As networked technologies propagate, the need for secure systems is becoming ever more pressing. The recent SolarWinds hack demonstrated the wealth of potential attack vectors. So, if dropping off the grid is unattractive, what can be done to secure the networks and systems that citizens, companies, and states rely on now and in the future? Here are three of the most interesting recent pieces of thought leadership.
A Research Ecosystem for Secure Computing
This white paper was written by the Computing Community Consortium to advise US policymakers on recommendations to aid in the development of secure-by-design systems. While some of its main recommendations will seem familiar – to refocus research community efforts on developing interconnected technologies with security “baked in by design” –it also looks at creating an ecosystem with incentive structures for adopting security-focussed research, one which ensures adoption of promising research developments.
It does not go into great detail. However, the white paper lays out a roadmap for policymakers that goes beyond a simple technological focus to outline how to affect the underlying motivations and systems developing technology research, in order to improve fundamental security in computing. If the paper’s recommendations are adopted in a comprehensive manner by the incoming administration, it may pave the way more effectively for solutions to fundamental security problems that have plagued the technology and telecoms spheres for decades.
Meanwhile, other research is addressing more imminent security concerns in the networks we have today.A team led by theUniversity of Electronic Science and Technology of China, Chengdu recently produced a paper that explores the use of blockchain to create a lightweight security system in software-based networks supporting IoT devices over 5G and Beyond 5G networks.
The research team set out to overcome the challenge of authenticating and securing IoT devices and the traffic they generate, but without adding too much overhead to an already resource-constrained system at the device and Software-Defined Networking (SDN) controller. Using a blend of blockchain-based authentication, Virtual Network Function (VNF) optimisation, and lightweight checks at the SDN controller, their “Bloc-sec” system outperformed rivals in accuracy, delay, throughput, and packet loss rate. Their next step will be to further reduce the complexity of the blockchain structure.
Choreography in Security
While prevention is better than cure, a Paris-based collaboration has focused on developing ‘attack tolerance’ for web services in the cloud. They defined attack tolerance as the ability for services to function with minimal performance degradation even in the face of a detected attack. Web services – increasingly cloud-based – are vulnerable to a variety of new attacks exploiting cloud vulnerabilities such as Virtual Machine (VM) escape, hacked interfaces and APIs, and account hijacking, which are considerably reducing the effectiveness of traditional detection and prevention systems available in the market.
As a result, the authors proposed a risk-based framework that combines continuous system monitoring (for attack detection) with a series of reaction mechanisms to reduce the impact of those attacks. Chief among these reaction mechanisms is the concept of creating ‘choreographies’ of web services – variants of the web service code that are all capable of delivering the service required. Each variant would sit in one container or VM, and – if compromised by an attack – the vulnerable variant would be deleted and replaced by a different one.
The authors tested their proposed approach using a voting system hosted on Amazon Web Services (AWS). While effective, the authors pointed out that it could be further augmented by the use of predictive tools, as well as machine-learning tools to adapt based on past attacks.