Sign-in / Sign-up

Hypervisors And The Cloud

Security Threat Analysis: Interview With Dino A. Dai Zovi
By

Alan: What do you think about future approaches to security such as a dumb terminal approach (i.e. Citrix or VNC in a world with infinitely fast bandwidth and infinitely small latency)?

Dino: I think we are moving towards a Web-based thin-terminal world, whether we like it or not. Once consumers realize that when their data is stored in the cloud, that they never have to worry about losing it, then they will begin to prefer it. If providers give users enough options such that they believe that they are as in control of their data as they are on their own system, they will have faith in it. This means allowing users to encrypt their data so that even the provider cannot see the file names or their contents.

Alan: That’s the thing though, is it a better solution? I’ll be the first to admit that I use Gmail because it’s so convenient to have “email anywhere.” With that said, I’m sure there’s stuff I’ve emailed via Gmail that I probably wouldn’t want anyone else to read. 

I assume Gmail has redundant storage, but what happens if their hard drives crash, or my Internet is dead? If I was a hacker, wouldn’t it always makes more sense to try to exploit Gmail (and get millions of credit card numbers) as opposed to my own  personal computer and get one person’s financial info?

Once the world moves to SSD, I’d predict that an individual user would have similar levels of reliability. Plus any sort of encryption Google could do, an individual could do on his home system (if not better encryption given that he’d be able to dedicate CPU resources toward a single user). Do you encrypt everything on your personal desktops and notebooks?

Dino: I’m also a huge fan of SSDs. I love their silent, fast, and reliable operation. As for data confidentiality, I use full-disk encryption and power down as often as is conveniently possible. The existing attacks against FDE require access to a powered-on or very recently powered-off system.

Alan: What about secure hypervisors?

Dino: So far, secure hypervisors have been used to protect the hardware business model from the users and owners of those systems. Systems such as video game consoles use secure hypervisors to prevent the owner from tampering with it. I would love to see software manufacturers provide a secure hypervisor to protect my data.

Alan: As would I, provided it was developed by a talented company and was reasonably priced. In the 90's, security researchers had to deal with the threat of polymorphic viruses which could elude many signature-based anti virus tools. What do you think the challenges in the next 2 years will be?

Dino: Signature-based anti-virus is an optimization that we have confused for a solution. The challenge over the next few years will be developing and deploying systems that are able to detect and prevent unknown exploits and malware. The highly profitable business model of signature-based anti-virus subscriptions discourages those companies from developing better and more generic solutions to the problem. That, however, leaves room for start-ups to innovate in this space.

Display all 25 comments.
This thread is closed for comments
  • 0 Hide
    cruiseoveride , April 6, 2009 6:30 AM
    Wonder why he didnt mention SELinux
  • 0 Hide
    mrubermonkey , April 6, 2009 8:17 AM
    If it were so easy to "take down the Internet" I am sure Iran or China would have done it by now, but the vagueness of his last answer does add to the mystic of his image.
  • 0 Hide
    AlanDang , April 6, 2009 9:35 AM
    Not really -- the black hats make money off the Internet -- it doesn't help them. By definition though, the risk is always about "taking down" a few IXP's or the +1 nodes.
  • 0 Hide
    Anonymous , April 6, 2009 10:02 AM
    "Selectively granting privileges to enhanced functionality to Web sites is an area where most Web browsers can improve".

    They may not be core functions but everyone I know who is concerned with security on the Internet uses Firefow with the add-ins Noscript & Flashblock.
  • 1 Hide
    vaskodogama , April 6, 2009 10:08 AM
    mrubermonkeyIf it were so easy to "take down the Internet" I am sure Iran or China would have done it by now, but the vagueness of his last answer does add to the mystic of his image.

    I am from Iran, All the Iranian Goverment can do, is blocking porn and politics web sites! :D 
    [We People mostly not believe in the goverment, and ayatollahs, because they are mostly thieves! We Stand on the ground of wealth, and they are teroring us and eat our oil and money! This is a Tech site, so i'm not gonna talk more about this! cheers!]
  • 0 Hide
    pcworm , April 6, 2009 11:14 AM
    I'm also from Iran , come one, we still connect using bloody dial up, you guys cant be serious! although due to the "no copyright" law we can buy Windows, Mathlab, VS 2008 team System,office 2007 and a lot more for less than a dollar each...:-) you dont need broadband here cause piracy is official
  • -2 Hide
    Gutbop , April 6, 2009 11:29 AM
    Dino: I'm a die-hard Unix user and Mac OS X is the most convenient and functional Unix-based operating system that I have ever used. I can code in a traditional Unix environment, watch a DVD, and use Microsoft Office all on the same system. The system JUST WORKS and lets me get my job done.

    Ahahahaha. Really!? Are you kidding me? Did Apple pay you to say that?
  • -9 Hide
    Gutbop , April 6, 2009 11:29 AM
    Dino: I'm a die-hard Unix user and Mac OS X is the most convenient and functional Unix-based operating system that I have ever used. I can code in a traditional Unix environment, watch a DVD, and use Microsoft Office all on the same system. The system JUST WORKS and lets me get my job done.

    Ahahahaha. Really!? Are you kidding me? Did Apple pay you to say that?
  • -8 Hide
    Gutbop , April 6, 2009 11:30 AM
    Dino: I'm a die-hard Unix user and Mac OS X is the most convenient and functional Unix-based operating system that I have ever used. I can code in a traditional Unix environment, watch a DVD, and use Microsoft Office all on the same system. The system JUST WORKS and lets me get my job done.

