Trusted Virtual Domains: Towards Trustworthy Distributed Services. Ahmad-Reza Sadeghi System Security Lab Ruhr-Universität Bochum
|
|
- Moris Sharp
- 6 years ago
- Views:
Transcription
1 Trusted Virtual Domains: Towards Trustworthy Distributed Services Ahmad-Reza Sadeghi System Security Lab Ruhr-Universität Bochum
2 The Main Motivation
3 Trustworthy Distributed Computing
4 Selected Applications..
5 Outsourcing of Computation Jobs execution in potentially untrusted environment Health Care, Data Centers, Grid Computing, Cloud Computing,. Untrusted Servers User
6 Enterprise Right Management Information Sharing (fine-grained access to and usage of documents) Mainly required by large enterprises, government
7 Supply Chains Usage and Access Control of Resources and Services Automotive, pharmaceutical industries
8 Privacy-Enhancing Information Management Students Lecture/course information Examination dates Scores Registration for lectures/courses Registration for exams Lecture/course information Examination dates Scores Profs/Lecturers List of participants (Name, Mat.Nr., examination rules) VSPL System Examination dates Scores Certificates Statistics Personal student data (Name, birthday, etc.) Study-related data (Study path, examination rules, etc.) University Management
9 And solutions..
10 Ideally: Secure Multiparty Computation (SMP)
11 However, SMP not realistic for complex IT systems, but, a useful tool
12 Potential Real World Approach: Establishing Trust(worthy) Domains
13 Trust Domains - Requirements Negotiation basis Mutually Trusted Computing Base (TCB) TCB := System components whose failure can break the (security) policy Control basis Operational requirements and environments to which each system must adhere Execution services Responders who take on roles on behalf of the initiators Flexibility and scalability
14 Trusted Virtual Domains (TVD) A coalition of virtual and/or physical machines Trust each other based on a security policy beyond physical boundaries TVD member can ``see'' and access each other but are closed to non-members Separation of workflows and workloads More abstract than typical access control mechanisms Platform independent, suitable for large distributed systems Several projects focus on Virtual Data Centers (VDC) e.g., Open Trusted Computing (opentc)
15 Example: TVD Network Isolated workflows/offloads (red, yellow and blue) Isolation of workflows in Domains Joining Trust Domain, if policy conform Leave Trust Domain
16 Logical TVD Architecture Green TVD TVD Master Blue TVD Execution Entities Red TVD VM VM VM VM VM VM Trusted Computing Base Trusted Computing Base Trusted Computing Base physical machine Basis for Negotiation and Control
17 Security Objectives & Requirements Secure TVD membership and revocation Platforms, VMs, Secure intra-tvd communication Note: some members of TVD may have more privileges than others Secure inter-tvd communication Usually undesired (due to isolation) to control information flow
18 Trust & Adversary Model No compromise of TCB at run-time Trust each other
19 Distributed IT systems Challenges Common computing platforms cannot provide means to Different parties with potentially conflicting requirements involved Cryptographic methods are of limited help represent and to verify trustworthiness of an IT system e.g., migration, join and leave of virtual machines Further, how can common computing platforms support such a functionality? Note: Even a secure OS cannot verify its own integrity Internet Y 1 Y 2 Y n
20 Trusted Computing (TC): Enable the reasoning about the trustworthiness of own and other s IT system
21 An Industrial Attempt: Trusted Platforms A possible instantiation of this idea is proposed by Trusted Computing Group (TCG) TCG : Consortium of major IT enterprises (HP, IBM, Intel, MS, Infineon,...) Trusted components in hardware and software providing small set of security functionalities (trust anchor) Integrity reporting through trust anchor Application Application Application Application Operating System (OS) Trusted Operating Component System (SW) (OS) Hardware Trusted Component Hardware (HW) Trusted Platform
22 TCG s TPM Current implementation is a security chip Already in platforms of major vendors Provides a set of cryptographic functionalities e.g., encryption, signing, hashing Additional functionalities Secure storage Platform Configuration Registers (PCRs) TCG trust model: SW attacks only Trusted Software Stack (TSS) for SW interface to TPM PCR[23] PCR[22] PCR[1] PCR[0]
