As we start the new year and move into 2023, there are some key developments at IoTSF that we’d like to keep you updated on – especially our support and participation in the Digital Security by Design challenge.
But first, what is the Digital Security by Design challenge?
The team at the University of Cambridge describe its aim ‘to radically update the foundation of our insecure digital computing infrastructure, by demonstrating that mainstream processor technology and software can be updated to include new security technologies based on the CHERI Architecture, along with accompanying innovations across system software, runtime environments, formal verification, and tools from the UK research base and businesses.’
We are working with the teams at NQuiringMinds and the University of Oxford in support of that aim in the Secure Networking by Design (SNbD) project. In particular, we’re interested in the efficacy of a new platform with strong (novel and new!) memory safety technology that underpins the security of the network. The stated goal of the SNbD project is:
To reduce the threat and scale of remotely initiated (network) cyber attacks by securing the network against memory based vulnerabilities.
Our focus is on attacks initiated across the network: true action at a distance where the attack can be initiated from anywhere on the globe and in principle requires no privileged access.
It is the remotely initiated attacks that worry us most. A network based attack is a hyper scaling threat that can be triggered on mass, scaled with limited economic cost and can in many instances replicate itself, making it very hard to curtail.
The router is our main consideration, building on the ManySecured® project, and the value of enhancing a router’s capability through memory protection and thereby better protecting the rest of the network. If we can have a strong front door and windows (other gateways) to our home then it is more difficult for someone to access the valuables.
Detect and Protect at the Gateway
We’ve introduced a new architectural element that serves as a defensive controller that provides the real-time intelligence to monitor existing activity at the gateway, determine the threat level and act on that threat determination. We’re designing this element to be flexible in deployment – for example, it can sit on the gateway device itself, or be located remotely – thereby acting on many gateways simultaneously. As such, the (official name) ManySecured Defensive Controller, can act on its decisions locally and autonomously, or some of these operations may be delegated to another entity. Those decisions are part of the implementation details and are made at design time providing a great deal of flexibility without compromising on utility.
That gets us started, and we’ve plenty more to say so will be highlighting progress in a regular series of blogs. That is unless you’d like to be part of the development process with us – i.e. the router is a vital part of your future network defence – in which case we strongly encourage you to reach out and consider joining the ManySecured working group. It would be great to have you on board!
You can contact us by reaching out directly to James by phone or on LinkedIn.
You can also find out more about our work on next-generation router technology and open standards from the ManySecured website.