Experts on Data
 
 

Storage Security Summit 2022 Presentation Abstracts

BREAKFAST ROUNDTABLE

Storage Security: Preparing for disruption

Moderated by Thomas Rivera

Abstract

The genesis of the SNIA Storage Security Summit is rooted in a discussion with the SNIA Board of Directors on a “cosmic convergence” of storage security-related activities and initiatives. Individually, these activities and initiatives would be noteworthy, but the totality of these activities and initiatives warranted a more visible recognition. Thus, the Summit.

This roundtable is a live session with internationally recognized experts who will set the stage for the Summit. The threat and regulatory landscapes, as they relate to storage, will be highlighted. Storage security challenges and opportunities will also be explored with an eye to possible future directions. Lastly, the concept of “reasonable” security within the context of storage will be probed, including the legal implications and ramifications.

This moderated panel of experts will leverage their backgrounds in SNIA, Working Group 4 of ISO/IEC JTC 1/SC 27, the Section of Science and Technology of the American Bar Association (ABA) and the ABA Cybersecurity Legal Task Force, IEEE Computer Society Cybersecurity & Privacy Standards Committee, and the International Data Sanitization Consortium (IDSC). As the Co-Chair of the SNIA Data Protection & Privacy Committee (DPPC), the moderator will come armed with his set of questions for the panel to ponder, but Summit participants will also have an opportunity to offer their own questions of these distinguished experts.

Plenary Abstracts

Mandatory cybersecurity certification requirements coming of age in the EU

Miguel Banon, Convenor, CEN/CLC TC13/WG3, Spain

Abstract

The EU legislative initiatives have led the global market in the past for market relevant aspects dealing with privacy and data protection, and recent and coming initiatives are shaping the EU market in aspects dealing with cybersecurity requirements for products, services and processes, where compliance is to be demonstrated by certification based on standards.

On one side, the Cybersecurity Act (2019), set the framework to define EU-wide certification schemes, and there are three such schemes being currently developed by ENISA, the EU Agency for Cybersecurity, EUCC (for ICT product), EU5G (for 5G products) and EUCS (for cloud services). On the other side, the NIS2 proposal sets the hook for national strategies that are to secure critical infrastructures to define requirements for the supply chain, and use such schemes to demonstrate compliance. Other initiatives, like the recently announced EU Cyber Resilience Act, will bring a similar approach to the full EU market, not just the critical infrastructures. Industry-driven standardization initiatives have proven to be very successful in the past to provide to such legislative initiatives a solid body of work to be referenced. For the EUCC, for example, the payment sector or the digital identities sector were able to develop a comprehensive set of industry agreed technical standards that are the bases of the high assurance certification in the EUCC. For mobile communication sector, GSMA and 3GPP developed the NESAS certification scheme, which is currently under analysis for consideration as a building block of the EU5G.

This presentation provides an overview of cyber security certification, analyses in more detail these scenarios, and concludes with a call to keyboards to SNIA, to pioneer and lead the development of certifiable cybersecurity technical standards to shape the secure storage market.

Secure your storage or we'll see you in court!

Lucy L. Thomson, Esq. M.S. CISSP CIPP

Abstract

As nation states and global criminals step up their cyber attacks and storage technology transformations require increased security, companies and their business partners and vendors are facing a dizzying array of new security standards and federal, state, and international legal requirements. What security measures must be implemented and who is accountable when data or critical infrastructure is compromised? This presentation will address the bottom line – Is Your Storage Security “Reasonable Security”?

A Moving Target Defense for Data Storage Devices

Don Matthews, President and CEO, NexiTech Inc.

Abstract

The static nature of many modern-day computing systems makes them easy to attack and hard to defend. Our adversaries have the time to study a system, identify its vulnerabilities, and attack at a time and place of their choosing. This gives them an asymmetric advantage, which is unacceptable. 

Moving Target Defense (MTD) is the concept of introducing controlled change across multiple system dimensions in order to increase uncertainty and apparent complexity for attackers. This reduces their window of opportunity and increases the costs of their probing and attack efforts, rendering their surveillance obsolete. 

