Trusted Computing Use Cases and the TCG Software Stack (TSS 2.0) Lee Wilson TSS WG Chairman OnBoard Security November 20, 2017
|
|
- Bennett Knight
- 6 years ago
- Views:
Transcription
1 Trusted Computing Use Cases and the TCG Software Stack (TSS 2.0) Lee Wilson TSS WG Chairman OnBoard Security November 20, 2017
2 Trusted Computing: Where Are We At? (From the Perspective of Deploying Compelling, Marketable Solutions)
3 Core Trusted Computing Has Evolved In Three Steps First for TPM 1.2 Now for TPM 2.0 Develop code to use TPM Rewrite boot firmware to use TPMs OS s provision and use TPMs OS s write apps for TPMs Customers begin to understand trusted computing value. Expand TPM market (mobile, tablets, IoT, automobiles, networking equipment ) Extend TPMs to backend servers apps. Application community starts broadly using TPMs 1 2 3
4 Achieving Trusted Computing s Full Promise with an Ecosystem of Solutions Develop code to use TPM Rewrite boot firmware to use TPMs OS s provision and use TPMs OS s write apps for TPMs Customers begin to understand trusted computing value. Expand TPM market (mobile, tablets, IoT, automobiles, networking equipment ) Extend TPMs to backend server apps. Application community starts broadly using TPMs Mission Accomplished! Pervasive Trusted Computing Has Arrived: 1. This is where the trusted computing payoff is realized. 2. Full trusted computing ecosystems can be built at low cost. 3. All computing platforms can now be addressed. 4. Compliance, certification and worldwide standards come with TCG.
5 A Major Announcement (Drum roll, etc.) The Two Worlds of Security Have Now Converged Hardware Based Security for High End Systems Financial Institutions, Critical Industries, Large DataCenters, etc. Heavily regulated security Very expensive HSMs required not optional All the Other (More Cost Sensitive) Platforms in the World Store keys and certificates in file systems. Hope firewalls, etc. (software only solutions) do the job. Cross your fingers. Hardware Based Security for All (Trusted Computing! No more critical keys stored in file systems Strong device identity for remote management, code update, etc. Much better attack detection stop rootkits and bootkits. Netting it out: PLEASE get to work on adopting the trusted computing security model!
6 Security Holes Missed by Software-Only Security Problem Solved by Trusted Computing Antivirus programs, Firewalls, Compliance Management, etc. Provide Top Down Security. The traditional top-down security approach leaves lower layers of the stack vulnerable to attack. Attacks can occur at all levels of the stack Top Down Defense Applications Operating System Hypervisor Firmware Hardware SQL injection, Database attacks, PW attack, Wndows folder/drive sharing, Java attacks Rootkits Bootkits, Rogue Firmware Updates (BIOS) Service Processor, Direct Physical Attacks Applications Operating System Hypervisor Firmware Hardware Bottom Up Defense Top Down Defense A comprehensive security approach (top-down and bottom-up) provides protection for all layers of the stack. Trusted Computing Hardware/Firmware/Software Required for Bottom Up Defense TPM v2.0/tss v2.0 provide support infrastructure for trusted computing Trusted computing-enabled firmware building a transitive trust chain and establishing systems measurements off of a CRTM (Core Root of Trust for Measurement) launch bottom-up security. OS es, RTOS es,firmware, trusted applications seal secrets designed to protect overall platform security to the TPM PCRs (Programmable Configuration Registers) and use the TPM as an HSM where appropriate.
7 Major High Level Use Cases
8 Building Solutions with Trusted Computing Layer 5 (Backend Server) Attestation Challenger, SIEM tools, Code Update, Endpoint Managers, Provisioning Manager, Key Management Applications Layer 4 (Applications) Attestation Agent, Provisioning Agent, SSH/SSL/IPSEC, enabled, Signing applications Layer 3 (Middleware/Services - Extended OS TSS 2.0 with Resource Manager, PKCS#11 Layer 2 (Core OS) Code extending the transitive trust chain using OS-owned keys, Drive encryption functions Layer 1 (Firmware/Hardware) CRTM to start the transitive trust chain, Boot firmware to extend beyond the CRTM, initialize the TPM, etc Network 5 We ll focus here today.
9 A TPM Is Best Described In Two Pieces Trusted Computing Functions: PCRs for measuring code Key Sealing Enhanced Authorization TPM HSM Section of TPM HSM- TPM Key Storage TPM -HSM Crypto Accelerati on Engine A TPM can be thought of as a code measurement / key sealing system combined with an HSM at a MUCH lower cost point.
