|One aspect of an Information
Assurance "Defense in Depth" strategy is robust configuration
management. Applications such as Tripwire
can assist in such management, but these tools are usually difficult to
operate, and may provide incorrect results, i.e. a false negative as was
the case with the authors of the Internet Auditing Project. The problem with integrity applications is that they depend on
the integrity and proper operation of the operating system, i.e. these
applications assume that the operating system always operates correctly.
When this assumption is not valid the integrity applications cannot provide a reliable result,
and as a result the applications provide a false negative. Tools such as
those that can be found at RootShell.com
provide novice attackers with the capability to defeat integrity tools
that rely on the operating system. Additionally, most integrity applications require a database of
pre-computed values. The maintenance and protection of this database
presents several challenges to effective and secure management on a wide
Komoku provides a solution to the traditional problems, described above, with integrity and configuration management using what we call Out-of-Band Cryptographic Configuration Management. The solution leverages digital signature technology to provide integrity protection for file systems with an out-of-band verification process that does not depend on the underlying operating system. The resultant system provides extremely strong integrity guarantees and configuration management- detecting modifications to approved and objects as well as detecting the existence of unapproved and thus unsigned objects. This is accomplished without ANY modifications to the host operating system. As a result, the system is equivalent to an independent auditor- detecting problems in near real-time.
A "defense in depth" strategy presumes that an adversary will successfully penetrate some defenses, but not ALL of the layered defenses before detection. A key element in such a strategy is to detect when an adversary has a breached a layer in the defense as quickly as possible and take the appropriate action to counter the attack. Intrusion detection systems (IDS) for the host and the network are one detection means. Unfortunately, an intrusion detection approach is not one hundred percent reliable as such systems can only detect known anomalies. Furthermore, intrusion detection systems in practice usually suffer from a high rate of false positive and false negative reports. Integrity detection systems, on the other hand, can reliably detect the un-authorized changes made by an intruder provided that the host operating system has not been modified to return misleading information. The fact that current integrity detection systems can be misled is the fundamental problem with an otherwise sound approach. Komoku's goal is to eliminate that fundamental problem.
1. Komoku is currently funded by DARPA.
Komoku, in Japanese myth, is one of the four guards of the cardinal directions. Komoku is the guard for the west.
IBM's embedded cryptographic co-processor: IBM 4758
Intel's StrongARM development board: EBSA-285
An OpenSource embedded OS: eCOS
Linux running on ARM processors: ArmLinux