NexiTech has developed an innovative MTD solution that provides enhanced security for data-in-flight. Our patented Moving Target Defense Framework uses storage virtualization to create multiple abstractions of a data storage device. Each abstraction represents a virtual "communications channel". A software agent in the host computer is synchronized with an agent in the storage device. We implement a moving target defense by periodically changing the communications channel, not unlike the frequency-hopping techniques that have been effectively used in the past with radio communications. We believe our solution pushes the state of the art by adding active cyber defense technologies to data storage devices for the first time ever.

Back to Top

CYBERSECURITY AND PRIVACY TRACK ABSTRACTS

Importance of Cyber-Resiliency for the next data decade

Anay Pathak, Advisory Consultant, CTO Ambassador, Dell Technologies

Abstract

While we all focus on digital transformation in new normal, we are also looking at billions of connected devices which give easy access to malicious attacks in the connected environment & can lead to downtime as well as business/revenue loss. During consulting, one of the key areas is to understand what the guidelines for ransomware protection is and how to recover the data in case business-critical data is compromised. Most of the analyst organizations talk about keeping the backup copy offline so that recovery is possible from the offline copy which is not affected by the attack. When we talk about Cyber Security, perimeter security plays a key role and that’s where all the intrusions in the network are identified and isolated. But in modern the era we talk about Zero trust/Zero-day model where we need to look at multiple touchpoints & how we can build a model which is more resilient when perimeter security is compromised.

When we go through various attacks which have happened (and 2020 has seen a drastic increase in the number of attacks), Crowne-jewels to business are either recovered by paying huge ransom OR recovering from data that is not affected by the attack and is good enough for the business to run.

 
LEARNING OBJECTIVES:
  • Key considerations for a Cyber Resilient Environment
  • Important Guidelines from Global Advisory and Agencies to follow
  • Best practices 
  • Evolution of Cyber Threats and Why Disaster Recovery is Not Enough

Warfare against digital extortions: Machine learning to secure your systems

Anand Kayande, Sr Principal Software Engineer, Veritas Technologies LLC

Abstract

Ransomware attack, or any attack on computer systems of an organization is a “game of hide and seek” between the attacker and the defender. Every time defender builds better protection, attacker break it with superior attack.

For defender, the game is tough. For attacker to succeed, he needs to succeed, once that too anywhere in scattered systems of an organization. For defender to succeed, he needs to succeed every time 24 x 7 that too everywhere. Protecting systems is endless job, with continuous learning. And so obvious way out is to build machine that learns themselves, with the help of machine learning algorithms.

Transfer digital war into security crusade. Merely applying reactive tactics against Ransomware will keep organizations running after extortionist. What is needed is long term strategy, with continuous focus, to win this war against Ransomware. There is need to have dedicated resources, planning and funding to make security movement within the organizations to protect systems against digital extortions.

Warfare against digital extortions: Machine learning to secure your systems Ransomware or Malware or any of their siblings are nothing but a piece of program that stays in your system for months, works without your knowledge in background and try to damage, steal or lock important data in your system. This paper discusses important aspects of Ransomware and easy ways for armoring for protection, with machine learning algorithms.

Know your enemy: What is Ransomware and how it looks?

Segment your forces for the war: General Framework for analyzing any binaries

Following methods are typically considered for analyzing any binary for potential Ransomware threats.

  1. Static methods
    1. Structural analysis
    2. Static code analysis
  2. Dynamic methods
  3. Behavioral analysis
  4. Debugging
  5. Dynamic instrumentation

Machine learning in Behavioral Analysis of Binary Files

Through the analysis of ransomware network behavior, upon infection, ransomware will request a DNS query to a DNS server for the C&C information for a configuration file. The ransomware will then contact the C&C servers, which will give the ransomware further instructions on how to behave. So DNS query and HTTP requests are what is most important for the analysis of ransomware network traffic.

Behavior of binary files can be captured, and normalcy behavior can be profiled. This could be done through log analysis or monitoring the system calls made. Destination of network calls, any HTTP requests made by binary, access to specific set of files/directories, access frequency, etc. could form set of features to be monitored for a binary. The profiles are developed by monitoring such features over a period of time. Unsupervised Anomaly detection algorithms like isolation forest can be used then to detect anomalous behavior of binaries and raise an alert.

Let your object storage save you from the bad guys!

