Linux Security Summit 2015/Abstracts/Wettstein
CC3: An Identity Attested Linux Security Supervisor Architecture
Richard Engen MSFS, Johannes Grosen MS Scott Stofferahn, Greg Wettstein R.Ph., Ph.D. IDfusion, LLC
Ubiquitous global networking and the economic incentives of commodity hardware and operating systems have conspired to produce a crisis of unprecedented status in information security. Of particular concern is security for systems controlling infrastructure or containing data, such as healthcare information, where no ex-post-facto redress is available for information disclosure.
Recent compromises suggest classic defensive systems based on intrusion protection and detection technologies are failing, by leaving systems compromised for months before detection. Emerging technologies such as containerization address isolation, but do not address intrinsic system compromise detection.
Integrity measurement architectures (IMA), in combination with dynamic root of trust offer the means to implement compromise detection. The challenge is implementing IMA determinism and platform management, particularly in environments involving thousands of system deployments.
This presentation and paper discuss a Linux security supervisor architecture, under active development and deployment, based on a device identity mutual attestation model which addresses these issues.