Open Hypervisor - Home

The Latest News

Isolating Spears

Karlsruhe, July 28, 2011

RSA, the security company founded by the inventors of the RSA algorithm, was hacked because an employee opened an attachment claiming to contain information about recruitment. As a matter of fact, the attachment contained a zero-day exploit for Adobe Flash. The executed code started to ferry seed data used with RSA’s SecureID tokens to the hacker. This data was subsequently used to attack Lockheed Martin. In the end, RSA offered to replace the tokens (see [1, 3] for details). This kind of attack is called spear-phishing, as a group of specifically selected victims is targeted.

Some comments on the web said that it was the employee’s fault, who should never have opened an attachment from an untrustworthy sender – in particular not as it was filtered away by his Spam-filter [2, 4]. Analysts also stated that RSA should have cared more about training their employees.

However, is it really the fault of the employee to look for a better job and into his inbox? Also, we know that spam-filters sometimes remove important mails. We think that bullet-proof compartmentalization would be a beneficial tool to be used in such cases. It would enable personnel working at critical infrastructures to isolate and examine suspicious files separately from the rest of the system, e.g., in a separate (throw-away) compartment. Alternatively, all emails, or, in this case, all filtered mails, can be held within a separate compartment. In order to get selected information into the corporate system, filters can be configured. Additionally, a central admin-monitored and logged drive can be implemented for inspection and quarantining. This way, compartmentalization can evolve into a useful security tool to help against spear-phishing.

References

[1] Coviello, Art: Open Letter to RSA SecurID Customers. June 6, 2011. http://www.rsa.com/node.aspx?id=3891

[2] Litan, Avivah: RSA SecurID attack details unveiled - lessons learned. April 1, 2011. http://blogs.gartner.com/avivah-litan/2011/04/01/rsa-securid-attack-details-unveiled-they-should-have-known-better

[3] Rivner, Uri: Anatomy of an Attack. April 1, 2011. http://blogs.rsa.com/rivner/anatomy-of-an-attack/

[4] Strassmann, Paul: Cyber Attack on RSA. April 3, 2011. http://pstrassmann.blogspot.com/2011/04/cyber-attack-on-rsa.html

Trojans in Quarantine

Karlsruhe, January 12, 2011

In the house organ of the Karlsruhe Institute of Technology, Arnd and Dirk Weber were interviewd by Susanne Marschall about secure virtualization. Click here to download the article or here to download the whole issue.

Video of our prototype

Karlsruhe, December 11, 2010

We are glad to publish a video showing how several mainstream operating systems can be operated securely. The video has been produced by Richard Brown from the HP Labs in Bristol during the course of the OpenTC project. It shows our ideas for a novel type of user interface, with a new task bar, and a sealed image providing assurance that the hypervisor is in its proper state. It demonstrates the handling of several operating systems, including a banking application. Click here to view the video.