10 Major Trusted Computing Use Cases - 1&2 Use Case 1: HSM-Style Key Store and Use But Using a TPM Administrative Cryptographic Provisioning Application User Application Uses Keys (but may not see private keys) PKCS #11 Middleware TCG TSS 2.0 TPM Use Case 2: Measure your software Seal keys, detect attacks, endpoint management TPM Boot Firmware Operating System Middlewar e Application s
11 Major Trusted Computing Use Cases - 3&4 Use Case 3: Trusted Computing Specific Key Use Model: Key Sealing Unseal TPMprotected keys in healthy system for faster processor TPM usage! Processor Use Case 4: Strong Device Identity and Authentication Using TPMs Trusted Computing Enabled Platform (TPM Rigidly Attached As Required) TPM Inexpensive TPMs are required to be permanently melded to their platforms
12 Major Trusted Computing Use Cases - 5 Use Case 5: Trusted Computing Ecosystem Health Monitoring and Management Backend Server Applications: Security Intelligence and Event Mgmt. (SIEM) IOT Code Update Servers IOT Device Security Health Monitoring (Anti- Virus) Endpoint Managers Network Remote Attestation Challenger Key, Certificate Provisioning Server Certificate Authority Leaf Network Trusted Computing Platform: TPM TSS Attestation Agent
13 How Do My Applications Actually Use TPM 2.0 to Achieve These Use Cases?
14 What Core Software Do You Need to Build Secure Solutions with TPM 2.0???? TPM Device Driver TPM
15 Why Is TCG TSS 2.0 Needed? What does the TCG Software Stack 2.0 (TCG TSS 2.0) do for your programmers: Handles the marshaling/unmarshaling needed when you communicate with a TPM handles multiple TPM applications. Provides synchronous and asynchronous function call models for communicating with the TPM. Encrypts the data stream from the software to the TPM stopping side-channel (hardware probing) attacks (EAL 4++). Simplifies context and session management needed when applications work with TPMs., Provides varying levels of abstraction (depending on the TSS layer you use) simplifying the task of using the TPM. Provides scalable solutions allowing different code footprints from the smallest IOT device up to server applications.
16 Why TCG TSS 2.0 Specifically (1)? Why do you need the TCG TSS 2.0 Specifically: It is a standardized API which will permit applications to use the same programming model cross platform (no need for completely different APIs on each platform). Note: Many governments and critical industries will call it out specifically in their RFPs for these reasons. Complies with modern clean programming techniques making your code more maintainable and more secure No function overloading High Semantic Content! Strong type checking No variadic variables! High semantic content (Others including yourself will be able to read your code, understand it and maintain it over the lengthy product lifecycle we must support. No global variables, etc. Provides both synchronous and asynchronous call support. Easy to write language bindings for TCG TSS 2.0 (implementations are in C99).
17 Why TCG TSS 2.0 Specifically (2)? Why do you need the TCG TSS 2.0 Specifically (continued): The TSS 2.0 API Compatible with MISRA coding standards (required in embedded and IOT where safety is an issue). Note: The implementation underlying the TSS 2.0 may or may not be MISRA compliant. Developed and scrutinized by the TCG community at large. Strong versioning and revision control insured by the design of the TSS 2.0 API Candidate (under development) application code written to TCG TSS 2.0 will tend to fail at compile time not run time stopping errors from reaching the field. If you have to fail fail early, fail fast. not at the customer.
18 The TCG Software Stack (TSS 2.0) TSS 2.0 Application Application Application Crypto Library FAPI (Feature API) Marshalling / Unmarshalling code ESAPI (Enhanced System API) SAPI (System API) TCTI (TPM Command Transmission Interface) Tab and Resource Manager TCTI (TPM Command Transmission Interface) Connections to other TCTIs can be made (e.g. network connected). TPM TPM Device Driver
19 Descriptions of TSS 2.0 Layers FAPI ESAPI SAPI TCTI Tab and Resource Manager TPM Device Driver FAPI provides new ease of use not available for TSS 1.2. It allow programmers to interface to the TPM without having ot be TPM experts. ESAPI has easier context management and provides the ability to encrypt the data stream to the TPM stopping sidechannel attacks (essential to EAL4++) SAPI doesn t need a file system or a heap. It can be integrated with your boot firmware or used in the smallest IOT devices. The TCTI is an enormous help to development programmers. It allows you to target TPMs other than the hardware TPM on your platform (eg. soft TPMs) The Tab and Resource Manager will vary depending on the operating system. It allows multiple applications and the kernel to share TPM resources. Drivers are available today in Linux, Windows your particular IOT platform may need a modified or custom driver.
