In the early day of the computer revolution, the forcing function of optimization drove computer design, observed Mike Walker, principal researcher at Microsoft Research NExT, in the second plenary presentation. “Computers lived on desktops, and every single transistor was stretched to the limit in order to bring to life the miracle of personal computing.”
Today, just a few decades later, the forcing functions have changed. The power and ubiquity of computers are forcing a fundamental rethinking of computer security and device architecture. Networked computers are driving cars on highways. They are bolted into the doors of homes. They are connected to the control systems of furnaces. “We have used the power of networked computers to achieve so much efficiency and power delivery that we no longer have the production capacity to abandon them,” said Walker. “We have gone from efficiency to dependence.”
Even more radical change is on the way. Autonomous LIDARequipped rotorcrafts, piloted by artificial intelligence, are being deployed in commercial civilian applications around the globe and are poised to change industries as vast as shipping. Literally billions of tiny computers could soon be embedded in everyday objects, creating an Internet of Things that could transform daily life. “Futurists are laying the groundwork for a civilization in which every perceived human moment is mediated and assisted by a networked computer.”
All these networked applications of computers will need to be protected from malicious actors, Walker pointed out. Today, 24-hour security operations centers staffed by specialized analysts are detecting attacks, diagnosing security faults, managing incidents, and keeping mission-critical services running on servers, desktops, laptops, and
smartphones in the face of continual assault. Soon they will be tasked with protecting refrigerators, heart rate monitors, and vehicles moving at freeway speeds. As an example, Walker showed a photograph of a research prototype for a car hacking appliance, which takes advantage of modern vehicles’ connection to the internet. The consequences of such hacks can be very disruptive, he noted. One luxury vehicle brand recently faced an ultimatum from insurers, who are now in the business of calculating the risk of adversarial interference in millions of connected control systems. “Your vehicles are so easily hacked,” the insurers said, “that they can no longer be insured.”
As computers spread into more and more applications, the challenge will continue to grow. Walker briefly described the SHIELD (Supply Chain Hardware Integrity for Electronics Defense) dielet, a 100-micrometer-square, fully functioning, self-contained computer developed by the Defense Advanced Research Projects Agency (DARPA). In many ways, such devices are more advanced than the Macintosh computer. When they are scattered throughout the world in the billions, security operations centers as they currently exist will be helpless to manage intrusions. “The resulting mandate, quite simply, is automate or perish.”
In the future, the devices needing protection will not be discrete, large, and complex central processing units (CPUs) dedicated to maximally efficient computation, said Walker. They will be small, often mobile devices constituting part of the Internet of Things. In the single-CPU model, malware and the operating system are locked in an endless war to control the device. In the future, security will extend to distributed devices that will be part of an always-on security ecosystem.
The first property of a device in such an ecosystem, as Greene also observed, is a hardware root of trust, Walker explained (see box 2-1 for his enumeration of a secure system’s properties). A hardware root of trust allows a device to perform certificate-based authentication on any code it runs to check for proof that the code is legitimate. The device can boot a small, trusted, and highly verified independent security subsystem with supervisory capabilities that can inspect and modify code
across the device. This trusted core will embody everything learned in the past about creating armored software, said Walker. Using techniques such as randomized execution, attack surface reduction, formal verification, and automated auditing, it will remove security functions from the general purpose computer and enable it to run as fast as it can.
This trusted core undergirds other properties. For example, technologies with names like sandboxing, jails, and virtualization zones can achieve what is known as dynamic compartmentalization, which isolates security failures from the core functions of the device. A successful attack on an application should never create a foothold to attack the vantagepoint from which defenders are responsible for remediating attacks against the device, Walker said. Trusted introspection can generate trusted evidence of intrusion.
With these properties in place, other security provisions can be remotely delivered from a trusted vantagepoint that is unassailable by attackers. Security systems can deliver signatures, renew security, or call for help.
Complex mobile devices like the iPhone already contain technologies that embody these principles. For example, Apple has built a security enclave in the iPhone that has its own instruction set. The enclave is an
independent, simple, limited computer whose purpose is to retain certain keys and secrets, perform attestation operations on those secrets, and never reveal the plaintext of those secrets. Even if the main processor of the iPhone is compromised, the enclave can treat the phone’s main CPU as an untrusted node, and other processors have the option to trust interactions with the enclave even if they know the operating system to be compromised.
This is “a remarkable resilience property,” said Walker. It was created not through superior software engineering on a single CPU but instead through a complete architectural revolution. That revolution has come first to the high end of the mobile phone market, but “it must come and is coming to even the tiniest and most ubiquitous of processors.”
Once such chips become mainstream, defenders will no longer be engaged in a battle to maintain control, connectivity, and trust in endpoints. The endpoints will be wired into a security ecosystem that is always on, Walker observed. Furthermore, that security will not be limited to the device but will live in the cloud.
As scale forces security analysts to automate their work, they will need to automate a series of expert tasks that require investigation, abstraction, reasoning, and judgment, Walker explained. Artificial intelligence (AI) will be essential to perform these tasks at scale, at speed, and with high confidence. It will need to identify, describe, and remediate novel attacks on software that have not been previously identified by security researchers. AI systems will spot, describe, and counter entirely new hacking techniques.
Such systems have already begun meeting this challenge. In an August 2016 competition supported by DARPA, the first cybersystems capable of novel cyberattacks and defense engaged in a live battle, with a grand prize of $2 million on the line. DARPA challenged the systems with remixed versions of some of the most famous problems from the history of computer security. In a feat that was applauded by the security experts in attendance, an AI system known as Mayhem performed a world-class feat of bug hunting without any a priori knowledge of the bug or any access to the source code. It not only detected the bug but wrote its own proof and test case and created the knowledge necessary to exploit and defend against the flaw in real time.
Because it won, Mayhem got to play in the biggest and most competitive hacking contest in the world. DEFCON Capture the Flag is a live competition between international professional hacking teams that Walker described as “the pinnacle of human achievement in the field of adversarial computation.” Mayhem did not win the competition, and it suffered some “teething issues” with a game somewhat different from the one it was designed to play. Nevertheless, it accomplished something remarkable, said Walker: It discovered and exploited a flaw in the software that no human team managed to exploit during the entire two-day competition.
Artificial intelligence “continues to surprise us with its rush toward human parity in many fields,” Walker summarized. Such systems are not yet as good as humans in many areas of computer security, and learning to trust these systems will require testing, modeling, and time. But “the foundations have been built,” he said; “the dream is alive.”
Efforts are now underway at major cloud companies to build armored vantagepoints directly into the fabric of future clouds. These will provide unassailable introspection into workloads while AI devices defend against intrusions. The result will be something like a biological immune system, Walker explained in response to a question, in which attacks are identified, countered, and shared with others so they do not happen again.
In the past, computer security has been a slow contest played at a distance between teams of human thinkers. In the future, it will be a contest waged at scale between thinking machines. “We have lived for years with the structural disadvantages of human defense,” said Walker. Artificial intelligence “is going to give us the chance to level that playing field at last.”