Production Server Security Manifesto

17 Oct, 2019 #cloud, #infra, #security

World has changed, mobile phones now have the most secure environment, not a server in a datacenter. Take a look at iOS and Android security, it’s far beyond what’s servers look like.

Mobile phones have “secure enclave”/”temper resistant env” in contrast, on servers there is ring-2/3 firmware, which is a form of malware.

Manifesto

Secure hardware

We need analog of “secure enclave”/”temper resistent env” on server too. This should not be exposed to ring-2/-3 firmware. This has to be in hardware (with CoreBoot and OpenBMC).

But we should acknowledge, there’s always going to be a 0-day.

Use ALL isolation OS can provide

Dismiss “container” vs “VM” mindset, it’s a poor one. Clearly, modern servers need both (e.g. GC, AWS) plus sandboxes.

Software quality and reliability

Privilege separation is an old idea. Prioritize quality and reliability in distributed systems software over features.

(UPDATE) This is exactly how AWS Nitro Card Controller looks like.