20 Code Requirements for TSS Layers SAPI and TCTI No file IO No crypto No heap No external library dependency Context based state ESAPI Cryptographic function No file IO Requires heap Context based state FAPI File IO Requires heap Must be able to do retries Context based state Must support the possibility of reduced application code size by offering static libraries Abstracts TPM details from programmers TAB and Resource Manager Power management Potentially no file IO depends on power mgmt. No crypto Requires heap
21 Details on the FAPI API Objectives of the TCG FAPI Specification: The TSS 2.0 Feature API is meant to be a very high level API which allows programmers to use the TPM 2.0 without having a deep knowledge of how TPMs work. It is aimed at having commands in it that will allow 80% of the programmers who write a program using the TPM to find everything they want in the specification. The remaining 20% of programmers will have to supplement this set of APIs with the Extended System API (ESAPI) or System API (SAPI). The specification is meant to making programming with the TPM as simple as possible. The cognitive load for a new programmer using this API is kept as low as possible.
22 Details on the FAPI API (cont.) The following decisions have been made for the FAPI specification: A Profile is used by a programmer that makes many of the complicated decisions for the programmer. It decides such things as the default algorithm sets that are used when creating keys, where they are stored and found. Key template names have been created for the dozen or so keys that are expected to be used by most programmers Key names will be based on path descriptors, much as files are today. All entities used by the feature API will be authenticated by use of a policy. (The policy may point to an authorization done using the authorization data, however.) This means that no entity will be created with a NULL policy. It probably also means that bits will be set to disable use of the authorization data in objects. All authorizations done using authorization data will use salted HMAC sessions. Decrypt and encrypt sessions will also be used. Policy instances and forms are described in an XML representation which may be found in the Policy XML format document. PCR log files will be in the format described by the PC Client Specification Commands syntax looks like Tss2_<EntityName>_<Command> : Tss2_Key_Sign Tss2_Nv_Write Tss2_Entity_ChangeAuth Tss2_TPM_GetRandom
23 Details on the FAPI API (cont.) The following decisions have been made for the FAPI specification (cont.): The Feature API doesn t include two other things which are necessary to get it to work, which are expected to be needed, namely: 1. A utility used to create a policy in the correct XML format For example: <PolicyAce type="policysigned"> <Name>Company SmartCard</Name> <Driver>MySmartCard</Driver> <DriverInfo>DN=CompandSmartcard.com</DriverInfo> <etc>...</etc> </PolicyAce> 2. Callback functions will be used to obtain decisions from the user and interfaces related to policy commands that require input. The FAPI will read the policy associated with an entity when it is used, create a Policy session to satisfy it, and walk through the command necessary to satisfy the command. It will use the callback functions to determine: Which branches of an OR (or PolicyAuthorize) policy to follow How to obtain passwords or signatures necessary to satisfy the policies. The default TPM this will work with is assumed to be the local one, but another one can be specified when a context is created.
24 Details on FAPI XML Policies TPM 2.0 introduces a flexible design for authorizing actions on keys and other TPM objects. The FAPI XML Policies Document describes: Interoperable XML-based scheme for describing policies and interpreting them to authorize TPM actions A standardized interoperable form for policies will allow different participants to author and consume policy expressions. (e.g. An enterprise management utility might author policies for key migration and recovery. These policies may then be consumed by any TPM client library.) The FAPI XML Policies Document contains the following sections: An overview of the authorization capabilities of TPM 2.0 An XML-based scheme for expressing policies A proposed simple normal form for policies An algorithm for policy evaluation The main text of this document uses an abbreviated XML schema. The complete XML schema is included in an appendix to this document.
25 The TCG TSS 2.0 Is Now Public Full Scale Deployment Can Begin The TCG TSS 2.0 Specifications can be seen on the TCG website at: Implementations are available: Intel has provided an open source version that includes the TSS 2.0 components up to the SAPI layer. Commercial implementations of the full TCG TSS 2.0 stack are available (the FAPI layer is undergoing final revisions implementations will follow on publication). When you look at TSS 2.0 offerings, please be sure the TSS 2.0 is TCG compliant (others have used the term TSS 2.0 that do not conform to the TCG specifications).
