Secure Networking by Design
According to a recent industry report routers account for over 75% of infected devices An infected router is more dangerous than infected IOT devices, phones or PCs. A router is both an intermediary for almost all networking traffic and a line of defence from external attack (firewall); a compromised router therefore has the potential to both open the floodgates to new attacks and act as a jump off point for secondary attacks. Because the router essentially controls the network, it has insidious ability to mount man in the middle attacks on entire portfolios of devices.
A review of disclosed vulnerabilities show that the list of current and historical memory related vulnerabilities in routing components is enormous. And inevitably the most dangerous vulnerability is the one not yet publicly disclosed.
The Secure Networking by Design (SNbD) project directly addresses this threat. Building on recent advances in router security (ManySecured), the SNbD project will to harden router and networking protections. Building on CHERI/Morello SNbD will use the memory protection and secure compartmentalisation features to improve the security offered by routers. By taking a modular approach SNbD, will ensure that the individual modules that are upgraded in this endeavour are available to other operating systems and applications, guaranteeing maximum ecosystem impact.
SNbD will operate in a "working in open" fashion, and openly accept third party contributions. From the outset, SNbD will be designed to be a self sustaining, collaborative initiative, with a long lasting legacy.
SNbD directly addresses, the most significant, and hyper scaling security threat; the ability to infect and cross infect internet connected devices. The security protections the CHERI/Morello architecture offers, are more relevant to this domain than any other.
SNbD is a collaboration between NquiringMinds, University of Oxford and the Techworks; organisations which both individually and collectively have an exemplary track record of delivering positive security impact at scale.