23 Chain of Trust TCG s Authenticated Boot Execution Application Trusted Channel Remote Party Verification Operating System (OS) Boot Loader (BL) BIOS PCR[23] PCR[22] m App Measurement m OS OS measures Applications BL measures OS CRTM CPU TPM PC-Hardware PCR[1] PCR[0] m BL m BIOS BIOS measures BL CRTM measures BIOS CRTM Core Root of Trust for Measurement TPM Trusted Platform Module
24 TVD Realization: Leverage Trusted Virtualization and Trusted Computing
25 Trusted Virtualization Cost reductions by sharing hardware among multiple software workload Flexible system administration Reduction in space and power consumption Security services provide access control and attestation
26 Virtualization: Implementation
27 Virtualization: Implementation
28 Virtualization: Implementation
29 Trusted Computing Technology Based TCG Approach Linking software to the underlying hardware platform Requires hardware assumptions
30 TVD Architecture TVD B TVD A VM TVD Proxy B TVD Proxy A VM TVD Master A Trusted Virtualization Layer Compartment Manager Trust Manager TVD-Proxy- Factory Hardware Resource Management Services (network, memory, I/O, etc.) L4 Microkernel Turaya Trusted Platform Security Module Hardware
31 Main Components of TVD TVD policy Admission control for virtual or real machines to join the TVD Inter/Intra-TVD communication policy TVD Master Controls the access to the TVD as specified in the TVD policy Rules include platforms integrity measurements TVD Proxy Local proxy of the TVD Master running on each physical platform Responsible for the local enforcement of the TVD policy Several TVD proxies can reside on one physical platform TC functionality E.g., TPM and TSS
32 TVD Implementation Architecture TVD A VM TVD Proxy B TVD Proxy A VM P TVD Master A Trusted Virtualization Layer Compartment Manager Trust Manager TVD-Proxy- Factory Hardware Resource Management Services (network, memory, I/O, etc.) L4 Microkernel Turaya Trusted Platform TPM Hardware
33 Main Services TVD proxy factory Creates and manages TVD proxies Compartment manager TVD-Proxy- Factory Compartment Manager Starts and terminates compartments (e.g., virtual machines) Takes integrity measurements of the virtual machines on start-up Defines access rights for communication between active compartments Trust Manager Provides an interface to the underlying TPM Trust Manager
34 Main Protocols TVDDeploy(): deploys the TVD Policy to a local platform TVDJoin(): Connets a VM to the TVD TVDLeave() and Undeploy(): disconnects the VM and removes the TVDProxy
35 Local Platform P: Policy C : Credentials TVD Deployment Protocol (I) TVD-Proxy- Factory requesttvd() Trust Manager TPM Compart. Manager TVD Master P C deploytvd(noncea) nonceb getcert(nonceb) getmeasurement(tvd-proxy-factory) m CreateKey(TCBConf) PKbind CertifyKey(PKbind, m, nonceb) certbind TPMsig getpolicy(certbind) Penc verify(certbind, nonceb) Msig:=sign[MSKsign](P, C, noncea) Penc := bind[pkbind](p, C, Msig) 35
36 Local Platform TVD Deployment Protocol (II) TVD-Proxy- Factory Trust Manager TPM unbind(penc, certbind, noncea, nonceb) getmeasurement(tvd-proxy-factory) m verify(certbind, m, nonceb) unbind(penc) P, C, Msig Compart. Manager Resource Mgmt C verifysig[mpksign](p, C, Psig, noncea) P C addtolist(tvdid, tvdproxyid) P,C CreateProxy(P) CreateVNet(C) netid P TVD Proxy
37 TVD Join Protocol User/VM Compart. Manager Local Platform TVD Proxy Resource Mgmt startvm(img) m := measure(img) create() VMcompID VM VMjoin() getmeasurement(vmcompid) m setlabel(vmcompid, tvdid) checkpolicy(p, m) connectvm(vmcompid, netid)
38 TVD Undeploy TVD Leave 38 TVD Leave and Undeploy VM TVD Proxy TVD-Proxy- Factory Compart. Manager Resource Mgmt VMleave() disconnectvm(vmcompid, netid) removeaccessrights(vmcompid, tvdid) Are any other VMs connected? No? removevnet(netid) tvdundeploy() terminate() removefromlist (tvdid, tvdproxyid)
39 Description of TPM Commands Key Generation KeyParameters, AuthSecret, PCRState, ParentKey TPM_CreateWrapKey KeyObject KeyObject = [ PublicKeyData, SecretKeyData ] PublicKeyData = [ KeyParameters, PCRState, PublicKey ] SecretKeyData = Enc ParentKey (AuthSecret, SecretKey, Hash(PublicKeyData)) Key Certification KeyObject, SignKey, Nonce TPM_CertifyKey KeyCertificate KeyCertificate = [PublicKeyData, Sign SignKey (PublicKeyData, Nonce) ]
40 40 Binding and Unbinding Binding (done by TPM Software) PublicKey, PlainData TSS_Bind EncData Unbinding (involves TPM) SecretKeyID, AuthData, EncData TPM_UnBind PlainData SecretKeyID is pointer to decryption key (that must have been previously loaded into the TPM) AuthData authorizes the use of the decryption key
