrace a fundamentally different approach to enterprise architecture
security – one that builds security in from the beginning as a robust and solid
foundation upon which to conduct our transactions” was presented.

4. Foundational Weaknesses
 Helms Deep
Photo Source

5. Foundational Weaknesses
Photo Source
Such weaknesses exist, but are poorly understood and generally ignored

6. Computer Security - Defense in Depth
Helms Deep had Defense in Depth
Photo Source

7. Computer Security - Defense in Depth
But, the fatal flaw was in the foundation
Photo Source

8. The Root(s) of the Problem
 Today’s Operating Systems are not secure
and are too complex to secure by retrofit.
 Few Operating Systems or Applications
are rugged.
 Don’t verify inputs.
 Crash leaving attack vectors for malicious
code.
 Most current security “solutions” are
“Band-Aid” approaches.

9. Operating Systems and Applications
Lack a Basic Immune System
 Like someone who must be
protected by an external
bubble
 What’s wrong with this
picture?
 David Vetter, a young boy from Texas,
lived his life - in a plastic bubble.
Nicknamed "Bubble Boy," David was born
in 1971 with severe combined
immunodeficiency, and was forced to live in
a specially constructed sterile plastic
bubble from birth until he died at age 12.
(The photo is from a movie based,
inappropriately, on David’s plight.) Photo Source

10. Foundational Immune System Deficiencies
 Two very serious foundational software
problems
 Operating Systems
 Applications Software
 Both of these have the same root cause
 Software Developers do not write robust
code. Why?
 They don’t know how
 They don’t know why it’s important
 They did not learn how, or why it’s so critical

11. Foundational Immune
Deficiencies (Cont.)
 Two very serious foundational
educational problems
 Software developers have NOT been
taught why or how to write robust and
defensive code.
 Many CS Professors don’t know how to
write robust and defensive code, or why it
is necessary to teach it.

12. Long Term Solutions
 Better Education
 Better Computer Security Education
 Better CS and Engineering Education
 Include Basic Computer Security Education
Thread in Virtually All University/College
Departments
 Create Demand for Foundational Security
Solutions
 IT Procurement Authorities & Staff
 Users
 University/College Accreditation Authorities

13. How Can This be Done?
 Some Universities understand these
issues
 A few Educational Institutions have
realized that they can differentiate
themselves in the educational market by
implementing steps such as those above.

14. The Current State of Cyber
Security Practice
 Patch known holes
 Hope we fixed ALL the holes

15. Small leaks can get bigger and
some still remain undetected

16. But, then …
It is not IF your dam will break, it’s WHEN

17. Plan Ahead
 Your dam WILL break
 Start planning a downstream dam ASAP
 Existing components, available today, can be
integrated to create a Secure Computing
InFrastructure (SCIF*)
* SCIF – A compartmentalized infrastructure for
processing sensitive information

18. Secure Computing Infrastructure (SCIF)
 The SCIF can be used in an embedded system (such as IoT , Smart
Grid, SDN White Box Switches) or as an SDN Controller and executes
Erlang functions as transactions. One envisioned SCIF application is
as a Secure Network Interface Function (SNIF), which can be used to
authenticate inputs to and outputs from a secure enclave. With two or
more SCIF boards in a system, fault tolerance is supported using
Erlang fault tolerance.
 A Trusted SCIF Interactive Development Environment (SIDE) for SCIF
applications, based on SysML and a SCIF Management System (SMS)
for Administration of the SCIF and SNIF are supported via Erlang
running on a virtualized instance of Linux, atop seL4 and will be fault
tolerant, using Erlang's inherent fault tolerance capabilities
 The SCIF architecture can be used to host other Linux applications in a
more trusted and fault tolerant environment than with off the shelf
Linux.
 Block diagrams for the SCIF hardware and software follow.

19. Recent Progress
 The Parallella board seems ideally suited for the SCIF
prototype.
 The Erlang Virtual Machine runs on the Adaptiva
Epiphany chip.
 The secure seL4 microkernel runs on the ARM Cortex
A9 in the XILINX ZYNQ portion of the Parallella along
with drivers, TCP/IP protocol processing and the
Secure Network Interface Function.
 A SCIF is used to
 Applications run securely on the Epiphany in Erlang, a
functional programming language that supports soft
real-time, like a Software Defined Networking (SDN)
controller

20. Photos of Parallella 16 Core Board
Top View
Bottom View

21. Parallella Cluster

22. Parallella Architecture

23. Secure Computing Infrastructure
Software Architecture
User Mode Partitions
ARM Cortex A9 on XILIX ZYNQ Adaptiva Epiphany Multi Processor
Trusted
Device
Drivers
Separation Kernel (seL4)
Hardware w/Trusted Platform Module (TPM)
Kernel
Mode
Trusted
Encryption
Services
Secure
Network
Interface
Function
Erlang
Virtual
Machine
Code
Erlang
Byte
Code
Program 1
Erlang
Byte
Code
Program n

24. Phased Integration Plan
 Phase I - Proof of Concept/Prototype
Demonstration
 Phase II - Field Trials
Visit our LinkedIn group, the
Secure Computing Infrastructure Foundation