Self-guarding storage for ultimate server security
Thousands of dollars of security software can't guard against local threats as well as a $3 chip can
Follow @infoworldExecutable code and supporting data that doesn't change often, along with software and data that has an operational impact when inadvertently or maliciously altered, should be stored on media that is read-only or volatile (reverts to a known stable image on reboot).
We place a lot of faith in operating systems to enforce user privileges, and it is possible to mount storage partitions and volumes as read-only, but these protections are far too easily overridden. The data on a "secure" server can be altered from a console by booting from a Linux or DOS CD or a USB flash or external hard drive. In clusters and farms with fail-over and load balancing, access to the console of any one server can compromise secure data shared by the entire enterprise.
[ Stay abreast of security issues in InfoWorld's Security Adviser blog. ]
I have always marveled at the elaborate security and RAS mechanisms that IT is compelled to add to servers using inherently vulnerable, mutable software. Readily available hardware technology can make it difficult to impossible to alter such data as OS kernels, drivers, privileged loadable modules, and configuration parameters set at install time that comprises a server's sacred ground.
Why do these most sensitive files need to be mixed in with ordinary data when it's so easy to set them apart on media that can't be altered? And why do they need to be stored in multiple files at all? Once a configuration is solidified, a server can bootstrap from a read-only RAM image, like the ones created by laptops when they go into hibernation, that contains the kernel, drivers, and fixed configuration.
I'll tell you what brought this to mind. On a recent trip to an electronics store, I got sucked into an impulse buy: A 4GB SDHC USB flash card that cost $19.95. That's large enough to hold a 64-bit OS' privileged code, configuration data, and then some. The card is just about as fast as a hard drive, plenty fast enough to boot a server in a reasonable amount of time, and it's many times faster than optical. To make that storage accessible to my MacBook Pro, which doesn't have an SDHC slot, requires installing the card in a reader. The inexpensive flash reader I'm using is a simple, cheap USB device built from a single chip -- a microcontroller -- and a handful of discrete components. That got me thinking.
I'm experimenting now with a microcontroller from U.S. semiconductor manufacturer Microchip called the PIC32. This is a one-chip, 32-bit, MIPS architecture (the CPU used in Silicon Graphics workstations in the 1990s) RISC computer with pipelined execution that's capable of executing over 150 million 32-bit instructions per second when running at just 80MHz. That's paltry compared to even a cell phone, but this is a device that only requires a power supply to operate.
