idfusion-iso-identity-paperIDfusion, LLC, is a technology company specializing in advanced security solutions for information technology. Our interests originally focused on identity management solutions for the federal government’s National Health Information Network, secondary to the Affordable Care Act. We developed a federated identity management system that protects the privacy of patients through the use of anonymous identifiers.
Our interest in identity has since evolved to using our knowledge to implement a security solution based on what we refer to as “Autonomous Introspection.” We have developed a behavior-based approach to system security. Our solution captures the “normal” operation (process, file, and device interactions) of a computer system and uses it to limit what it does to its intended use. Think of it as a “whitelist” but instead of simply limiting which processes can run, it also limits what each process can do. The theory behind this work is included in a paper we presented at the 2015 Linux Security Symposium in Seattle, WA.
We’ve used Autonomous Introspection to create a self-attesting computing platform called the Firenode™. The Firenode™ provides a generic, Linux-based platform for the most demanding security environments and is especially well suited to Internet of Things (IoT) applications.
More recently, IDfusion has been working to leverage the underlying technology of the Firenode™ in the server container space. We refer to these secure containers as “canisters.”
Underlying our work on the Firenode™ and canisters is great technology from Intel Corporation, specifically Trusted Execution Technology (TXT) and Software Guard Extensions (SGX). IDfusion has extensive knowledge of these technologies and can advise your organization on how to best make use of them in improving the security of your devices and applications.
IDfusion has developed a unique and powerful model for how SGX can be used to implement platform security guarantees without the need to partition applications into trusted vs. non-trusted components. We’ve also written an SDK for Linux that greatly simplifies the development of SGX-enabled applications including the ability to make an application’s use of SGX completely self-contained (no need for additional libraries).
In addition to developing and marketing the Firenode™ and canisters, IDfusion provides customized security consulting services to private and public sector organizations.