Appears in HotOS-VIII (IEEE Workshop on Hot Topics in Operating Systems), May 2001.

Better Security via Smarter Devices
Gregory R. Ganger and David F. Nagle
Carnegie Mellon University

This white paper promotes a new approach to network
security in which each individual device erects its own security
perimeter and defends its own critical resources (e.g.,
network link or storage media). Together with conventional
border defenses, such self-securing devices could provide a
flexible infrastructure for dynamic prevention, detection, diagnosis,
isolation, and repair of successful breaches in borders
and device security perimeters. We overview the self-securing
devices approach and the siege warfare analogy
that inspired it. We also describe several examples of how
different devices might be extended with embedded security
functionality and outline some challenges of designing and
managing self-securing devices.