Yuval Lifshitz, Principal Software Engineer, Red Hat

Abstract

Ransomware poses a massive threat to organizations and individuals. However, detecting and protecting from it is a huge challenge. Don’t worry, cloud-native storage is here to save the day!. 
This talk presents a ransomware detection and quarantine solution based on Ceph Object Store (Ceph RGW) that Rook orchestrates.
Ceph RGW is often used to store and backup data for organizations, or for individuals using cloud storage providers. This solution detects changes in the entropy of the objects as they are uploaded. Detection is done by comparing them to the entropy of past uploaded objects. If an abnormality is detected, they are quarantined.
 

Cyber Storage; a Little Less Conversation, a Little More Action

Doron Pinhas, CTO, Continuity Software

Abstract

In this session, discover new tactics being by threat actors that require a drastically new approach to securing storage and backup systems. You'll also learn how to assess the security of those systems, and see the results from the industry's first 'The State of Storage Security Report'; which provides an analysis of the vulnerabilities and security misconfigurations of enterprise storage systems.
 
LEARNING OBJECTIVES:
  • How to assess the security of your storage & backup systems 
  • Practical recommendations on hardening storage systems to withstand ransomware and other attacks targeting your data 
  • Results from the industry's first 'State of Storage Security Report', which provides the results from thousands of data points 
  • Mythbusting! Addressing common myths vs. the reality of securing storage & backups 
  • Essential mitigation tips and tricks to strengthen your security posture

Persistent data for secured containers - A realisable vision?

Nick Connolly, Chief Scientist, Datacore Software

Abstract

Various techniques exist for securing containers in a multi-tenanted environment, from encrypted virtual machines through to Intel SGX application enclaves. However, these seem best suited to stateless workloads. How can persistent data be handled in a zero-trust environment when the underlying kernel is an inherent part of the data path and implements the filesystem?

This talk describes the state of the art and discusses current implementation options. It covers work that is ongoing and looks even further out to the CHERI research project from the University of Cambridge with its promise of fine-grained data access controls through hardware capabilities.

 
LEARNING OBJECTIVES:
  • An overview of the techniques for securing containers in a multi-tenanted environment 
  • Implementation techniques that can be used to provide access to persistent data 
  • An introduction to relevant ongoing projects and research

Zero Trust or Bust

Thomas Rivera, Cybersecurity & Privacy Professional, VMware Carbon Black

Abstract

Zero Trust is a collection of security methodologies that work together to enforce access, with the view that your network has already been compromised, and using contextual information from identity, security, and IT infrastructure, along with risk and analytics tools, to enable dynamic enforcement of security policies uniformly across the corporate network.

This session will highlight the main attributes of Zero Trust, as well as the five fundamental assertions that zero trust depends on.

 

Storage with embedded cybersecurity to truly protect data

Tom Ricoy, Vice President of Strategic Alliances, Cigent Technology Inc

Abstract

Software-based security solutions are consistently bypassed resulting in data breaches. Emerging storage solutions with embedded cybersecurity are being developed to consistently and effectively protect data from all known physical and remote data breach and ransomware attacks. During this session we will review enhancements in storage that embed cyber security protections, such as: 

  • dedicated security microprocessor with storage-based data access pattern machine learning that detects and automatically prevents ransomware, cloning, wiping, etc. attempts
  • integrated data destruction verification 
  • range locking and protection of data making data unreadable at the sector level and accessible by advanced data recovery attempts including chip off
  • secure storage of data access logs that cannot be wiped
  • disconnect detection and response
  • movement detection and response based using an accelerometer on the storage itself

Back to Top

STandards TRACK ABSTRACTS

ISO 27000 Series Update for ISMS

Eric Hibbard, Director, Product Planning - Storage Networking & Security, Samsung Semiconductor, Inc.

Abstract

The ISO/IEC 27000-series standards provide an information security framework designed to assist organization in managing cyber-attack risks and improving their information security practices. It does this by setting out information security management system (ISMS) requirements and guidance, providing a systematic approach to risk management that focuses on people, processes, and technology. At the heart of this series is the ISO/IEC 27001 standard with its ISO/IEC 27002 companion, which are used internationally by organizations seeking to certify their ISMS. With the February 2022 publication of the third edition of ISO/IEC 27002, the stage has been set for a wave of changes for the ISO/IEC 27000-series that will also impact ISO/IEC 27001 certifications.

