Integrity Levels: A New Paradigm for Protecting Computing Systems
Chris Jenkins - Sandia
Apr 09, 2014Size: 285.3MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractAs the field of determined and increasingly sophisticated adversaries multiplies, the confidence in the integrity of deployed computing devices magnifies. Given the ubiquitous connectivity, substantial storage, and accessibility, the increased reliance on computer platforms make them a substantial target for attackers. Over the past decade, malware transitioned from attacking a single program to subverting the OS kernel by means of what is known as a rootkit. While computer systems require patches to fix newly discovered vulnerabilities, undiscovered vulnerabilities potentially remain. Signature-based schemes seek to detect malware with a known signature or digital fingerprint. Signature-less schemes seek to detect anomalies within the computer system by understanding normal behavior. Both architectures are typically built on top of existing solutions or paradigms. Furthermore, these solutions tend to utilize mechanisms that operate within the OS. If the OS becomes compromised, these mechanisms may be vulnerable to deactivation.
We propose an approach to designing computer systems that inherently decouples the function of the computer system from its security specification. Instead of preventing and detecting malware attacks by patching code or using signatures (though we can use them as well), our proposed approach focuses on the policy specification of the system and possible graceful degradation of functionality according to the policy as anomalies of security concern are detected. We believe this innovative paradigm uses existing technologies in a novel manner to determine the integrity level of the system. Based on the integrity level, the system may behave differently and/or limit access to data available at a given integrity level.
About the SpeakerDr. Chris Jenkins is a senior member of technical staff at Sandia National Laboratories in Albuquerque, NM. His primary responsibility focuses on researching new computing paradigms for mitigating compromise (malware) in current computing systems. He seeks to find ways to move beyond detection and prevention of malware and rootkits. Specifically, he concentrates on how to design systems that operate in a compromised state while maintaining availability and basic functionality. For decades, computer systems have been designed around the OS/app two- domain model. He has proposed a different model that attempts to bridge the old model to a new proposed four-domain model. The current prototype highlights a potential framework for achieving this goal. The current prototype utilizes various technologies ranging from low-level virtualization techniques to computer security policy specification at a high level. Additionally, he taught a mini-course entitled Virtualization on ARM at Sandia. His current career aspiration emphasizes on finding different ways to utilize next-generation processor and platforms to solve current and future cyber-security challenges. Chris received his bachelor’s degree in computer engineering from the University of Illinois at Urbana-Champaign. He finished his PhD at the University of Wisconsin-Madison focusing on accelerating cryptographic algorithms utilizing SIMD execution units on a software-defined radio DSP.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.