Self-Securing Devices:Better Security via Smarter Devices

Carnegie Mellon University
From all indications, assured OS security seems to be an impossible goal.
In this talk, I'll promote a complementary approach to network security
in which each individual device erects its own security perimeter and
defends its own critical resources (e.g., network link or storage media).
Together with conventional border defenses, such self-securing devices
could provide a flexible infrastructure for dynamic prevention, detection,
diagnosis, isolation, and repair of breaches in borders and device security
perimeters. I'll overview the self-securing devices approach and the
siege warfare analogy that inspired it. In addition to general challenges
of designing and managing self-securing devices, I'll describe self-securing
storage devices and self-securing NICs (network interface cards) as
concrete examples.

Greg Ganger is a professor in the ECE department at Carnegie Mellon
University. He has broad research interests in computer systems,
including storage systems, security, and operating systems. Some
current projects explore local and distributed storage survivability,
more expressive storage interfaces, MEMS-based storage, and of course
self-securing devices. Greg is the Director of CMU's Parallel Data
Lab, academia's premiere storage systems research center. His Ph.D.
in Computer Science and Engineering is from The University of Michigan,
and he spent 2.5 years as a postdoc at MIT working on the Exokernel
project.