This session will highlight the changes for the third edition of ISO/IEC 27002 and explain the ramifications to the entire series, including anticipated timelines. The last such changes in 2013 had a significant impact on the security community and early indications are that the new ISMS requirements and guidance are non-trivial changes.

ISO Storage Security Standard Gets a Refresh

Eric Hibbard, Director, Product Planning - Storage Networking & Security, Samsung Semiconductor, Inc.

Abstract

The ISO/IEC 27040 storage security standard was originally published in 2015 as a guidance standard that expanded upon the earlier SNIA storage security best practices and focused on existing and emerging storage technologies. During the intervening years, the threat landscape has morphed significantly, storage technologies and practices continue to change, and the regulatory obligations increase with each wave of attacks. In response, ISO initiated an early revision of ISO/IEC 27040, which included transitioning it from a guidance standard to one that includes both requirements and guidance as well as other changes to help ensure the standard remains relevant.

This session will highlight the anticipated changes for the second edition of ISO/IEC 27040, position it within the ISO 27000 series security standards, and provide a timeline for its availability. While the standard is written primarily for storage consumers, this session will also provide vendors with insights into what they can expect once the standard is published.

The SPDM Protocol: Overview of Component Integrity as a Security Standard

Scott Phuong, Cisco & Brett Henning, Broadcom

Abstract

Component integrity is quickly becoming of paramount importance in ensuring infrastructure is secure. DMTF’s Security Protocol and Data Model (SPDM) Specification defines messages, data objects, and sequences for performing message exchanges between devices over a variety of transport and physical media to authentication of components, firmware measurement and protection of data in flight. This session will cover the problems faced and how SPDM addresses the problems in the released versions of the spec as well as showing a sample flow of messages that would be used to authenticate storage.

LEARNING OBJECTIVES:

Learning Objective 1: Learn the key components of DMTF’s Security Protocol and Data Model (SPDM) Specification

Learning Objective 2: Understand how SPDM addresses the problems of component authentication and integrity

Learning Objective 3: See how SPDM enables authentication of storage devices

TCG DICE & DMTF SPDM Binding Overview

Chandra Nelogal, Trusted Computing Group & Distinguished Member of Technical Staff, Dell Technologies

Abstract

The topic will provide a brief overview of the SPDM standard, TCG DICE specification as well as provide an overview of the work being done out of SPDM and TCG DICE Binding specification. The topic will cover various use cases such as device onboarding, verification of authenticity of devices, verification of measurements, firmware and software updates, reprovision and remanufacturing of devices as well as decommissioning. The topic is important from the point of view of supply chain security
The topic is interesting to organizations trying to implement SPDM protocol on DICE compliant devices. Further, this topic is also interesting for system integrators and platform vendors who intend to use SPDM compliant devices in their systems to ensure supply chain security.

Symlink Races for Dummies, and how to deal with them

Volker Lendecke, Developer, SerNet GmbH

Abstract

This talk will in detail describe the symbolic link race condition that led to the Samba CVE-2021-20316. Symlink races lead to CVEs all over the place, even the secure programming language Rust was recently bitten by it with CVE-2022-21658.

Samba solved the problem with a major development effort over many months, however the solution comes with a performance penalty. In the best tradition of "Make it right first, make it fast", work is ongoing to refactor Samba's internals to not only get back the speed of the insecure path handling, but potentially go beyond that and moreover add proper SMB2 symlink error handling.

The talk will describe Samba's current solution, the reasons why we did not solve it "the right way" from the beginning, and our way out of this.

Back to Top

 

STORAGE SECURITY & EXPLOITS TRACK ABSTRACTS

Securing Access to Network Files whether on-premises or in the Cloud: SMB3.1.1 Security Overview

Steve French, Principal Software Engineer - Azure Storage, Microsoft

Abstract

Access to network files from Linux presents many security challenges, especially as data moves to the cloud. This presentation will provide an overview of security considerations for accessing remote files, and where improvements in standards are needed, focusing on the most popular file system protocol (SMB3.1.1). The security features of the family of protocols will be described, and also areas where a file system can integrate with Linux security components. Access to storage over these protocols is often encrypted, and relies on other security protocols for authentication, for verifying claims and for id mapping. Integration with future security protocols will be needed, and also finding better interfaces to map a user's identity among the various ways it is represented in Linux (username, POSIX UID, globally unique SIDs, OID). As more data moves to remote storage, the importance of network file system security becomes more critical. This presentation will discuss the current security options and their status and areas where additional improvements are needed.