41 A Real Life Problem Prison health records on lost memory stick (UK) Central Lancashire Primary Care Trust said personal details of more than 6,000 prisoners were carried on the USB memory stick, lost on 30 December, The patient data held on the stick was encrypted but the password had been written on a note, stuck to the stick when it was misplaced. Recent surveys security policies vary across organizations from none to very restrictive ones disallowing Mobile Storage Devices (MSDs) [ENISA2008,Fabian07,wired_us_mil_bans_usb2008]
42 Security Objectives Free and transparent deployment of Mobile Storage Devices (MSDs) within the same TVD Data confidentiality and integrity Prevention of unauthorized access by outsiders Prevention of unintentional keys/data disclosure by insiders Enforcing access policy also while data is accessed by an off-line platform
43 Secure Mobile Storage Handling
44 Secure Mobile Storage Handling Turaya Trusted Platform
45 Secure Mobile Storage Handling Turaya Trusted Platform
46 Current Work Secure Mobile Storage Handling Turaya Trusted Platform!
47 Requirements Different MSDs may unpredictably appear and disappear within the TVD Device identification: Whenever an MSD is plugged in, the platform should be able to distinguish the device and the domain this device belongs to. Dynamic device management: The architecture should be able to enforce the policy and deliver the correct encryption keys wherever the device is plugged-in
48 A Solution Device identification A unique identification record (IR) is assigned to the device when it is initialized Key retrieval Encryption (and signing) keys are indexed with the IR and stored in a two level database Local/Domain Device Directory (LDD/DDD) Access Policy Enforcement Accomplished by the TVD infrastructure. Device access policy is incorporated into the TVD Policy. Device Access Data encryption/integrity verification is transparently done by a specific component on the platform and is not in charge of the user VM Revocation E.g., Lazy revocation (old data can still be accessed but new data not)
49 The Platform Architecture Red TVD Master DDD Red VM Admin. Platform Key retrieval Red TVDProxy Policy Keys Identification record vmsd Storage Manager LDD Compartment Manager MSD Manager L4 microkernel TPM Hardware Physical device MSD
50 Current and Future Work Proving trustworthiness of configuration without revealing it (privacy preserving) e.g., TVDs beyond enterprise boundaries Secure handling of Mobile Storage Devices e.g., USB, hard disks, also for offline access Measuring trustworthiness of hardware security modules Hardware Trojan and Trapdoor Detection New EU project (Start Sept. 2009)
Lecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2012 Roadmap: Trusted Computing Motivation Notion of trust
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2015 Roadmap: Trusted Computing Motivation Notion of trust
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Introduction to Trusted Computing Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Summer Term 2017 Roadmap: Trusted Computing Motivation
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2017/18 Roadmap: TPM
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Winter Term 2016/17 Roadmap: TPM
More informationApplications of Attestation:
Lecture Secure, Trusted and Trustworthy Computing : IMA and TNC Prof. Dr. Ing. Ahmad Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Winter Term 2011/2012 1 Roadmap: TC
More informationLecture Embedded System Security Trusted Platform Module
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2015 Roadmap: TPM Introduction to TPM TPM architecture
More informationLecture Secure, Trusted and Trustworthy Computing Trusted Platform Module
1 Lecture Secure, Trusted and Trustworthy Computing Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Winter Term 2015/2016 Roadmap: TPM Introduction
More informationTrusted Computing Group
Trusted Computing Group Backgrounder May 2003 Copyright 2003 Trusted Computing Group (www.trustedcomputinggroup.org.) All Rights Reserved Trusted Computing Group Enabling the Industry to Make Computing
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More informationDistributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing
Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing 30/05/11 Goals Understand principles of: Authenticated booting The difference to (closed) secure