    Ahahahaha. Really!? Are you kidding me? Did Apple pay you to say that?
  • 0 Hide
    Anonymous , April 6, 2009 3:17 PM
    I am a Mac user as well. I also use many versions of Windows and Linux in VM. I am not a security expert or anything but why is everyone hung up on someone taking down the internet. Hackers use the net to make money or prove a point. I don't think they are going to shut the net down and hold it hostage, who would be forking over the money anyway. And if they did it to prove a point how would they ever get recognition for the task when all communication stops.
  • 0 Hide
    bounty , April 6, 2009 3:51 PM
    Actually if there was a country that didn't like "the west," and they wanted to disrupt our economy, the internet is the softest target. I don't see North Korea flying over and dropping bombs on our factories. I could see them taking some DNS servers out and making it real hard for those factories to sell anything. And since info flows freely via the net, it's not like you need to use a ton of resources to gain this attack vector, just a few smart people, an internet connection and some time.
  • 0 Hide
    michaelahess , April 6, 2009 4:30 PM
    DNS, the achilles heel of the net....I think I met this guy once, not sure, but a buddy of mine is in the exact same line of business, might have just heard him talking about him though.....the name just sounds so familiar, maybe he wiped my mind before we walked away.....{homer simpson} ummmm, conspiracy theories....
  • -2 Hide
    antiacid , April 6, 2009 8:13 PM
    Honestly, I found this interview short, lacking in detail and depth and strong on the evangelism.

    Sure, you can make a point of saying "we aren't on Apple's payroll" but at the end of the article, it is still a pretty big advertisement to them for no reason. The main point is that the new malwares are not based on OS flaws but on browser flaws, yet you still go out of your way to advertise the security of OSX (even going as far as speculating on tiger leopard features).

    Anyway, if the guy obviously isn't going to comment or answer a question, cut it out of the interview instead of having a longer question than the associated answer...
  • 2 Hide
    AlanDang , April 6, 2009 10:14 PM
    Browser flaws are still tied to the operating system. We bring it up because it's a natural question -- at the end of the day, there must be one computer that these security researchers are using and surprisingly, many security professionals use a Mac on a regular basis.

    By definition, I am a technology evangelist. I want to share with others the benefits of what technology can bring to the table and also what its limitations are. Fundamentally, I think that security is going to be as significant of an issue to a computer enthusiast as "cooling/thermal management" was. The threats are real and increasing. The people who claim that they have never been infected by malware are either ignorant that they have been infected or limiting their online experience by disabling flash, javascript, etc.

    Right and if we edited the comments, readers would start to cry censorship. That is the conversation we had.
  • 1 Hide
    zonezero , April 7, 2009 12:32 AM
    I have worked for several ISP's and we never see a Mac that has anything other than hardware or configuration problems. I do see on a weekly basis people with Windows computers that are infected and some that are regularly infected with the malware of the week.

    I never owned or used a Mac other than those of my customers before my current job where I was forced to use a new iMac with 10.5 installed. While I still don't like the Mac and have more repect for those who use it.

    Computers are a tool and like any tool it can be used for the wrong job or improperly used for the right job. Pick the tool that best suits you and the job you are performing.
  • 0 Hide
    zonezero , April 7, 2009 12:32 AM
    I have worked for several ISP's and we never see a Mac that has anything other than hardware or configuration problems. I do see on a weekly basis people with Windows computers that are infected and some that are regularly infected with the malware of the week.

    I never owned or used a Mac other than those of my customers before my current job where I was forced to use a new iMac with 10.5 installed. While I still don't like the Mac and have more repect for those who use it.

    Computers are a tool and like any tool it can be used for the wrong job or improperly used for the right job. Pick the tool that best suits you and the job you are performing.
  • 0 Hide
    zonezero , April 7, 2009 12:32 AM
    I have worked for several ISP's and we never see a Mac that has anything other than hardware or configuration problems. I do see on a weekly basis people with Windows computers that are infected and some that are regularly infected with the malware of the week.

    I never owned or used a Mac other than those of my customers before my current job where I was forced to use a new iMac with 10.5 installed. While I still don't like the Mac and have more repect for those who use it.

    Computers are a tool and like any tool it can be used for the wrong job or improperly used for the right job. Pick the tool that best suits you and the job you are performing.
  • 0 Hide
    Anonymous , April 7, 2009 5:48 AM
    He's cute. :p 
  • 0 Hide
    dedhorse , April 7, 2009 4:36 PM
    So basically, he uses OSX for web browsing, while all his real work is done on Vista in a VM, which tells you all you need to know about those two operating systems.
  • 1 Hide
    BillLake , April 8, 2009 7:56 PM
    Wow, no matter what is said, people defend or attack the OS based on who made it. Apple or Microsoft are just tools, OS X is only less targeted while even if Vista is more secure it is more targeted. Currently you are safe on a OS X based PC and that is what he said. No one is saying it is more secure, in fact he said and so did Charlie Miller that OS X is less secure but safer.

    If you really want to be safe, why not use a diskless system, boot off a live CD and only use that to surf the web, then the infection can only be in the memory unless you get a virus that attacks the flash prom on the system.
Display more comments