Creating the Complete Trusted Computing Ecosystem:
FEBRUARY 2018 Creating the Complete Trusted Computing Ecosystem: An Overview of the Trusted Software Stack (TSS) 2.0 Trusted Computing Group 3855 SW 153rd Drive Beaverton, OR 97003 Tel (503) 619-0562 Fax
More informationAccelerating the implementation of trusted computing
Infineon Network Use Case Accelerating the implementation of trusted computing Building Confidence in Our Connected World with TPM middleware Products OPTIGA TPM www.infineon.com/ispn Use Case Use case
More informationTrusted Computing Group
Trusted Computing Group Backgrounder May 2003 Copyright 2003 Trusted Computing Group (www.trustedcomputinggroup.org.) All Rights Reserved Trusted Computing Group Enabling the Industry to Make Computing
More informationEasy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications
Infineon Network Use Case Easy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications Providing Infineon customers with an easy path to integrating TPM support into their products and systems
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationTCG TPM2 Software Stack & Embedded Linux. Philip Tricca
TCG TPM2 Software Stack & Embedded Linux Philip Tricca philip.b.tricca@intel.com Agenda Background Security basics Terms TPM basics What it is / what it does Why this matters / specific features TPM Software
More informationTPM v.s. Embedded Board. James Y
TPM v.s. Embedded Board James Y What Is A Trusted Platform Module? (TPM 1.2) TPM 1.2 on the Enano-8523 that: How Safe is your INFORMATION? Protects secrets from attackers Performs cryptographic functions
More informationProvisioning secure Identity for Microcontroller based IoT Devices
Provisioning secure Identity for Microcontroller based IoT Devices Mark Schaeffer, Sr. Product Marketing Manager, Security Solutions Synergy IoT Platform Business Division, Renesas Electronics, Inc. May
More informationWindows IoT Security. Jackie Chang Sr. Program Manager
Windows IoT Security Jackie Chang Sr. Program Manager Rest Physical access to a device will not give access to data Data & Control Execution Data owner has full control over data processing Motion Transport
More informationGSE/Belux Enterprise Systems Security Meeting
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 1 In the news Microsoft Exposes Scope of Botnet Threat By Tony Bradley, October 15, 2010 Microsoft's
More informationSecuring IoT with the ARM mbed ecosystem
Securing IoT with the ARM mbed ecosystem Xiao Sun / Senior Applications Engineer / ARM ARM mbed Connect / Shenzhen, China December 5, 2016 Lots of interest in IoT security Researchers are looking into
More informationTrusted Computing Today: Benefits and Solutions
Trusted Computing Today: Benefits and Solutions Brian D. Berger EVP Marketing & Sales Wave Systems Corp. bberger@wavesys.com Copyright 2009 Trusted Computing Group Agenda TCG Vision TCG Benefits Solution
More informationServer side management system for multiple IoT terminals in industrial systems
Infineon Network Use Case Server side management system for multiple IoT terminals in industrial systems This system utilizes the technology of the Trusted Computing Group (TCG) as a time-to-market solution
More informationHALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD. Automated PCI compliance anytime, anywhere.
HALO IN ACTION COMPLIANCE DON T LET LEGACY SECURITY TOOLS HOLD UP PCI COMPLIANCE IN THE CLOUD Automated PCI compliance anytime, anywhere. THE PROBLEM Online commercial transactions will hit an estimated
More informationTrusted Platform Modules Automotive applications and differentiation from HSM
Trusted Platform Modules Automotive applications and differentiation from HSM Cyber Security Symposium 2017, Stuttgart Martin Brunner, Infineon Technologies Axiom: Whatever is connected can (and will)
More informationLecture Embedded System Security Trusted Platform Module
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2015 Roadmap: TPM Introduction to TPM TPM architecture
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2017/18 Roadmap: TPM
More informationOVAL + The Trusted Platform Module
OVAL + The Trusted Platform Module Charles Schmidt June 14, 2010 Overview OVAL Can assess a vast diversity of system state Usually software based software attacks can compromise Trusted Platform Module
More informationTechnical Brief Distributed Trusted Computing
Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,
More informationClick to edit Master. Trusted Storage. title style. Master subtitle style Seagate Technology
Click to edit Master Trusted Storage title style Click Dave to edit Anderson Master subtitle style Seagate Technology - TRUST - system behaves as designed Cryptographic SIGNING PlaintextMessage + Signed(Hash(PlaintextMessage))
More informationPKI is Alive and Well: The Symantec Managed PKI Service
PKI is Alive and Well: The Symantec Managed PKI Service Marty Jost Product Marketing, User Authentication Lance Handorf Technical Enablement, PKI Solutions 1 Agenda 1 2 3 PKI Background: Problems and Solutions
More informationIBM Tivoli Directory Server
Build a powerful, security-rich data foundation for enterprise identity management IBM Tivoli Directory Server Highlights Support hundreds of millions of entries by leveraging advanced reliability and
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2012 Roadmap: Trusted Computing Motivation Notion of trust
More informationTPM Software Stack. The Stack: a High-Level View. Chapter 7
Chapter 7 TPM Software Stack This book is primarily about TPM 2.0 devices. However, a TPM without software is like a car with a full tank of gas but no driver; it has great potential but isn t going anywhere.