More informationTechnical Brief Distributed Trusted Computing
Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,
More informationSecurity and Privacy in Cloud Computing
Security and Privacy in Cloud Computing Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 5 03/08/2010 Securing Clouds Goal: Learn about different techniques for protecting a cloud against
More informationTrusted Computing in Drives and Other Peripherals Michael Willett TCG and Seagate 12 Sept TCG Track: SEC 502 1
Trusted Computing in Drives and Other Peripherals Michael Willett TCG and Seagate 12 Sept 2005 TCG Track: SEC 502 1 The Need for Trusted Computing 2 The Real World Innovation is needed: Client software
More informationTrusted Computing Special Aspects and Challenges
Trusted Computing Special Aspects and Challenges Prof. Dr. Ing. Ahmad Reza Sadeghi Chair for System Security Horst Görtz Institute for IT Security Ruhr University Bochum, Germany http://www.trust.rub.de
More informationOVAL + The Trusted Platform Module
OVAL + The Trusted Platform Module Charles Schmidt June 14, 2010 Overview OVAL Can assess a vast diversity of system state Usually software based software attacks can compromise Trusted Platform Module
More informationAuthenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2009
Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing Hermann Härtig Technische Universität Dresden Summer Semester 2009 Goals Understand principles of: authenticated booting the
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationAgenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2
GRC3386BUS GDPR Readiness with IBM Cloud Secure Virtualization Raghu Yeluri, Intel Corporation Shantu Roy, IBM Bill Hackenberger, Hytrust #VMworld #GRC3386BUS Agenda GDPR Overview & Requirements IBM Secure
More informationAuthenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2007
Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing Hermann Härtig Technische Universität Dresden Summer Semester 2007 Goals Understand: authenticated booting the difference
More informationTRESCCA Trustworthy Embedded Systems for Secure Cloud Computing
TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing IoT Week 2014, 2014 06 17 Ignacio García Wellness Telecom Outline Welcome Motivation Objectives TRESCCA client platform SW framework for
More informationDepartment of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD
Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD THIS LECTURE... Today: Technology Lecture discusses basics in context of TPMs
More informationTrusted Network Access Control Experiences from Adoption
Trusted Network Access Control Experiences from Adoption Joerg Vieweg joerg.vieweg@fh-hannover.de Trust@FHH Research Group University of Applied Sciences and Arts Hanover https://trust.inform.fh-hannover.de
More informationLecture 3 MOBILE PLATFORM SECURITY
Lecture 3 MOBILE PLATFORM SECURITY You will be learning: What techniques are used in mobile software platform security? What techniques are used in mobile hardware platform security? Is there a common
More informationDistributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing
Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing 02/06/14 Goals Understand principles of: Authenticated booting, diference to (closed) secure
More informationTrusted Network Connect (TNC) 3rd European Trusted Infrastructure Summer School September 2008
Trusted Network Connect (TNC) 3rd European Trusted Infrastructure Summer School September 2008 Josef von Helden University of Applied Sciences and Arts, Hanover josef.vonhelden@fh-hannover.de Ingo Bente
More informationTRUSTED SUPPLY CHAIN & REMOTE PROVISIONING WITH THE TRUSTED PLATFORM MODULE
SESSION ID: TECH-F03 TRUSTED SUPPLY CHAIN & REMOTE PROVISIONING WITH THE TRUSTED PLATFORM MODULE Tom Dodson Supply Chain Security Architect Intel Corporation/Business Client Products Monty Wiseman Security
More informationThe Road to a Secure, Compliant Cloud
The Road to a Secure, Compliant Cloud The Road to a Secure, Compliant Cloud Build a trusted infrastructure with a solution stack from Intel, IBM Cloud SoftLayer,* VMware,* and HyTrust Technology innovation
More informationTPM v.s. Embedded Board. James Y
TPM v.s. Embedded Board James Y What Is A Trusted Platform Module? (TPM 1.2) TPM 1.2 on the Enano-8523 that: How Safe is your INFORMATION? Protects secrets from attackers Performs cryptographic functions
More informationTRUSTED COMPUTING TRUSTED COMPUTING. Overview. Why trusted computing?
