SNIA Developer Conference September 15-17, 2025 | Santa Clara, CA

Fortifying AIOps: CSAF and VEX Unite for Smarter Security

Abstract

Conventional security management methods often operate reactively, relying on fragmented vulnerability management processes and manual updates. This approach hinders swift threat responses and diminishes the efficiency of AIOps.

In our discussion, we explore an integration of the Common Security Advisory Framework (CSAF) and the Vulnerability Exploitability eXchange (VEX) into AIOps. CSAF defines the format for security advisories, while VEX focuses on vulnerability exploitability. Our AI-enabled solution dynamically scores vulnerabilities based on factors such as severity, exploitability, and asset exposure. Beyond mere identification, it assesses the actual exploitability of vulnerabilities. For instance, it answers questions like: Can this vulnerability be weaponized? How severe would the impact be? This clarity empowers security teams to prioritize their remediation efforts effectively.

The solution enhances security posture by enabling automated, real-time vulnerability management. This helps organizations safeguard their server or storage infrastructure while improving the predictive accuracy of AIOps.

Learning Objectives

Understand the limitations of traditional security management in servers and storage and how they impact AIOps.
Gain insights into the functionalities of CSAF and VEX and their roles in enhancing security advisories and exploitability assessments.
Learn how the integration of CSAF and VEX can streamline vulnerability management and improve the effectiveness of AIOps.
Recognize the benefits of a proactive security approach in maintaining and securing server and storage infrastructure through advanced AIOps techniques.

Dhruvil Darji
Senior System Software Engineer
Nvidia Inc
Hemant Gaikwad
Technical Staff
Dell Technologies

Related Sessions

Data Security

Key per IO - Fine Grain Encryption for Storage

The Key Per IO (KPIO) project is a joint initiative between NVM Express® and the Trusted Computing Group (TCG) Storage Work Group to define a new KPIO Security Subsystem Class (SSC) under TCG Opal SSC for NVMe® class of Storage Devices. Self-Encrypting Drives (SED) perform continuous encryption on user accessible data based on contiguous LBA ranges per namespace. This is done at interface speeds using a small number of keys generated/held in persistent media by the storage device. KPIO will allow large number of encryption keys to be managed and securely downloaded into the NVM subsystem. Encryption of user data then occurs on a per command basis (each command may request to use a different key). This provides a finer granularity of data encryption that enables a granular encryption scheme in order to support use cases: Support of EU - GDPR Support of data erasure when data is spread over many disks, support of data erasure of data that is mixed with other data needing to be preserved (multitenancy), assigning an encryption key to a single sensitive file or host object. The presentation will introduce the architectural differences between traditional SEDs and the KPIO SSC, provide an overview of the proposed TCG KPIO SSC spec and the features in the NVMe commands to allow use of KPIO, and conclude by summarizing the current state of the standardization proposals in NVM Express and the TCG Storage WG.

Frederick Knight
Principal Standards Technologist
KIOXIA
Festus Hategekimana
Director of Technology
VMware
Data Security

Storage Sanitization - The Right Way to Make Data Go Away

Almost everyone understands that systems and data both have lifecycles that typically include a disposal phase (i.e., what you do when you do not need something anymore). Conceptually, data needs to be eliminated either on a system or entirely (everywhere stored) as part of this disposal. Failure to correctly eliminate certain data can result in costly data breach scenarios. Selecting the form of storage sanitization that is appropriate to the sensitivity of the data sensitivity and that also considers circular business models is something that many organizations are pursuing. The new IEEE 2883 Standard for Sanitizing Storage is expected to help organizations address their data protection requirements without always using physical destruction. This session outlines the various forms of sanitization and methods used (e.g., clear, purge, and destruct). In addition, details are provided on representative storage to help explore what needs to be done, what can go wrong, and identify additional measures that may be needed to protect an organization.

Eric Hibbard
Director, Product Planning – Storage Networking & Security
Samsung Semiconductor, Inc.
John Geldman
SSD IO Standards
Samsung Electronics Co., Ltd.
Data Security

SSD Firmware Resilience: Approaches & Challenges to protect against emerging threats