More informationThe Road to a Secure, Compliant Cloud
The Road to a Secure, Compliant Cloud The Road to a Secure, Compliant Cloud Build a trusted infrastructure with a solution stack from Intel, IBM Cloud SoftLayer,* VMware,* and HyTrust Technology innovation
More informationTEN LAYERS OF CONTAINER SECURITY
TEN LAYERS OF CONTAINER SECURITY Tim Hunt Kirsten Newcomer May 2017 ABOUT YOU Are you using containers? What s your role? Security professionals Developers / Architects Infrastructure / Ops Who considers
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2016/17 Roadmap: TPM
More informationTRUSTED SUPPLY CHAIN & REMOTE PROVISIONING WITH THE TRUSTED PLATFORM MODULE
SESSION ID: TECH-F03 TRUSTED SUPPLY CHAIN & REMOTE PROVISIONING WITH THE TRUSTED PLATFORM MODULE Tom Dodson Supply Chain Security Architect Intel Corporation/Business Client Products Monty Wiseman Security
More informationDelivering High-mix, High-volume Secure Manufacturing in the Distribution Channel
Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel Steve Pancoast Vice President, Engineering Secure Thingz Inc Rajeev Gulati Vice President and CTO Data IO Corporation 1
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationTrusted Platform Module explained
Bosch Security Systems Video Systems Trusted Platform Module explained What it is, what it does and what its benefits are 3 August 2016 2 Bosch Security Systems Video Systems Table of contents Table of
More informationEnhanced Privacy ID (EPID), 156
Index A Accountability, 148 ActiveDirectory, 153 Amazon AWS EC2, 168 Anonymity, 148 Asset tagging, 96 Attestation definition, 65 dynamic remote attestation techniques, 66 IMA, 67 Intel Trust Attestation
More informationUsing the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest
More informationOS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
More informationOn Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor
On Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor Ugo Piazzalunga SafeNet Italy Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com
More informationDICE: Foundational Trust for IoT
DICE: Foundational Trust for IoT Dennis Mattoon, Microsoft Santa Clara, CA 1 Introduction Modern cyber-attacks are often sophisticated and relentless in their continual efforts to seek out vulnerabilities
More informationAuditing TPM Commands
Chapter 16 Auditing TPM Commands As used in the TPM, audit is the process of logging TPM command and response parameters that pass between the host and the TPM. The host is responsible for maintaining
More informationAchieving End-to-End Security in the Internet of Things (IoT)
Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of
More informationThe nominative data coming from the population registry and used to generate the voting cards are never stored in the evoting system database.
System overview Legal compliance CHVote complies to the swiss federal chancellery ordinance on Electronic Voting (VEleS) for an evoting system offered up to 30% of the resident voters. The election process
More informationPlatform Configuration Registers
Chapter 12 Platform Configuration Registers Platform Configuration Registers (PCRs) are one of the essential features of a TPM. Their prime use case is to provide a method to cryptographically record (measure)
More informationWindows 10 IoT Core Azure Connectivity and Security
Windows 10 IoT Core Azure Connectivity and Security Published July 27, 2016 Version 1.0 Table of Contents Introduction... 2 Device identities... 2 Building security into the platform... 3 Security as a
More informationPatching and Updating your VM SUSE Manager. Donald Vosburg, Sales Engineer, SUSE
Patching and Updating your VM SUSE Manager Donald Vosburg, Sales Engineer, SUSE dvosburg@suse.com Why should I care? I just clone my base VM image, and after that it is not my problem... Understand the
More informationTCG. TCG Published. TSS System Level API and TPM Command Transmission Interface Specification. Family "2.0" Level 00, Revision 01.
