S3 Control and System Call Indirection

Transcription

1 S3 Control Confirma Technology Brief November 2008 Confirma Product Support Main St., Suite 100, Bellevue, WA , USA Toll free: Local: Confirma Europe GmbH Gustav-Meyer-Allee 25, D Berlin, Germany Tel: FAX:

2 Introduction Malware includes viruses, root kits, worms, Trojan horses, spyware, dishonest adware and other malicious and unwanted software Zero-day Threat is a software attack launched immediately after a security hole is discovered but before a fix has been released. S3 Control technology ensures that the CADstream server is the most secure system on your network. S3 Control prevents the execution of any application that is not part of the CADstream system including malware and unauthorized applications that users might attempt to install on the device. Additionally, S3 Control eliminates the risk from zero-day threats by using System Call Indirection. In Q3 of September 2008, Solidcore S3 Control was awarded NSS Approved status by NSS Labs. NSS Labs is a world leader in security testing and certification. Their testing found: While Solidcore is not a traditional Anti-Malware product, S3 nevertheless provides extremely strong malware protection as an effect of its application control functionality. Solidcore's S3 achieved a 100% score in maintaining host integrity and 99.98% in malware protection. The complete report can be found online at Like other medical devices, CADstream is built upon a commercial Operating System, so that Confirma Software Developers can concentrate on what they do best: writing medical software. Due to its nature, the commercial Operating System shares the same security issues as any other PC on your network. S3 Control can help to eliminate such concerns. Additionally, by using S3 Control, the CADstream device will not require recurring downtime to implement software updates that software manufacturers continually release to address security vulnerabilities. Similarly, because S3 Control is not traditional Anti-Virus software, it does not require constant virus definition updates. With S3 Control, your Technology Professionals can concentrate on other important issues. Page 2

3 How it works S3 Control vs. Anti-Virus At the time of installation, S3 Control performs a complete inventory of the CADstream device all drives, folders, and files and maintains a list of the approved applications. Rather than knowing which applications are not approved to execute, S3 Control maintains a list of the applications that are approved. Any applications not allowed to execute are terminated at a system call level. By contrast, traditional Anti-Virus software must have knowledge of all current software threats. This means that virus definitions must be continually updated. Most concerning is that traditional Anti-Virus software acts after viruses and other malware have invaded your system. Thus, S3 Control can help prevent zero-day threats that Anti-Virus software may not recognize. Host Intrusion Protection System (HIPS) S3 Control is a form of server-centric Host Intrusion Protection System (HIPS) technology, rather than client-centric Anti-Virus technology. HIPS technologies exploit the static nature of server system images and provide malware protection that is superior to Anti-Virus technologies. Solidification is performed by S3 Control, during the creation of the CADstream image by Confirma Engineering. The solidification process creates an inventory of all recognized applications on the CADstream device. When a CADstream device is deployed, it is impossible to open new vulnerabilities. For example, locally launching a Trojan application from a CD or removable USB drive. Security-related events are logged by S3 Control to the Windows event logger in case there is a need to review security threats. System Call Indirection S3 Control protects against viruses through multiple levels of system call indirection. At installation, S3 Control modifies the way installed applications make system calls through the solidification process. S3 Control can recognize foreign applications (including malware) because they make system calls in the normal way. Page 3

4 If an infected application starts making normal un-solidified calls, S3 Control shuts the application down. With no access to system calls, there is no way for a foreign application to do anything interesting (including propagating itself) on a solidified machine. Page 4

5 Change Control CADstream is a medical device registered with the FDA and must maintain its configuration over time to guarantee the safety and effectiveness of the device. Since S3 Control prevents any application not part of the original installation from running, local users cannot change the configuration of CADstream. Only digitally-signed applications approved by Confirma can be installed on the Server. The benefit to you and your users is that the CADstream Server is much less likely to require support. Since unauthorized applications cannot run, you are less likely to run into software and driver conflicts on CADstream. Updates to your CADstream Server Only two classes of applications can be run on a solidified CADstream server: those that were present at solidification time and those that are digitally-signed (using private/public key technology) and distributed by Confirma Customer Service. Any updates to your system will be supplied by Confirma and digitallysigned to allow their installation on CADstream. Operating System Security vs. Feature Updates Solidcore provides Confirma with a list of Windows OS patches that have been tested against S3 Embedded. This list is made available to Confirma typically thirty days after the release of the patches. Confirma engineering releases the list a week after that. When informed by S3 of potential vulnerabilities Confirma will release and make available the necessary updates. As of this writing the need to release an update has not occurred. On a solidified CADstream server, only rarely will a security hole require patching. Most security holes are issues with software that allow another application to perform undesirable actions. Since non-solidified applications cannot make system calls, they cannot run and the security hole does not require patching. Confirma takes your network security seriously and if any application has the potential to cause harm, we will provide a digitally-signed patch to fix the problem. Occasionally, companies will release non-security updates to their software. The recent daylight-savings patches released in early 2007 are good examples. In these cases, Confirma will determine the effect on CADstream at customer sites and release a digitally-signed version of the Page 5

6 patch to customers. Since these are few and far between, customers will rarely deal with this issue. Of course, if you have a Confirma Product Support Program in place, we will perform this update for you. Hardware Drivers Some sites would like to install a special driver to support local hardware (for instance, a printer). In these cases, Confirma will verify compatibility and digitally-sign the driver for you. Page 6