Security for The Machine: By Design
Download as PPTX, PDF1 like807 views
This document discusses security for a new computing architecture called The Machine. It begins by providing examples of technological innovations from the past 60 years. It then discusses the shift from processor-centric to memory-driven computing in The Machine. The rest of the document outlines the security framework for The Machine, including building security in from the ground up, protecting data at rest and in flight, secure boot and firmware, runtime monitoring, and access control. It also discusses capabilities for detection of compromised components or tampering and recovery from security incidents.
Security for The Machine: By Design
- 1. Security for The Machine: By Design James Salter, Research Manager Security and Manageability Lab
- 2. 2014 DNS Logging Trafodion Location Aware 1967 Cesium-beam atomic clock 1966 Light-Emitting Diode (LED) 1972 Pocket Scientific Calculator 1975 Standard for Interface Bus 1980 Office Laser Printer 1984 Inkjet Printer 1986 3D graphics workstations 1980 64-channel Ultrasound 1989 Digital Data Storage Drive 1994 64-bit architecture 1999 Molecular Logic Gate 2001 Utility Data Center 2002 Rewritable DVD for standard players 2003 Smart Cooling 2005 Virus Throttle 2010 ePrint 2011 MagCloud 2011 3D Photon Engine 2011 StoreOnce 2012 StoreAll 2013 Threat Central 2013 SureStart 2014 3D Printing Technology Innovation is our legacy and our future 1966 1968 Programmable Desktop Calculator 1986 Commercialized RISC chips 2008 Memristor discovered 2012 OpenFlow switches 2013 HP Moonshot 2015 Distributed R HP Labs
- 3. Innovation is our legacy and our future
- 4. The Past 60 Years 4 1950s 1960s 1970s 1980s 1990s 2000s Today
- 6. 6 I/O Copper
- 7. 7 Copper
- 8. 8 Copper
- 9. 9
- 10. From processor-centric computing… 10 Memory Memory Memory Memory SoC SoC SoC SoC SoC SoC SoC SoC Memory + Fabric …to Memory-Driven Computing
- 11. Security challenges 11 Scale New architecture Which control points? Performance bottleneck Resource constraints
- 12. Principles Security by design, not as an afterthought A secure foundation for applications 12
- 13. The Machine security framework 13 The first computer with security built-in from the ground up Data always protected: in use, in flight and at rest Secure boot and firmware Run time monitoring Access control Low energy encryption Protect Giving The Machine the ability to protect itself, even against completely unknown threats Compromised components Firmware and kernel tampering Runtime malware monitoring Monitoring for data leakage Detect Always safe, always recoverable, without sacrificing performance Recovery at the firmware layer OS, application, and data recovery Systematic recovery at scale with minimal human intervention Recover
- 14. Protect: Access control at different layers 14 Hardware Application Thread Data Data Data Application Thread Data Data Data Operating System
- 15. Detect: Tamper-proof monitoring/introspection 15 Operating System Hardware and Firmware Normal mode Monitor Secure mode
- 16. Detect: Primitives to enable detection outside The Machine 16 HPE DNS Malware Analytics Where to collect data from? – problems placing probes Primitives/APIs for event collection
- 17. Recover: Recovery from malicious actions 17 Recovery at the firmware layer OS, application and data recovery Systematic recovery at scale with minimal human intervention Example: Recover from kernel level malware attack • Out-of-band integrity measures trigger an alarm • Migrate workload to a new core • Perform secure reboot to restore trusted state • Freeze machine core and send for forensic analysis • Turn on advanced monitoring
- 18. Security for The Machine 18 Efficient Resilient Scalable Manageable • An opportunity to design and implement security from the ground up • Security is not an afterthought, but a conscious design decision