Appears in HotOS-VIII (IEEE Workshop on Hot Topics in Operating Systems), May 2001.
Gregory R. Ganger and David F. Nagle
Carnegie Mellon University
Pittsburgh, PA 15213
This white paper promotes a new approach to network security in which each individual device erects its own security perimeter and defends its own critical resources (e.g., network link or storage media). Together with conventional border defenses, such self-securing devices could provide a flexible infrastructure for dynamic prevention, detection, diagnosis, isolation, and repair of successful breaches in borders and device security perimeters. We overview the self-securing devices approach and the siege warfare analogy that inspired it. We also describe several examples of how different devices might be extended with embedded security functionality and outline some challenges of designing and managing self-securing devices.
FULL PAPER: pdf / postscript