By AJ Shipley
In my last blog post, I focused on securing the device at a high level, and in this post, I’d like to dive a bit deeper into the technical aspects of device security; specifically, regarding defense against “run time,” or operational vulnerabilities, that a system is exposed to after it has booted up.
A defense in depth approach requires that we assume that the integrity of the system will be compromised at some point, so we must implement security capabilities that are designed to mitigate such a breach if and when it happens. One of the most devastating outcomes of a cyber security attack is for a malicious user to gain “root” access. The threats that target the largest percentage of vulnerabilities are designed with this specific goal in mind, and in fact, the tagline of the popular Metasploit Framework is “Point, Click, Root.”
If we operate under the assumption that a malicious actor will gain access to the system, we must ask ourselves what is the most effective way to quarantine those bad actors when it happens. Various forms of access control, whether discretionary, non-discretionary, or mandatory access control ensure that if a system becomes compromised, the attacker does not have access to the resources or critical technology contained in the system. Additionally, partitioning technologies such as a hypervisor or a separation kernel, ensure that a compromised operating system is not able to access other operating systems that may be running mission critical applications.