Integrity Levels: A New Paradigm for Protecting Computing Systems

As the field of determined and increasingly sophisticated adversaries multiplies, the risk to integrity of deployed computing devices magnifies. Given the ubiquitous connectivity, substantial storage, and accessibility, the increased reliance on computer platforms make them a significant target for attackers. Over the past decade, malware has transitioned from attacking a single program to subverting the operating system (OS) kernel by means of what is commonly known as a root kit. While computer systems require patches to fix newly discovered vulnerabilities, undiscovered vulnerabilities remain. Furthermore, typical solutions utilize mechanisms that operate within the OS. If the OS becomes compromised, these mechanisms may be vulnerable to being disabled or upon detection of the potential compromise, being "shut down" until patched, or otherwise mitigated. We propose an innovative approach to designing computer systems that allows the behavior or functionality of the computer system to change based on the integrity of the system. Instead of attempting to prevent or detect all malware attacks, our proposed approach allows possible graceful degradation of functionality according to the security policy specification as anomalies of security concern are detected. We believe this innovative paradigm can determine the "integrity level" of the system. Based on the integrity level, the computer system may behave differently or limit access to data.