Singapore is one of the most highly connected smart-cities of the world. Singapore’s government services, defence and industrial agencies, and enterprises rely heavily on backend IT/computing infrastructure for their business and operations. Most of today’s backend infrastructure consists of third-party or commercial off-the-shelf (COTS) software solutions integrated into a larger infrastructure, which we call as a COTS-integrated platform. However, the COTS-integrated platform, by its very nature, integrates software systems from several mutually-distrusting parties. Such a COTS-integrated platform raises a major security challenge --- while its users rely on the COTS application platform to function securely free of vulnerabilities, COTS application designers cannot fully anticipate how such components will be integrated into an enterprise IT backend. The fundamental question is: how do we build an operationally secure COTS-integrated platform that is resilient to attacks?
In this proposal, we take a pragmatic approach to build a trusted infrastructure which incorporates sub-components that may be vulnerable to security exploits or may be even outright malicious. Our approach departs significantly from previously pursued research directions.
• One previous research direction is the use of automated formal verification methods like model checking to build trustworthy systems. While promising and alluring in concept – model checking and other formal verification methods are well-known to suffer from scalability limitations, and are known to scale to only few thousand lines of code, with current verification technology.
• Another prominent research direction explored is the use of “virtualization” to provide an isolated/contained environment for sensitive processing. However, simply isolating a sub-component using virtualization does not guarantee any security in a system that communicates or shares interfaces and data with other components.
• Finally, a third prominent approach is the use of information-protection techniques, such as encryption, to protect against compromise/theft of sensitive information on data processed by COTS components. While these techniques are useful for protecting data at rest (e.g. encrypted file storage), enabling computation on encrypted information without access to keys has been an open challenge. Further, existing commercial solutions for encrypted storage have poor usability (e.g. costly to revoke access to users or for lost devices), in practical applications (e.g. email storage) wherein large data and thousands of users / devices are involved.
Our approach aims to bridge together these divergent directions of research, and combine them in novel ways to enable a trustworthy COTS-integrated platform. We view the engineering of trustworthy systems as adding several layers of defence via rigorous testing, analysis and monitoring of the system components, verifying communication across components, and allowing encryption of sensitive data processed by applications via the enabling of computation on encrypted data. We envision translation in collaboration with our industry partners ST Electronics (Info-Security), NEC Laboratories and Symantec. Further, we envision that many of our point technologies in binary analysis and binary hardening will directly help in creating innovative and robust processes in the functioning of various government agencies such as DSTA.