The publicity surrounding data scraping attacks against ECR
applications prompted me to write a few posts about approaches to stop the
execution of such malware at the operating system level (see for example http://paymentnetworks.blogspot.com/2014/07/detection-of-data-scraping-in-retail.html
). After the recent UPS attacks, I think it is quite clear that the payment
systems industry will not form a uniform response to these attacks and instead
touts Europay, MasterCard, VISA (EMV) as more of a prayer than a solution.
The ability for the Intel and AMD X86 to host hypervisor kernels
provides ECRs a superior ability to detect and stop these attacks; however, retailers
will be in no mood to deploy such a response once they have already forked over
most of their equipment upgrade budget to move to EMV. Certainly ECR software developers will likely
have some academic help.
Amit Vasudevan and his fellow researchers at CyLab, Carnegie
Mellon University seem to have a clear sensible approach to any that care to
listen about methods to control applications running on a platform processing
sensitive data such as payer financial data.
For example in:
“Requirements for an Integrity-Protected Hypervisor on the
x86 HardwareVirtualized Architecture”
by Amit Vasudevan,
Jonathan M. McCune, Ning Qu, Leendert van Doorn and Adrian Perrig (from CyLab,
Carnegie Mellon University; Nvidia Corp; Advanced Micro Devices (AMD) Corp) (http://users.ece.cmu.edu/~jmmccune/papers/vasudevan_mccune_ning_leendert_perrig_sechyp_trust2010.pdf
)
The researchers describe clear rules for implementing a hypervisor
generally (which no one has yet done, and maybe extremely difficult to do but
implementing just a fraction of them (which has been done) would significantly deter
data scraping attacks).
The researchers provided another jewel:
“It’s an app. It’s a hypervisor. It’s a hypapp.”:Design and
Implementation of an eXtensible and Modular Hypervisor Framework
By Amit Vasudevan, Jonathan M. McCune, and James Newsome
(all from CyLab, Carnegie Mellon University, 2012)
The article describes design principles for creating the
secure environment.
AMD and Intel
hypervisor modes are not compatible with each other so developers will need to write
different versions, one for Intel’s “Separation Kernel Model” and the other for
AMD’s “SVM – Secure Virtual Machine (PACIFICA)”.
If these are
successful (counters data scraping attacks) then users on compatible computers
initiating payment for personal use might be able to implement similar
approaches. If the costs to implement this type of approach prove to be cost
effective then more trusted applications working with payment operating systems
would increase the efficiency of managing sensitive data in hostile
environments and quickly deploy to face future threats.
No comments:
Post a Comment