Caission: A system for secure, adaptive network processing and introspection

Abstract

Research problem. Hardening the security of existing legacy systems is challenging. The largeattack surface of these monolithic, com,plex systems makes preventing compromises a Sisypheanfeat. Additionally, we must increase their resilience to dynamic situations and, failures. This is particularlychallening for battlefield systems that may suffer network partitions or hardware failuresdue to syst,n componentsspread across a network. While the network can open an attack vector, it also acts as an abstractionlayer that can provi,de new functionality beyond just data transport. Firewalls are perhaps thesimplest example of a pervasively used network function th,at automatically provides (simple) securityservices for unmodified endhost applications by constraining communication to certain hos,ts.However, a compromised monolithic kernel makes bypassing the firewall trivial, and firewall processingis inherently limited by no,t enabling general computation, nor inter-node coordination.This proposal addresses the problem of how security services can be adde,d into the networkprocessing of a system, while not increasing its attack surface. The project will show how significantintelligence, can be placed into the network to enable the system to increase both security andadaptability to changes in the underlying topology,, with no modifications to legacy software.Objectives. This research has the following objectives:- Use automatic verification to fu,nctionally verify a hypervisor that interposes on network traffic.Verification paired with virtualization ensures trustworthy extens,ion of existing systems.- Demonstrate the ability of automatic verification techniques, with proper system design, to scaleup to mul,ti-core systems.- Enable network computations that can transparently encode, route, and transform packets. Thisenables not only the,potential detectionand prevention of data encryption and exfiltration andnetwork deception, but also transparent network reconfigura,tion upon partition (e.g. ship damage).- Demonstrate the ability to provide sidecar computations that offload important or sensitive, computationto the trustworthy environment such as private key computations.Technical approach and outcomes. This research extends o,ur work on specialized OS systems inthe Composite component-based OS, and in edge cloud, network processing systems. To avoidthe inc,reased complexity of a hypervisor necessarily increasing the systems attack surface, weinvestigate functional verification to enabl,e its trustworthy deployment. Verifying a complex codebaseoften requires a significant effort, and hinders system modification over,time. To alleviatethese downsides, we use the more automatic push-button verification, that imposes constraintson system design. A,s such, we design all layers of the system to accommodate these automatictechniques. Using this infrastructure, we investigate a var,iety of network functions to protectand control network packets, the transparent adaptation to network topology changes, and sidecar,computations to offload sensitive data and processes.Impact on DoD capabilities. Legacy systems that constitute the IT infrastructur,e and much ofthe deployed infrastructure can benefit from the transparent increases in security and adaptabilitythat this research p,rovides. Anti-ransomware, network deception, transparent encryption, privatekey computation offloading, and network adaptation will,all increase the resiliency of these systems.This research also enables a number of future defences, including research into trustwo,rthy,distributed anomaly detection.Approved for pub

Document Details

Document Type

DoD Grant Award

Publication Date

Jan 14, 2022

Source ID

N000142212084

Entities

Tags