NeVerMore: Exploiting RDMA Mistakes in NVMe-oF Storage Applications

Konstantin Taranov, Research Assistant, ETH Zurich

Abstract

We present a security analysis of the InfiniBand architecture, a prevalent RDMA standard, and NVMe-over-Fabrics (NVMe-oF), a prominent protocol for industrial disaggregated storage that exploits RDMA protocols to achieve low-latency and high-bandwidth access to remote solid-state devices. Our work, NeVerMore, discovers new vulnerabilities in RDMA protocols that unveils several attack vectors on RDMA-enabled applications and the NVMe-oF protocol, showing that the current security mechanisms of the NVMe-oF protocol do not address the security vulnerabilities posed by the use of RDMA. In particular, we show how an unprivileged user can inject packets into any RDMA connection created on a local network controller, bypassing security mechanisms of the operating system and its kernel, and how the injection can be used to acquire unauthorized block access to NVMe-oF devices. Overall, we implement seven attacks on the NVMe-oF protocol and verify them on the two most popular implementations of NVMe-oF: SPDK and the Linux kernel. To mitigate the discovered attacks we propose multiple mechanisms that can be implemented by RDMA and NVMe-oF providers.

How to protect the integrity of electronic components and storage devices from supply chain attacks

Thorsten Stremlau, Co-Chair of the Marketing Work Group, Trusted Computing Group

Abstract

This presentation will briefly cover the current industry regulatory directions (EU RED, NIST SP1800-34, SBOM) around securing the supply chain and the evolving standards that are being worked on to address some of the challenges. It will cover TPMs, TCG DICE, FIM, RIM and how this can be applied to storage devices.

EMERGING SECURITY TECHNOLOGY TRACK Abstracts

Key Per IO - Fine grain encryption for storage.

Fred Knight, Principal Standards Technologist, NetApp

Abstract

The Key Per IO (KPIO) project is a joint initiative between NVM Express® and the Trusted Computing Group (TCG) Storage Work Group to define a new KPIO Security Subsystem Class (SSC) under TCG Opal SSC for NVMe® class of Storage Devices.  Self-Encrypting Drives (SED) perform continuous encryption on user accessible data based on contiguous LBA ranges per namespace.  This is done at interface speeds using a small number of keys generated/held in persistent media by the storage device.  KPIO will allow large number of encryption keys to be managed and securely downloaded into the NVM subsystem.  Encryption of user data then occurs on a per command basis (each command may request to use a different key). This provides a finer granularity of data encryption that enables a granular encryption scheme in order to support use cases: Support of EU - GDPR Support of data erasure when data is spread over many disks, support of data erasure of data that is mixed with other data needing to be preserved (multitenancy), assigning an encryption key to a single sensitive file or host object. The presentation will introduce the architectural differences between traditional SEDs and the KPIO SSC, provide an overview of the proposed TCG KPIO SSC spec and the features in the NVMe commands to allow use of KPIO, and conclude by summarizing the current state of the standardization proposals in NVM Express and the TCG Storage WG.

Computational Storage: Security call to arms and opportunities

Bill Martin, SSD IO Standards, Samsung Semiconductor Inc. & Jason Molgaard, Co-Chair, SNIA Computational Storage TWG

Abstract

Come learn about Computational Storage and hear the security risks that may exist as designers implement computational storage. The SNIA Security experts and Computational Storage experts have worked together to look at the security risks opened up by computational storage and what opportunities Computational Storage provides to offload device security computations.

Imagine offloading an encryption task to a computational storage device where the device sends ciphertext to the host. The chaining of programs running on the device may create new attack surfaces unknown to the host. Or imagine what security enhancements could be implemented in a computational storage engine. Perhaps the computational storage engine could perform the new Key per IO specifications that have been proposed in the NVMe storage transport specification.

These are a few of the many possible security opportunities and challenges enabled by computational storage.