TSS System Level API and TPM Command Transmission Interface Specification Family "2.0" Level 00, Revision 01.00 26 January 2015 Contact: admin@trustedcomputinggroup.org TCG TCG Published Copyright TCG
More informationSecurity in NVMe Enterprise SSDs
Security in NVMe Enterprise SSDs Radjendirane Codandaramane, Sr. Manager, Applications, Microsemi August 2017 1 Agenda SSD Lifecycle Security threats in SSD Security measures for SSD August 2017 2 SSD
More informationTrusted Computing As a Solution!
Trusted Computing As a Solution! Brian Berger EVP Marketing & Sales & TCG Director Wave Systems Corp. www.wave.com Trusted Computing Group www.trustedcomputinggroup.org Agenda State of Hardware Security
More informationMigration and Building of Data Centers in IBM SoftLayer
Migration and Building of Data Centers in IBM SoftLayer Advantages of IBM SoftLayer and RackWare Together IBM SoftLayer offers customers the advantage of migrating and building complex environments into
More informationNetwork Services, Cloud Computing and Virtualization
Network Services, Cloud Computing and Virtualization Client Side Virtualization Purpose of virtual machines Resource requirements Emulator requirements Security requirements Network requirements Hypervisor
More informationefax Corporate for Independent Agent Offices
Overview Within the finance and insurance industries, independent agent offices have traditionally been an effective means for offering standardized services across diverse geographic regions. They provide
More informationSecuring your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008
Securing your Virtualized Datacenter Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008 Agenda VMware Virtualization Technology How Virtualization Affects Datacenter Security Keys to
More informationNGSCB The Next-Generation Secure Computing Base. Ellen Cram Lead Program Manager Windows Security Microsoft Corporation
NGSCB The Next-Generation Secure Computing Base Ellen Cram Lead Program Manager Windows Security Microsoft Corporation ellencr@microsoft.com Agenda NGSCB Features Writing NGSCB Agents NGSCB development
More informationW11 Hyper-V security. Jesper Krogh.
W11 Hyper-V security Jesper Krogh jesper_krogh@dell.com Jesper Krogh Speaker intro Senior Solution architect at Dell Responsible for Microsoft offerings and solutions within Denmark Specialities witin:
More informationGREEN HILLS SOFTWARE: EAL6+ SECURITY FOR MISSION CRITICAL APPLICATIONS
GREEN HILLS SOFTWARE: EAL6+ SECURITY FOR MISSION CRITICAL APPLICATIONS 15 December 2008: EAL6+ Security for Mission Critical Applications INTERVIEWEE. DAVID KLEIDERMACHER CHIEF TECHNOLOGY OFFICER TEL.
More informationAT&T Endpoint Security
AT&T Endpoint Security November 2016 Security Drivers Market Drivers Online business 24 x 7, Always on Globalization Virtual Enterprise Business Process / IT Alignment Financial Drivers CapEx / OpEx Reduction
More informationCeedo Client Family Products Security
ABOUT THIS DOCUMENT Ceedo Client Family Products Security NOTE: This document DOES NOT apply to Ceedo Desktop family of products. ABOUT THIS DOCUMENT The purpose of this document is to define how a company
More informationStandardizing Network Access Control: TNC and Microsoft NAP to Interoperate
Standardizing Network Access Control: TNC and Microsoft NAP to Interoperate May 2007 Trusted Computing Group 3855 SW 153 rd Dr. Beaverton, OR 97006 TEL: (503) 619-0563 FAX: (503) 664-6708 admin@trustedcomputinggroup.org
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2015 Roadmap: Trusted Computing Motivation Notion of trust
More informationIntroduction to Device Trust Architecture
Introduction to Device Trust Architecture July 2018 www.globalplatform.org 2018 GlobalPlatform, Inc. THE TECHNOLOGY The Device Trust Architecture is a security framework which shows how GlobalPlatform
More informationTrusted Computing in Drives and Other Peripherals Michael Willett TCG and Seagate 12 Sept TCG Track: SEC 502 1