Overview TRUSTED COMPUTING Why trusted computing? Intuitive model of trusted computing Hardware versus software Root-of-trust concept Secure boot Trusted Platforms using hardware features Description of
More informationPlatform Configuration Registers
Chapter 12 Platform Configuration Registers Platform Configuration Registers (PCRs) are one of the essential features of a TPM. Their prime use case is to provide a method to cryptographically record (measure)
More informationOffline dictionary attack on TCG TPM authorisation data
Offline dictionary attack on TCG TPM authorisation data Liqun Chen HP Labs, Bristol Mark D. Ryan HP Labs, Bristol University of Birmingham ASA workshop @CSF'08 June 2008 The Trusted Platform Module A hardware
More informationIntel s s Security Vision for Xen
Intel s s Security Vision for Xen Carlos Rozas Intel Corporation Xen Summit April 7-8, 7 2005 INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. EXCEPT AS PROVIDED IN INTEL'S TERMS
More informationEmbedded System Security Mobile Hardware Platform Security
1 Embedded System Security Mobile Hardware Platform Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Summer Term 2017 Acknowledgement This slide set
More informationTrusted Computing Use Cases and the TCG Software Stack (TSS 2.0) Lee Wilson TSS WG Chairman OnBoard Security November 20, 2017
Trusted Computing Use Cases and the TCG Software Stack (TSS 2.0) Lee Wilson TSS WG Chairman OnBoard Security November 20, 2017 Trusted Computing: Where Are We At? (From the Perspective of Deploying Compelling,
More informationIntelligent Terminal System Based on Trusted Platform Module
American Journal of Mobile Systems, Applications and Services Vol. 4, No. 3, 2018, pp. 13-18 http://www.aiscience.org/journal/ajmsas ISSN: 2471-7282 (Print); ISSN: 2471-7290 (Online) Intelligent Terminal
More informationDepartment of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD
Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD THIS LECTURE... Today: Technology Lecture discusses basics in context of TPMs
More informationEmbedded System Security Mobile Hardware Platform Security
1 Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt Germany Summer Term 2016 Acknowledgement This slide set is based on slides provided by
More informationPolicy-Sealed Data: A New Abstraction for Building Trusted Cloud Services
Max Planck Institute for Software Systems Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services 1, Rodrigo Rodrigues 2, Krishna P. Gummadi 1, Stefan Saroiu 3 MPI-SWS 1, CITI / Universidade
More informationVirtual Machine Encryption Security & Compliance in the Cloud
Virtual Machine Encryption Security & Compliance in the Cloud Pius Graf Director Sales Switzerland 27.September 2017 Agenda Control Your Data In The Cloud Overview Virtual Machine Encryption Architecture
More informationIntel Software Guard Extensions
Intel Software Guard Extensions Dr. Matthias Hahn, Intel Deutschland GmbH July 12 th 2017 cryptovision Mindshare, Gelsenkirchen Intel SGX Making Headlines Premium Content requiring Intel SGX on PC Intel
More informationProtecting Keys/Secrets in Network Automation Solutions. Dhananjay Pavgi, Tech Mahindra Ltd Srinivasa Addepalli, Intel
Protecting Keys/Secrets in Network Automation Solutions Dhananjay Pavgi, Tech Mahindra Ltd Srinivasa Addepalli, Intel Agenda Introduction Private Key Security Secret Management Tamper Detection Summary
More informationEXTERNALLY VERIFIABLE CODE EXECUTION
By ARVIND SESHADRI, MARK LUK, ADRIAN PERRIG, LEENDERT VAN DOORN, and PRADEEP KHOSLA EXTERNALLY VERIFIABLE CODE EXECUTION Using hardware- and software-based techniques to realize a primitive Cfor externally
More informationSirrix AG security technologies. TPM Laboratory I. Marcel Selhorst etiss 2007 Bochum Sirrix AG
TPM Laboratory I Marcel Selhorst m.selhorst@sirrix.com etiss 2007 Bochum What's this? 00 00 DC 76 4A 0B 1E 53 2F FF 81 13 92 5D A8 33 E4 2 C4 00 FC 8E 81 E1 24 6F 09 79 EA 84 32 9B 67 C8 76 00 0C C6 FD
More informationHypervisor Security First Published On: Last Updated On:
First Published On: 02-22-2017 Last Updated On: 05-03-2018 1 Table of Contents 1. Secure Design 1.1.Secure Design 1.2.Security Development Lifecycle 1.3.ESXi and Trusted Platform Module 2.0 (TPM) FAQ 2.
More informationEnforcing Trust in Pervasive Computing. Trusted Computing Technology.