About 80% of enterprises have experienced at least one firmware attack in the last two years* What is firmware resilience, how does it apply to SSDs to address these threats? - Not a new concept. Elements of Resiliency have been around for years (multiple FW slots / copies, etc.) - Platform Firmware Resiliency Guideline (NIST SP800-193) was published in 2018 - Industry momentum around resiliency has seen from Intel**, Lattice*** and PC OEMs - Still an emerging area that we see proprietary implementations from different vendors As SSD solution provider, we want to help define a unified solution in the area of SSD recovery - Possible approach (and challenges) in client storage space where: All firmware binaries are immutable code and hence are always RSA digitally signed. They are subjected to RSA public key signature verification before being used Multiple firmware slots with copies within each slot as redundant firmware images for SSD auto recovery When SSD auto recovery failed, some mechanisms for host to discover host assisted recovery is required (i.e. either via PCIe or SMBus) When in host assisted recovery mode, device supports a limited number of admin commands for recovery (i.e. Identify, fw download/commit, Get Log Page) Require user intervention to initiate a host assisted (typically initiated via BIOS menu option) semi-automatic recovery Using a golden image maybe saved in BIOS, it is expected to restore to SSD manufacturer default state without preserving user data and any security parameters - Possible approach (and challenges) in data center storage space where: Recovery of device FW SHALL occur over a management interface Recovery of device FW SHALL only occur after a catastrophic event (e.g. no device self-recovery mechanisms succeed, FW attestation failure, etc.) Device SHALL advertise it’s need for recovery (e.g. OCP Recovery specification) FW image used for recovery SHALL be provided to the device over the management interface When a device is in need of recovery, the MANDATORY goal is device recovery. An OPTIONAL goal is recovery of user data. - Call to action to address perceived challenges Examples include… How to maintain a “golden” recovery image? Is there really such a thing? What are the industry defined interfaces to invoke recovery? Other gaps in industry specifications around recovery *Based on Microsoft’s Security Signals report published in 2021: https://www.microsoft.com/security/blog/2021/03/30/new-security-signals-... ** Intel Platform Firmware Resiliency (Intel® PFR): https://www.intel.com/content/www/us/en/products/docs/processors/xeon/pl... *** Lattice Universal Platform Firmware Resiliency (PFR) – Servers implementation: https://www.latticesemi.com/pfr

Gamil Cain
Lead Product Security Architect
Solidigm
Winson Yung
SSD Firmware Architect
Solidigm
Data Security

Data Loss Mitigation through 2-Factor Authentication

Ransomware attack mitigation has been a high profile problem and is getting more visibility in recent years due to the high payback from victims to have their data released. This proposal implements a series of ‘recognition’ triggers within a layered file system on Windows, which forces a caller through a form of 2FA to potentially reduce the impact of the attack. The approach taken by Thales, within the layered file system implementation for data protection, leverages several layers to recognize when a potential threat is executing. These recognition triggers include the following: - Data variance on access to a given file as compared between cached reads and writes. This would allow a high deviation of the data variance to potentially be recognized as an exploit reading in data content, encrypting it, and writing it back to the file. - A learning mode which would understand data access patterns, on a per file basis, for a given user or for a given set of files. Divergence outside of the norms recorded would potentially recognize a file scan performed by exploits. Of course protecting against a ransomware attack is an ever changing field of play. Approaching a solution from the perspective of reducing impact vs. completely mitigating the exploit, is appealing from both a design and cost perspective. And while a solution which would force a 2-factor authentication pathway would prove to be cumbersome at times for users, it will reduce the impact of potential data loss.

Data Loss Mitigation through 2-Factor Authentication
Data Security

Power of Chaos: Long-term Security for Post-quantum Era

The Quantum computing paradigm shift has changed the way we look at data security these days, especially the long-term security of data. Soon, the fast algorithms will be designed to run on quantum computers which can break some of the most widely used cryptosystems, making them vulnerable. However, to address this issue, Chaos theory is actively being studied as a basis for post-quantum era cryptosystems and advancement has been made in the domain of study. The unique characteristic of chaotic systems can be leveraged to produce highly secure cryptographic systems. In our talk, we will present a logic locking-based chaotic encryption system, and we also demonstrate the data encryption and decryption mechanism.

Rahul Vishwakarma
Sr. Mgr Product Planning - SmartNICs
Achronix
Dr. Amin Rezaei
Assistant Professor
California State University Long Beach
Dr. Ava Hedayatipour
Assistant Professor (CET/EET Advisor)
California State University Long Beach
Data Security

Storage Security Update for Developers

2022 has been an interesting and challenging year for storage security. The cyber threat landscape has witnessed large numbers of attacks impacting data and increased nation state activities directed at critical infrastructure. The regulatory landscape is undergoing change as well (e.g., EU Directive 2009/125/EC also known as LOT 9) and potentially imposing requirements that necessitate adjustments to security capabilities, controls, and practices to reflect new realities. By the end of 2022 there will be significant changes to security standards and specifications relevant to storage. New technologies could increase the storage security options. Lastly, new practices and deployment strategies could add further data protections. This session concentrates on the new and emerging storage security elements and issues rather than covering storage security from a general perspective. In addition, the session homes in on those aspects that are potentially relevant to developers and architects.

Eric Hibbard
Director, Product Planning – Storage Networking & Security
Samsung Semiconductor, Inc.

SDC 2024 is brought to you by SNIA. SNIA is an industry association committed to its mission of worldwide leadership developing and promoting architectures, standards, education and vendor-neutral collaboration.