DeepSAFE vision involves the following shifts in how security is designed and implemented:
Hardware-Assisted and Accelerated Security (HAA/HA2): Hardware to be performant enough to support security operations. Hardware to assist in establishment of platform Root of Trust ( static and dynamic), hardware to assist in providing mechanisms to protect security from malware attacks. Hardware to assist in establishment of a complete protection life cycle.
Below-OS Security: Security to live inside and outside OS. Security to have sufficient visibility and control over actions taken inside, below and around the OS without affecting platform availability and usability. Security may reside out-of-band inside firmware (device and I/O), hypervisors, or an out-of-band manageability environment.
High Integrity Assured Computing: Security starts before OS kernel Boot Loader, enforces platform integrity at boot time and during runtime. Security constantly ensures data confidentiality, and code integrity.
Behavioral Protection: Protection understand malware behaviors, users behaviors, attacks patterns, and can distinctively differentiate between what is good and what is bad. Security operate autonomously without requiring binary signatures of known viruses. Security holds enough context to repair and recover from malware infections.
Dynamic Trust Boundaries: Trust is constantly dynamic and is a never treated as a static property. Trusted is considered holistically and not restricted to certain boundaries extending boundaries across users, devices, and networks. A trust established at any point in time takes into consideration all historical decisions and insights without any pre-determined assumptions. Trust is provided on a need basis with proper authentication and authorization.
Self-Protection: Hardware, software and firmware ought to have minimum capabilities to protect and defend themselves against targeted attacks. Such capabilities extend to cover devices, users and networks.