Many of the devices we use today, particularly those built using Android and Linux are essentially monolithic systems. They have a huge set of APIs and a massive code base, and while this is great for functionality, it makes them prone to successful attack.
To mitigate the threat of attack, a lot of effort has gone into hardening those APIs. Examples include SE for Android (now a part of Android), and work by companies including Samsung KNOX, Boeing, and many others. They are all essentially taking what exists today, and adding additional functionality (occasionally removing some too) to make it harder to compromise and ultimately reduce the chance of an attack being successful. In essence, they dabble around the edges.
Unfortunately these efforts simply do not scale. When a system compromises of a large, rich and fast evolving code base and set of APIs, a determined attacker will always find a deficiency or exploit which they can use to gain privileged access to the system. It is a race you cannot win.
Very recently, Silent Circle has fallen victim to the large code base it relies upon. While Silent Circle does amazing work in addressing some security and privacy deficiencies of the Android platform, they aren’t superhuman either. See https://threatpost.com/silentcircle-patches-modem-flaw-that-exposes-blackphone-to-attack/115793/
In fact, no vendor building a modern connect device can claim to be hacker proof.
There is a better way however…
The alternative is to acknowledge that these large code bases will be attacked. Then, design systems in such a way that the attack is not successful in its ultimate goal. That is, build systems so that you isolate and contain vulnerabilities. This is achieved by identifying disjoint functionality and placing them in separated and isolated components with minimal APIs. Crucially, this is done in a way that adds multiple levels of protection, known as defense-in-depth. This isn’t new either – a lot of our systems are designed this way at the hardware level, but until recently most software systems have not been designed this way. If we build our software this way, then it makes it easy to detect such exploits, and take action before they achieve their end goal.
That is, design it, and then built it right. Technology has matured to a point that there is no excuse any more for not building our systems this way. One of our platforms, D4 Secure, solves this by taking a componentized approach such as shown in the figure. It builds on work we’ve done previously with GD, NSA, and many other industry leaders in building trustworthy systems.
Its a way of having your cake, and eating it too. That is, we can have the best of both worlds. Security and Privacy, while also having a rich and evolving user experience provided by platforms such as Android.
To learn more about D4 Secure, send us a note…