Trusted Computing in Drives and Other Peripherals Michael Willett TCG and Seagate 12 Sept 2005 TCG Track: SEC 502 1 The Need for Trusted Computing 2 The Real World Innovation is needed: Client software
More informationCloud Computing the VMware Perspective. Bogomil Balkansky Product Marketing
Cloud Computing the VMware Perspective Bogomil Balkansky Product Marketing Cloud Computing - the Key Questions What is it? Why do you need it? How do you build (or leverage) one (or many)? How do you operate
More informationKey Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge
Key Threats Internet was just growing Mail was on the verge Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering Key Threats Code Red and Nimda (2001), Blaster (2003), Slammer
More information#RSAC #RSAC Thing Thing Thing Thing Thing Thing Edge Edge Gateway Gateway Cut costs Create value Find information in data then act Maintain Things Enrol Authorized Users & Things Authentication
More informationBUILDING A PRIVATE CLOUD. By Mark Black Jay Muelhoefer Parviz Peiravi Marco Righini
BUILDING A PRIVATE CLOUD By Mark Black Jay Muelhoefer Parviz Peiravi Marco Righini HOW PLATFORM COMPUTING'S PLATFORM ISF AND INTEL'S TRUSTED EXECUTION TECHNOLOGY CAN HELP 24 loud computing is a paradigm
More informationM2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres
M2M / IoT Security Eurotech`s Everyware IoT Security Elements Overview Robert Andres 23. September 2015 The Eurotech IoT Approach : E2E Overview Application Layer Analytics Mining Enterprise Applications
More informationIndex. Boot sequence DRTM breakout measured launch, 336 local applications, 339 measured launch, 338 SINIT ACM, 338
Index A adminwithpolicy, 256 Advanced encryption standard (AES), 29 Asymmetric algorithms, 9 Attestation identity keys (AIKs), 29, 101 Auditing commands audit log, 264, 267 bit field, 264 command audit,
More informationGlobalPlatform Trusted Execution Environment (TEE) for Mobile
GlobalPlatform Trusted Execution Environment (TEE) for Mobile Kevin Gillick Executive Director, GlobalPlatform @GlobalPlatform_ www.linkedin.com/company/globalplatform GlobalPlatform Overview GlobalPlatform
More informationDynamic Datacenter Security Solidex, November 2009
Dynamic Datacenter Security Solidex, November 2009 Deep Security: Securing the New Server Cloud Virtualized Physical Servers in the open Servers virtual and in motion Servers under attack 2 11/9/09 2 Dynamic
More informationPKI Credentialing Handbook
PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key
More informationSOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management
SOLUTION BRIEF CA API MANAGEMENT Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management 2 SOLUTION BRIEF ENABLE AND PROTECT YOUR WEB APPLICATIONS WITH CA API MANAGEMENT ca.com
More informationChanging face of endpoint security
Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L
More informationOperating system hardening
Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications
More informationTSS TAB and Resource Manager Specification. Contact: Please provide public review comments by Thursday, March 5, 2015
TSS TAB and Resource Manager Specification Family "2.0" Level 00, Revision 00.91 3 February 2015 Committee Draft Contact: admin@trustedcomputinggroup.org Please provide public review comments by Thursday,
More informationKey Management in a System z Enterprise
IBM Systems IBM z Systems Security Conference Business Security for today and tomorrow > 27-30 September Montpellier Key Management in a System z Enterprise Leo Moesgaard (lemo@dk.ibm.com) Manager of IBM
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationHypervisor Security First Published On: Last Updated On:
First Published On: 02-22-2017 Last Updated On: 05-03-2018 1 Table of Contents 1. Secure Design 1.1.Secure Design 1.2.Security Development Lifecycle 1.3.ESXi and Trusted Platform Module 2.0 (TPM) FAQ 2.
