The ongoing changes in the System Security Landscape can be attributed to a number of factors. The widespread deployment of trusted hardware unveils new possibilities for research. The evolution of computing platforms is leading to new threats and new opportunities, such as the generation and analysis of fine-grained logs and audit trails. The number of data breaches continues to rise. Public visibility and the cost of each data breach incident only emphasize the need to make defending sensitive data a priority. Enterprises have become more open to adopting defenses once considered too onerous. Additionally, cyber-criminals continue to adapt and adopt new behaviors to accomplish their goals.
Secure Systems
Trusted Hardware
Trusted hardware platforms (like SGX) provide an opportunity to harden software that processes sensitive data, protecting secrets from a compromised OS or hiding it from a curious or compromised Cloud platform operator. But writing software for these platforms is not trivial, and many existing applications would benefit from being ported to use trusted hardware. Interesting research directions include improving the state-of-the-art in automatically partitioning program code into sensitive and non-sensitive sections, providing development tools that reduce the complexity of building applications that use trusted hardware and help them ensure that secrets are not leaked, and effectively incorporating emerging trusted I/O mechanisms.
Information Security
Realistically, sensitive data (IP, PII, etc.) exists throughout enterprise infrastructure (endpoints, servers, Cloud). Unfortunately, traditional role-based access control protections are easy to misconfigure. We need to encourage enterprises to adopt state-of-the art defenses against breaches. Pervasive encryption of data-at-rest and expunging (or secure archiving) of data not actively being used are desirable from a risk exposure standpoint, but done naively result in a usability nightmare. Seamless decryption powered by techniques like searchable encryption and access pattern prediction can be used to maintain the productivity of authorized users. Judicious use of 2FA and secret-sharing might be used to protect data of particularly high-value. Lastly, effective automated-assessment of the degree of sensitivity of information would be required.
Battling Dynamic Adversaries
Basic characteristics of mass-deployed malware (prevalence of packing, anti-emulation, polymorphism, targeting, etc.) remain difficult to pinpoint. Advanced threat actors use custom tools and hide in the noise of everyday activity. In addition, evolving systems platforms expose new opportunities for bad actors. NortonLifeLock has an unrivaled view into the malware landscape and the resources to perform detailed analysis of existing and emerging threats. We continue our research to push the boundaries of understanding the behavior of the threats unleashed by cyber criminals so that we can develop and deploy the most effective defenses.