Q&A: Lead designer of first commercial IDS - Information Security Magazine

In an industry where most people have narrowly focused specialties, Nate Lawson is the equivalent of a Swiss Army knife. He was the lead designer of RealSecure, the first commercial IDS, designed the BD+ DRM scheme for Blu-ray, and has dabbled in hardware security. Now running his own consultancy, Root Labs, Lawson is putting his skills to work to embed security into devices.

Nate Lawson

Devices like the iPhone have full computing capabilities, but security seems to be a challenge. Do you expect to see more devices with embedded security?
Yes, I think embedded security is a growing segment that is underserved by security firms. As software becomes the most valuable asset on a device, even vendors of cell phones, MP3 players and game consoles are adding protection. The number of devices that could benefit from signed code updates is staggering. Your PC has numerous devices that are flash-updatable, and none of them use digital signatures. There is no protection against bricking the device or installing a rootkit that survives a full OS reinstall. The possibility of making mistakes in even simple code like RSA signature validation is quite high, so it's important to get your design reviewed.

With all of the news lately about people finding ways to circumvent AACS and various other DRM schemes, what do you think is the long-term viability of DRM?
If you

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

look back five years, you see lots of fears that there would be unbreakable DRM. Now there's more of an aura that all DRM is doomed. While AACS and BD+ anticipated periodic breaks, the important difference is our update window is every disc and theirs is three months. A given instance of DRM is always breakable, but our opinion was if you design a system that allows frequent updates and puts the cost of security in the hands of those who have the risk, you'll have a system where each disc remains secure for the key release window.

Why were you so skeptical about the claims by Joanna Rutkowska and others that they can create an undetectable hypervisor rootkit?
Rootkits are impossible to make completely stealthy. It's a function of the cross section of the machine. A normal rootkit has to emulate certain subsections of the OS, and there are ways to find them because of that. Hypervisor rootkits have to allow the OS to interact with every piece of hardware and software. So many things have to be emulated. Joanna is trying to patch all of those problems. The question is, can you set up the chess pieces ahead of time to have an advantage? The problem she chose to solve was to emulate the x86 PC platform perfectly, so it was easy for us to take the other side, as bug-free software is impossible.


Download the complete interview with Nate Lawson at searchsecurity.com.

This was first published in September 2007