Outline with Trusted Computing Technology. Shiqun Li 1,2 Shane Balfe 3 Jianying Zhou 2 Kefei Chen 1 1 Shanghai Jiao Tong University 2 Institute for InfoComm Research 3 Royal Holloway, University of London
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report TM Trusted Computing Group (TCG) Personal Computer (PC) Specific Trusted Building Block (TBB)
More informationExpert Reference Series of White Papers. BitLocker: Is It Really Secure? COURSES.
Expert Reference Series of White Papers BitLocker: Is It Really Secure? 1-800-COURSES www.globalknowledge.com BitLocker: Is It Really Secure? Mark Mizrahi, Global Knowledge Instructor, MCSE, MCT, CEH Introduction:
More informationActual4Test. Actual4test - actual test exam dumps-pass for IT exams
Actual4Test http://www.actual4test.com Actual4test - actual test exam dumps-pass for IT exams Exam : VCP550D Title : VMware Certified Professional 5 - Data Center Virtualization Delta Exam Vendor : VMware
More informationTrusted Computing: Introduction & Applications
Trusted Computing: Introduction & Applications Lecture 5: Remote Attestation, Direct Anonymous Attestation Dr. Andreas U. Schmidt Fraunhofer Institute for Secure Information Technology SIT, Darmstadt,
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationAn Introduction to Trusted Platform Technology
An Introduction to Trusted Platform Technology Siani Pearson Hewlett Packard Laboratories, UK Siani_Pearson@hp.com Content What is Trusted Platform technology and TCPA? Why is Trusted Platform technology
More informationTrusted Mobile Platform
Software Architecture Description 10/27/2004 Trusted Mobile Platform NTT DoCoMo, IBM, Intel Corporation File Name: TMP_SWAD_rev1_00_20040405.doc Change History (Informative) Type of Change Date Section
More informationCertifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology
Certifying Program Execution with Secure Processors Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology Motivation All PCs may soon include trusted computing
More informationThreat Model of a Scenario Based on Trusted Platform Module 2.0 Specification
Threat Model of a Scenario Based on Trusted Platform Module 2.0 Specification Jiun Yi Yap and Allan Tomlinson Information Security Group Royal Holloway, University of London Egham, Surrey TW20 0EX, United
More informationOld, New, Borrowed, Blue: A Perspective on the Evolution of Mobile Platform Security Architectures
Old, New, Borrowed, Blue: A Perspective on the Evolution of Mobile Platform Security Architectures N. Asokan ACM CODASPY 11 Joint work with Kari Kostiainen, Elena Reshetova, Jan-Erik Ekberg Feb 22, 2011
More informationUnicorn: Two- Factor Attestation for Data Security
ACM CCS - Oct. 18, 2011 Unicorn: Two- Factor Attestation for Data Security M. Mannan Concordia University, Canada B. Kim, A. Ganjali & D. Lie University of Toronto, Canada 1 Unicorn target systems q High
More informationKey Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge
Key Threats Internet was just growing Mail was on the verge Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering Key Threats Code Red and Nimda (2001), Blaster (2003), Slammer
More informationSecurity of Embedded Systems
Security of Embedded Systems Matthias Schunter, Intel Labs, Ahmad Sadeghi, TU Darmstadt + Teams (F. Brasser, L. Davi, P. Koeberl, S. Schulz, et. al.) 1 2015 Intel Corporation What is an Embedded System?