Quantum Safe Cryptography for long term security

Basil Hess, Research Engineer, IBM Research Switzerland

Abstract

Quantum computers with the capability to threaten the cryptography used today may seem a long way off, but they already pose a threat to both data and systems that we are protecting today. This talk will introduce the quantum threat and discuss why this is already a topic for today and not sometime in the future when large quantum systems will emerge, with particular considerations for long-term secure storage. This will be followed by an overview of the race to standardize new cryptographic algorithms that are secure even against large quantum computers of the future. The new quantum safe algorithms will bring a lot of diversity to the cryptographic landscape. It is expected that multiple schemes will be standardized, based on different mathematical problems such as lattices, isogenies of elliptic curves or error-correcting codes. Different performance and bandwidth characteristics will further increase the complexity of cryptographic management and will pose a demand for cryptographic agility. We will further give an overview of ongoing projects in quantum safety in areas such as in storage and will also show how developers can already today prototype quantum safe applications using open-source projects like Open Quantum Safe.

  • Learn about the threat quantum computers pose to cryptography.
  • Learn about emerging quantum safe cryptographic algorithms and their applications, especially for long term data security.
  • Learn about the resources available today to prototype quantum safe applications.

Setting the Security Standard for OCP Hardware 

Andres Lagar-Cavilla, Principal Engineer, Open Compute Project

Abstract

The OCP Security Project was started in 2018 with the goal of setting security standards for OCP Accepted and OCP Inspired hardware that meets the requirements of hyperscalar/cloud datacenter operators.  This talk will cover the goals of the project and the white papers we have published.

Data Sanitization Track ABSTRACTS

IEEE(TM) 2883 - Sanitization of Storage.

Jim Hatfield, Firmware/Standards Engineer, Seagate Technology

Abstract

IEEE(TM) 2883 "Draft Standard for Sanitizing Storage" is a new security standard that is nearing publication. It is a companion standard to a new revision of ISO/IEC 27040-2015 "Information technology ─ Security techniques — Storage Security". 

ISO/IEC 27040 gives requirements and guidance for storage security and defines the Clear, Purge, and Destruct sanitization methods. IEEE 2883 contains media-specific and interface-specific requirements and guidance for implementing those Clear, Purge, and Destruct methods.

IEEE 2883 describes storage sanitization technologies that were not described in ISO/IEC 27040-2015 and in NIST SP800-88R1 (e.g., NVMe CMB and HMB, NVMe Sanitize command, TCG methods, higher density HDD HAMR technology). IEEE 2883 also obsoletes the shred and pulverize methods of the Destruct sanitization method. Strong warnings are added for using degaussing method of Destruct. 

IEEE 2883 effectively makes NIST SP800-88R1 obsolete.

Sanitization or Anti-forensics? Implication of IEEE 2883 for digital forensic practitioners.

Richard Austin MS, CISSP-Retired, AUXC

Abstract

Sanitization is a critical process in data life cycle management with the goal of assuring that information is removed from devices prior to their reuse or discard. Sanitization has implications for digital forensics where the goal is to retrieve remaining information from storage devices. This presentation will briefly review what sanitization is as envisioned in 2883 and some potential impacts on the practice of digital forensics.

BIRDS OF A FEATHER ABSTRACTS

Zero Trust is all the rage, but where do we go from here?

Hosted by Thomas Rivera, contributions from Dr Ron Martin

Abstract

This BoF session will discuss what Zero Trust is and where it is going, including considerations for implementation. For example, what does this mean in regards to existing Firewalls?

SNIA SMI Presents: The Security Protocol and Management Horizon - Discussing Potential Features for New Use Cases

Hosted by Jeff Hilland, with contributions from Scott Phuong, Mahesh Natu, Brett Henning and David Harriman

Abstract

Join panelists from DMTF, SNIA, CXL, TCG, OCP, and the PCI-SIG, as they discuss some potential new security features and enhancements under consideration to address divergent use cases.

SNIA Storage Security Summit Wrap-Up

Hosted by Eric Hibbard, with contributions from Thomas Rivera

Abstract

This live session is intended to give the Reader’s Digest version of the SNIA Storage Security Summit, recounting the highlights from the various sessions. In addition to identifying what we learned during the event, it will provide a roadmap for further discovery for those sessions that participants may have missed.

This BoF is also an opportunity to ask specific questions that may not have been addressed in the earlier sessions. Depending on the questions and discussions, the panelists will explore topics that are top-of-mind. Lastly, we will ponder potential future storage security endeavors.