The present invention relates generally to interconnectable personal computer architectures, and more particular, to interconnectable personal computer architectures comprising secure, portable and persistent computing environments.
The National Science Foundation program solicitation NSF 08-521 stated that:
“Computers permeate our world, ranging from networks for all forms of communication to systems designed for monitoring the nation's critical infrastructure to devices for tracking transportation systems, such as airplanes, trains, buses and even private cars. While some systems have been hardened against attack, in many areas, especially systems that control critical infrastructures, the potential remains for attackers to corrupt or commandeer such systems. The systemic vulnerabilities are due to many factors, including: errors in software or in configuration, ill-informed policies that do not account for all hazards, economic restrictions that inhibit the development of appropriate defenses against attacks and misuse, and sheer technical problems that have so far resisted resolution.
Many problems stem from factors of software engineering and attempts to retrofit security measures onto systems. In the extreme, legacy systems must be re-engineered to protect them against security attacks that were not envisaged when those systems were initially designed. Even in modern development regimens, the time and cost required for security certification and performance evaluations is prohibitively high. In the realm of security policies, many issues at the enterprise-wide level are not well understood. The fact that security components are notoriously non-compositional means that policies must be crafted at the overall system level, rather than built up or reasoned about incrementally. Hence, in a complicated, multi-tiered system, security policies must be devised for each level, and the overall system then checked to ensure that lower level policies integrate properly with those at higher levels.
Privacy, anonymity, and accountability in cyberspace are often debated on both technical and policy grounds. The objectives of privacy, anonymity and accountability often conflict with each other and need to be adapted in changing environments. Information has tangible value and real costs. That value depends in part upon the exercise of control and ownership over information and the perceived importance of that information. Its costs depend at least upon storage, bandwidth and processing. Information can also be erroneous, hidden, misused, misrepresented, partial, unverified, conflicting, and certainly personal. Many problems arise from differences in assumptions, expectations, feasibility, and actual use by different stakeholders. Whatever policies on information in cyberspace prevail will have significant impact upon society, commerce, defense, and the individual.
Over the next few decades, computing will be dramatically reshaped. Early trends suggest a greater convergence of software enabled technologies with a wider diversity and presence of applications that build upon a large number of sensors, embedded devices and physical systems integrated through the Internet. In addition to advances in classical computing, functioning quantum devices capable of algorithm processing are expected to be common. Service-oriented architectures may gain a prominent place in the delivery and distribution of differentiated, yet composable, software services. Social networks and information content will be more important to the public and the research community. Critical infrastructures will be bound more closely via our information infrastructure. Unfortunately, convergence and closer integration often introduce new security vulnerabilities. Furthermore, security needs will be different and solutions will have to keep pace with technological advances, mitigating vulnerabilities and weaknesses before they manifest.
The challenges alluded to above promote a need for innovative research ideas driven by newly emerging technologies, new applications that impose new security and privacy requirements, and the ever increasing demand for more people knowledgeable about security.”
Malicious internet activity is continuously on the rise, and each new generation of malware becomes increasingly more sophisticated in its technical attack surface, yet it is also becoming easier to use by its manipulator(s). A ‘hacker’ no longer requires the skills to create malware, but simply needs to know how to use malware to get to information that is desired. With the onset of online banking and payment systems, the chalice of ‘identity theft’ is the ultimate prize and motivation for most internet attacks. As the demographics of society become more reliant on technology, the risk of electronic theft will become more prevalent and the challenge to protect our information will become even greater as the cost of data loss will outweigh the cost of doing business.
Examples of current vulnerabilities, including asymmetric threats that need to be addressed, are discussed below.
Virtualized machines (VMs) have been in existence and utilized on main frame computers for decades. Recently, however, virtualized machines have become prevalent on desktop and laptop computers, especially those with more memory and multi-core processors that fully benefit from virtualization technologies.
At the time of single-core computers, these vulnerabilities were not developed and thus not envisioned as possible threats. Nowadays, virtualization is relatively inexpensive and easy to use and install. Hypervisors are abundant and some are even ‘free’.
An article posted on Apr. 9, 2008 on Forbes' website discussing malware stated that “The decision to switch to virtualization is easy enough: As companies discover that the process can consolidate hardware and save space, energy and money, virtualization is sweeping through the world's desktops and data centers. Now comes the hard part: keeping a new and largely untested IT world safe from hackers and data breaches.”
As discussed at the 2008 RSA Convention in San Francisco, several virtualization vulnerabilities are emerging at the forefront of next-generation vulnerabilities:
“Blue Pill,” a second, malicious hypervisor that controls the original hypervisor and all of the virtual machines beneath it.
“Virtual Machine Escape,” or “Hyperjacking”—By taking control of the hypervisor, the piece of software that controls all the virtual computers within a machine, an attacker can “escape” from any single virtual computer hosted on the machine and quickly multiply his or her access to a company's data.
“Live-Machine Migration”—Virtualization software from VMware and XenSource allows virtual servers to be moved from one physical machine to another with no downtime. But a virtual server could be intercepted in mid-flight, and altered to give a hacker entry into whatever new physical machine it has moved to.”
It would be desirable to have the ability to use any available computer without fear of identify theft, or malware to ruin the computing experience. It would be desirable to have a computing environment that provides a ‘portable, secure and persistent computing environment’ that is always available for a user's personal computing needs. It would be desirable to have a computer environment where the user's preferences and data are securely stored and are available wherever the user is located. It would be desirable to have a computer environment where the user can utilize his or her favorite operating system and tools. It would be desirable to have a computer environment where any available computer may be used, whether you are connected to the Internet or not.
Emerging approaches to computer security are beginning to use trusted platform modules (TPM) to store keys and certificates used in encryption algorithms, and to ‘seal’ computing environments. The TPM-enabled storage devices are fully encrypted for data-at-rest, but can only be decrypted using the computer used to encrypt the stored data. This is not useful in an enterprise environment where the user wants the data to be portable and protected, and without sacrificing portability for security. Key management may be used to extend key/data sharing across an enterprise, but has not been used with devices that may be used at any location.
As is indicated on their website, RedCannon Security has developed KeyPoint Alchemy™ technology “that transforms any USB Flash Drive into a trusted corporate access and storage device. Alchemy delivers KeyPoint”s power combination of instant endpoint security and mobile encryption to generic flash drives. Only KeyPoint Alchemy delivers a policy driven environment for complete USB device life cycle management from provisioning to password reset to remote data deletion. KeyPoint extends security policy beyond the network perimeter with the convenience of an easy-to-use appliance. However, this USB flash drive solution does not implement secure encrypted BIOS or encrypted trusted boot software.
In addition, it appears that the KeyPoint Alchemy technology does not involve a USB drive that carrys the software (i.e., BIOS, O/S, drivers, applications, etc.) that is necessary to boot a computer. It appears that the KeyPoint Alchemy technology depends upon an internet connection to reach a remote server. Possible attacks to this technology include denial of service to server internet addresses, deleting files off of the server, replacing images on the server, reformatting server disk drives, and flooding the server with remote access requests (i.e., more than it can handle).
There is a need for secure, portable and persistent computing environments, that are platform independent, and which may be implemented using a portable universal serial bus (USB) device, or other portable device, including a cell phone, or PDA, for example, a host computer and a trusted server.