More informationDELIVERING TRUSTED CLOUDS How Intel and Red Hat integrated solutions for secure cloud computing
DELIVERING TRUSTED CLOUDS How Intel and Red Hat integrated solutions for secure cloud computing Steve Orrin - Federal Chief Technologist, Intel Steve Forage - Senior Director, Cloud Solutions, Red Hat
More informationCPS 510 final exam, 4/27/2015
CPS 510 final exam, 4/27/2015 Your name please: This exam has 25 questions worth 12 points each. For each question, please give the best answer you can in a few sentences or bullets using the lingo of
More informationIncreasing Security and Compliance in the Cloud
Reference Architecture Data Center Cloud and Software-Defined Infrastructure Increasing Security and Compliance in the Cloud Utilizing solutions from HyTrust, VMware, and Intel to enable a trusted virtualized
More informationAccelerating the implementation of trusted computing
Infineon Network Use Case Accelerating the implementation of trusted computing Building Confidence in Our Connected World with TPM middleware Products OPTIGA TPM www.infineon.com/ispn Use Case Use case
More informationTrusted Platform Modules Automotive applications and differentiation from HSM
Trusted Platform Modules Automotive applications and differentiation from HSM Cyber Security Symposium 2017, Stuttgart Martin Brunner, Infineon Technologies Axiom: Whatever is connected can (and will)
More informationSystems View -- Current. Trustworthy Computing. TC Advantages. Systems View -- Target. Bootstrapping a typical PC. Boot Guarantees
Trustworthy Computing s View -- Current Trent Jaeger February 18, 2004 Process 1 Web server Process 2 Mail server Process 3 Java VM Operating Hardware (CPU, MMU, I/O devices) s View -- Target TC Advantages
More informationBlockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric
Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric Elli Androulaki Staff member, IBM Research, Zurich Workshop on cryptocurrencies Athens, 06.03.2016 Blockchain systems
More informationCONIKS: Bringing Key Transparency to End Users
CONIKS: Bringing Key Transparency to End Users Morris Yau 1 Introduction Public keys must be distributed securely even in the presence of attackers. This is known as the Public Key Infrastructure problem
More informationIdentity-based Access Control
Identity-based Access Control The kind of access control familiar from operating systems like Unix or Windows based on user identities This model originated in closed organisations ( enterprises ) like
More informationOffline dictionary attack on TCG TPM weak authorisation data, and solution
Offline dictionary attack on TCG TPM weak authorisation data, and solution Liqun Chen HP Labs, UK Mark Ryan HP Labs, UK, and University of Birmingham Abstract The Trusted Platform Module (TPM) is a hardware
More informationOS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
More informationBEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.
More informationProtecting Privacy while Sharing Medical Data between Regional Healthcare Entities
IBM Almaden Research Center Protecting Privacy while Sharing Medical Data between Regional Healthcare Entities Tyrone Grandison, Srivatsava Ranjit Ganta, Uri Braun, James Kaufman Session S113: Sharing
More informationTrusted Computing and O/S Security
Computer Security Spring 2008 Trusted Computing and O/S Security Aggelos Kiayias University of Connecticut O/S Security Fundamental concept for O/S Security: separation. hardware kernel system user Each
More informationDemonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions. Andrei Costin
Demonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions Topic Prerequisites Security concepts Security-related concepts (e.g., entropy) Virtualization
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure
More informationTrusted Mobile Platform Technology for Secure Terminals
Trusted Mobile Platform Technology for Secure Terminals Yu Inamura, Takehiro Nakayama and Atsushi Takeshita Trusted Mobile Platform is a key technology for increasing the trust of mobile terminals such
More informationIBM. Security Digital Certificate Manager. IBM i 7.1
IBM IBM i Security Digital Certificate Manager 7.1 IBM IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in
More informationTERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004
TERRA Authored by: Garfinkel,, Pfaff, Chow, Rosenblum,, and Boneh A virtual machine-based platform for trusted computing Presented by: David Rager November 10, 2004 Why there exists a need Commodity OS
More informationW11 Hyper-V security. Jesper Krogh.
W11 Hyper-V security Jesper Krogh jesper_krogh@dell.com Jesper Krogh Speaker intro Senior Solution architect at Dell Responsible for Microsoft offerings and solutions within Denmark Specialities witin:
More informationChannel FAQ: Smartcrypt Appliances
Channel FAQ: Smartcrypt Appliances Q: When were Smartcrypt appliances announced? A: announced the release of our Smartcrypt virtual and physical appliances on September 19, 2017. Smartcrypt Enterprise
More informationMobile Platform Security Architectures A perspective on their evolution
Mobile Platform Security Architectures A perspective on their evolution N. Asokan CARDIS 2012 Graz, Austria November 29, 2012 1 NA, KKo, JEE, Nokia Resarch Center 2011-2012 Introduction Recent interest
More informationAdvanced Systems Security: Cloud Computing Security
Advanced Systems Security: Cloud Computing Security Trent Jaeger Penn State University Systems and Internet Infrastructure Security Laboratory (SIIS) 1 Cloudy Foundations Can customers move their services
More informationPKI is Alive and Well: The Symantec Managed PKI Service
PKI is Alive and Well: The Symantec Managed PKI Service Marty Jost Product Marketing, User Authentication Lance Handorf Technical Enablement, PKI Solutions 1 Agenda 1 2 3 PKI Background: Problems and Solutions
More informationHow to create a trust anchor with coreboot.
