Achieve Modern IP Protection with Zero-Trust Strategies for the Edge
Have you seen Top Gun? Not the second one, the original. It’s a great movie for sure. The flying, the music, the iconic volleyball scene. However, there is a thread, a movement, through the movie where Maverick turns from his callsign. He transforms from a “Go it alone” pilot no one can trust to a teammate, beloved and celebrated.
Zero trust … Maverick’s Top Gun classmates had zero trust in the rash, undisciplined, unproven pilot. This same skepticism is at the core of today’s promotion of a new security paradigm called Zero Trust. For decades, static, network-based defenses have been employed, and even worse, they have been assumed to be effective. Nothing is further from the truth.
In this blog I want to expand a bit more on the importance of a zero trust (ZT) approach to IP Protection. In my previous blog I stated that ZT is required because edge devices running valuable IP are often placed in hostile environments. More specifically, they might be physically acquired by untrusted organizations or individuals and subjected to tamper activities. This is equivalent to the ZT assumption that assets or user accounts should be considered suspect, even if their physical or network location might suggest they are trustworthy. Said more plainly, ZT is not new to those of us who have been protecting critical technology; Zero Trust is a paradigm that has been at the core of our IP protection strategy for decades.
How is Zero Trust Different for the Edge vs the Enterprise?
ZT for edge-based software IP protection does have some distinct characteristics that separate it from ZT for IT / enterprise applications.
First, users are not as important a consideration in the design of a ZT architecture for edge devices. Edge devices typically have a small number of users; in fact, they might only have a single user. When the number of users is small, the complexity of a system’s behavior is also reduced. This enables the system to be designed with more immutability, the gold standard of any ZT architecture as no one is trusted to change the system. Imagine a robotic arm in a manufacturing plant. The arm is controlled by a software system that uses data from sensors to determine the position of the parts and the robot arm. A ZT architecture for the robotic arm would narrowly define what, not who, could change the robot arm's configuration such as the sensitivity of the sensors.
Next, most ZT architectures assume infinite compute resources and infrastructure are available to achieve their ZT strategy. For IT / enterprise architectures, this is a sound assumption. Unfortunately, this assumption does not hold for edge-devices. Limited compute resources forces designers and security professionals to make tradeoffs between security and functionality. Often useful portions of the software stack, such as hypervisors, are not available because the hardware cannot support virtualization. Similarly, security hardware like TPMs are eliminated to reduce the cost of device hardware. This eliminates options for building ZT architectures and exposes software IP to tamper.
Finally, ZT architectures rely heavily on robust authentication capabilities such as multifactor authentication, throughout network environments and on devices. This is a sound approach, but when protecting software IP on systems under the control of an attacker, user-based authentication or discretionary access controls cannot be the only line of defense. Instead, no user, even the root-user, can be trusted. Strong controls, such as mandatory access controls (MACs) are recommended. Furthermore, separating and isolating critical IP from the rest of the system is paramount. Containers, virtualization, and hardware-enabled memory protections can be used to achieve this goal. Finally, you can protect your IP by reducing the number of attack vectors that can reach your IP. Inspect your kernel configuration, investigate the size and composition of your system, identify unnecessary code and eliminate it from your build. All these steps will minimize your attack surface and ultimately help you eliminate avenues of attack.
If you are a company or organization wrestling with how to protect your software, I’d encourage you to continue learning more about Zero Trust architectures. This exercise will help you move away from outdated cybersecurity strategies that prioritize perimeter defenses and observability. You can review the DoD’s Zero Trust Reference Architecture for example, but keep in mind what I talk about above. If you can move toward ZT you will be able to defeat threats that jeopardize the integrity and confidentiality of your valuable IP. If this sounds too daunting, give Star Lab a call and as Viper said to Maverick, “I’ll fly with you.”