More informationTPM Entities. Permanent Entities. Chapter 8. Persistent Hierarchies
Chapter 8 TPM Entities A TPM 2.0 entity is an item in the TPM that can be directly referenced with a handle. The term encompasses more than objects because the specification uses the word object to identify
More informationTrusted Network Connect (TNC) 3rd European Trusted Infrastructure Summer School September 2008
Trusted Network Connect (TNC) 3rd European Trusted Infrastructure Summer School September 2008 Josef von Helden University of Applied Sciences and Arts, Hanover josef.vonhelden@fh-hannover.de Ingo Bente
More informationTHE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS
THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS By Bill Graham and Michael Weinstein WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Driven by the convergence of cloud technology, rapidly
More informationTERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004
TERRA Authored by: Garfinkel,, Pfaff, Chow, Rosenblum,, and Boneh A virtual machine-based platform for trusted computing Presented by: David Rager November 10, 2004 Why there exists a need Commodity OS
More informationAdding value to your MS customers
Securing Microsoft Adding value to your MS customers Authentication - Identity Protection Hardware Security Modules DataSecure - Encryption and Control Disc Encryption Offering the broadest range of authentication,
More informationSoftware Vulnerability Assessment & Secure Storage
Software Vulnerability Assessment & Secure Storage 1 Software Vulnerability Assessment Vulnerability assessment is the process of identifying flaws that reside in an OS, application software or devices
More informationDemonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions. Andrei Costin
Demonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions Topic Prerequisites Security concepts Security-related concepts (e.g., entropy) Virtualization
More informationIBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights
IBM Secure Proxy Advanced edge security for your multienterprise data exchanges Highlights Enables trusted businessto-business transactions and data exchange Protects your brand reputation by reducing
More informationNew Approaches to Connected Device Security
New Approaches to Connected Device Security Erik Jacobson Architecture Marketing Director Arm Arm Techcon 2017 - If you connect it to the Internet, someone will try to hack it. - If what you put on the
More informationTUX : Trust Update on Linux Kernel
TUX : Trust Update on Linux Kernel Suhho Lee Mobile OS Lab, Dankook university suhho1993@gmail.com -- Hyunik Kim, and Seehwan Yoo {eternity13, seehwan.yoo}@dankook.ac.kr Index Intro Background Threat Model
More informationIntroduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike
Anonymous Application Access Product Brief Contents Introduction 1 The Safe-T Solution 1 How It Works 2-3 Capabilities 4 Benefits 4 List 5-11 Introduction With the move to the digital enterprise, all organizations
More informationCompleting your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT
Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT Introduction Amazon Web Services (AWS) provides Infrastructure as a Service (IaaS) cloud offerings for organizations. Using AWS,
More informationSecurity Architecture
Security Architecture RDX s top priority is to safeguard our customers sensitive information. Introduction RDX understands that our customers have turned over the keys to their sensitive data stores to
More informationFlicker: An Execution Infrastructure for TCB Minimization
Flicker: An Execution Infrastructure for TCB Minimization Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Hiroshi Isozaki (EuroSys 08) Presented by: Tianyuan Liu Oct 31, 2017 Outline Motivation
More informationTrusted Platform for Mobile Devices: Challenges and Solutions
Trusted Platform for Mobile Devices: Challenges and Solutions Lily Chen Motorola Inc. May 13, 2005 Outline Introduction Challenges for a trusted platform Current solutions Standard activities Summary New
More informationImproving Security in Embedded Systems Felix Baum, Product Line Manager
Improving Security in Embedded Systems Felix Baum, Product Line Manager The Challenge with Embedded Security Business Imperatives Security Imperatives I need to keep my production expenses as low as possible.
More informationVMware, SQL Server and Encrypting Private Data Townsend Security
VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! What s new from Microsoft?! Compliance, standards, and
More informationCisco Secure Boot and Trust Anchor Module Differentiation
Solution Overview Cisco Secure Boot and Trust Anchor Module Differentiation Cisco Trust Anchor Technologies provide the foundation for Cisco Trustworthy Systems. Cisco Secure Boot helps ensure that the
More informationSystems View -- Current. Trustworthy Computing. TC Advantages. Systems View -- Target. Bootstrapping a typical PC. Boot Guarantees
Trustworthy Computing s View -- Current Trent Jaeger February 18, 2004 Process 1 Web server Process 2 Mail server Process 3 Java VM Operating Hardware (CPU, MMU, I/O devices) s View -- Target TC Advantages
More informationFirmware Updates for Internet of Things Devices
Firmware Updates for Internet of Things Devices Brendan Moran, Milosch Meriac, Hannes Tschofenig Drafts: draft-moran-suit-architecture draft-moran-suit-manifest 1 WHY DO WE CARE? 2 IoT needs a firmware
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationSecurity: The Key to Affordable Unmanned Aircraft Systems
AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY
More informationTEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist
TEN LAYERS OF CONTAINER SECURITY Kirsten Newcomer Security Strategist WHAT ARE CONTAINERS? Containers change how we develop, deploy and manage applications INFRASTRUCTURE Sandboxed application processes
More informationDistributed Key Management and Cryptographic Agility. Tolga Acar 24 Feb. 2011
Distributed Key Management and Cryptographic Agility Tolga Acar 24 Feb. 2011 1 Overview Distributed Key Lifecycle Problem statement and status quo Distributed Key Manager Typical application scenario and
More information