How to create a trust anchor with coreboot. Trusted Computing vs Authenticated Code Modules Philipp Deppenwiese About myself Member of a hackerspace in germany. 10 years of experience in it-security. Did
More informationProduct Brief. Circles of Trust.
Product Brief Circles of Trust www.cryptomill.com product overview Circles of Trust is an enterprise security software system that eliminates the risks associated with data breaches from a hacker attack
More informationSecurity in NVMe Enterprise SSDs
Security in NVMe Enterprise SSDs Radjendirane Codandaramane, Sr. Manager, Applications, Microsemi August 2017 1 Agenda SSD Lifecycle Security threats in SSD Security measures for SSD August 2017 2 SSD
More informationSecurity context. Technology. Solution highlights
Code42 CrashPlan Security Code42 CrashPlan provides continuous, automatic desktop and laptop backup. Our layered approach to security exceeds industry best practices and fulfills the enterprise need for
More informationAWS Integration Guide
AWS Integration Guide Cloud-Native Security www.aporeto.com AWS Integration Guide Aporeto integrates with AWS to help enterprises efficiently deploy, manage, and secure applications at scale and the compute
More informationIDACCS Wireless Integrity protection in a smart grid environment for wireless access of smart meters
IDACCS Wireless 2014 Integrity protection in a smart grid environment for wireless access of smart meters Prof- Dr.-Ing. Kai-Oliver Detken DECOIT GmbH Fahrenheitstraße 9 D-28359 Bremen URL: http://www.decoit.de
More informationBinding keys to programs using Intel SGX remote attestation
Binding keys to programs using Intel SGX remote attestation Mark D. Ryan London Crypto Day 22 September 2017 1 Intel SGX Intel SGX is a set of processor instructions which allow one: To set up an enclave
More informationWindows ierīces Enterprise infrastruktūrā. Aris Dzērvāns Microsoft
Windows ierīces Enterprise infrastruktūrā Aris Dzērvāns Microsoft Windows 8.1 Update the vision for everyone Designed for the way you live and work Brings together all you do On great devices Always business
More informationTrusted Disk Loading in the Emulab Network Testbed. Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1 Emulab Public network testbed Create complex experiments quickly 500+ nodes at Utah Emulab 2 Emulab Nodes
More informationInfluential OS Research Security. Michael Raitza
Influential OS Research Security Michael Raitza raitza@os.inf.tu-dresden.de 1 Security recap Various layers of security Application System Communication Aspects of security Access control / authorization
More informationResearch and Design of Crypto Card Virtualization Framework Lei SUN, Ze-wu WANG and Rui-chen SUN
2016 International Conference on Wireless Communication and Network Engineering (WCNE 2016) ISBN: 978-1-60595-403-5 Research and Design of Crypto Card Virtualization Framework Lei SUN, Ze-wu WANG and Rui-chen
More informationEDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC
EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE 6 2018 PUBLIC PUBLIC 2 Key concerns with IoT.. PUBLIC 3 Why Edge Computing? CLOUD Too far away Expensive connectivity
More informationSecure Role-Based Access Control on Encrypted Data in Cloud Storage using ARM
Secure Role-Based Access Control on Encrypted Data in Cloud Storage using ARM Rohini Vidhate, V. D. Shinde Abstract With the rapid developments occurring in cloud computing and services, there has been
More informationBackup, File Backup copies of individual files made in order to replace the original file(s) in case it is damaged or lost.
Glossary A Active Directory a directory service that inventories, secures and manages the users, computers, rules and other components of a Microsoft Windows network. This service is typically deployed
More informationMake security part of your client systems refresh
Make security part of your client systems refresh Safeguard your information with Dell Data Security Solutions while boosting productivity and reducing costs Your organization might have many reasons for
More informationTrusted Disk Loading in the Emulab Network Testbed. Cody Cutler, Eric Eide, Mike Hibler, Rob Ricci
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Eric Eide, Mike Hibler, Rob Ricci 1 Emulab Public network testbed Create complex experiments quickly 500+ nodes at Utah Emulab 2 Emulab Nodes
More informationA TRUSTED STORAGE SYSTEM FOR THE CLOUD
University of Kentucky UKnowledge University of Kentucky Master's Theses Graduate School 2010 A TRUSTED STORAGE SYSTEM FOR THE CLOUD Sushama Karumanchi University of Kentucky, ska226@uky.edu Click here
More information