Big and Bright - Security

Similar documents
Cisco Secure Boot and Trust Anchor Module Differentiation

Windows 10 Security & Audit

TPM v.s. Embedded Board. James Y

WINDOWS 10 ENTERPRISE New Security Features

Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge

Better Security with Virtual Machines

CSPN Security Target. HP Sure Start HW Root of Trust NPCE586HA0. December 2016 Reference: HPSSHW v1.3 Version : 1.3

Past, Present, and Future Justin Johnson Senior Principal Firmware Engineer

Windows Devices. Device Capabilities. Premium. Entry

Bromium: Virtualization-Based Security

Enterprise Ransomware Mitigations

An Introduction to Platform Security

Security: The Key to Affordable Unmanned Aircraft Systems

Technical Brief Distributed Trusted Computing

UEFI, SecureBoot, DeviceGuard, TPM a WHB (un)related technologies

Deploying Secure Boot: Key Creation and Management

SSG Platform Security Division & IOTG Jan Krueger Product Manager IoT Security Solutions

HAROLD BAELE MICROSOFT CLOUD TECHNICAL CONSULTANT MICROSOFT CERTIFIED TRAINER. New protection capabilities in Windows Server 2016

Windows 10 and the Enterprise. Craig A. Brown Prepared for: GMIS

GSE/Belux Enterprise Systems Security Meeting

Atmel Trusted Platform Module June, 2014

HP Sure Start Gen3. Table of contents. Available on HP Elite products equipped with 7th generation Intel Core TM processors September 2017

How to Clear TPM HW on HP Personal Systems

Trusted Computing and O/S Security

Consultant since many years. Mainly working with defense and public sector. MCSE on Windows Server 2000 security ;-)

TUX : Trust Update on Linux Kernel

MODERN DESKTOP SECURITY

Building Trust in the Internet of Things

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

OVAL + The Trusted Platform Module

CIS 4360 Secure Computer Systems Secured System Boot

Software Vulnerability Assessment & Secure Storage

Improving Security in Embedded Systems Felix Baum, Product Line Manager

Security in NVMe Enterprise SSDs

Windows 8 BIOS Boot settings

Introduction to Security and User Authentication

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

The Intel SSD Pro 2500 Series Guide for Microsoft edrive* Activation

Windows IoT Security. Jackie Chang Sr. Program Manager

BIOS Update Release Notes

SECURITY MODELS FOR APPLICATION PROTECTION AND AGAINST REVERSE ENGINEERING

QuickSpecs. Overview. HPE Ethernet 10Gb 2-port 535 Adapter. HPE Ethernet 10Gb 2-port 535 Adapter. 1. Product description. 2.

Provisioning secure Identity for Microcontroller based IoT Devices

Lecture 3 MOBILE PLATFORM SECURITY

Strengthening the Chain of Trust. Kevin Lane HP Jeff Bobzin Insyde Software

The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date of publication.

Boot Mode Considerations: BIOS vs. UEFI

From TPM 1.2 to 2.0 and some more. Federico Mancini AFSecurity Seminar,

PYTHIA SERVICE BY VIRGIL SECURITY WHITE PAPER

Improve productivity with modernized PCs and Windows 10. Christopher Choong, DTM Field Marketing Manager

RISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas

Configuring TPM Firmware Version

Windows 10 edition. Find out which. is right for you. Core features. Familar, and better than ever Home Pro Enterprise Education Mobile.

Cybersecurity in Government

IPM Secure Hardening Guidelines

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

HP Manageability Integration Kit HP Client Management Solutions

Windows Server Security Guide

Cybersecurity in Data Centers. Murat Cudi Erentürk ISACA CISA, ISO Lead Auditor Gandalf Consulting and Software Ltd.

Trusted Computing and O/S Security. Aggelos Kiayias Justin Neumann

Titan silicon root of trust for Google Cloud

Lifecycle Controller Platform Update in Dell PowerEdge 1 2 th Generation Servers

How Shielded VMs Protect Your Data

Feature Comparison Summary

INTERNET OF THINGS KONTRON

Enhance your Cloud Security with AMD EPYC Hardware Memory Encryption

Operating system hardening

Virtualisation on Mobile Devices {Hugo Marques, Nuno Conceição, Luis Pereira}

One Ring to Rule them All

HP Manageability Integration Kit HP Client Management Solutions

UEFI Secure Boot and DRI. Kalyan Kumar N

BIOS Setup. User s Guide. (For Skylake-W Platform) Rev.1.1

Building Secure Systems: Problems and Principles. Dennis Kafura

Embedded System Security Mobile Hardware Platform Security

Embedded System Security Mobile Hardware Platform Security

How Secure is your Server?

Securing VMware NSX MAY 2014

Connecting Securely to the Cloud

BIOS. Chapter The McGraw-Hill Companies, Inc. All rights reserved. Mike Meyers CompTIA A+ Guide to Managing and Troubleshooting PCs

The Early System Start-Up Process. Group Presentation by: Tianyuan Liu, Caiwei He, Krishna Parasuram Srinivasan, Wenbin Xu

Protecting your system from the scum of the universe

Six Myths of Windows RT Revealed!

Total Video Solution Cybersecurity Protection. ConteraWS Platform Cybersecurity Overview

Dawn Song

SECURING DEVICES IN THE INTERNET OF THINGS

Authentication Technology for a Smart eid Infrastructure.

ARM Security Solutions and Numonyx Authenticated Flash

Expert Reference Series of White Papers. BitLocker: Is It Really Secure? COURSES.

CIS 4360 Secure Computer Systems. Trusted Platform Module

SECURE OFFICE OF THE FUTURE

Trusted Computing. William A. Arbaugh Department of Computer Science University of Maryland cs.umd.edu

Unicorn: Two- Factor Attestation for Data Security

Feature Comparison Summary

Lecture Embedded System Security Trusted Platform Module

Lenovo Imaging Checklist

Project Cerberus Hardware Security

OP-TEE Using TrustZone to Protect Our Own Secrets

Backup, File Backup copies of individual files made in order to replace the original file(s) in case it is damaged or lost.

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Systems View -- Current. Trustworthy Computing. TC Advantages. Systems View -- Target. Bootstrapping a typical PC. Boot Guarantees

Transcription:

Big and Bright - Security

Big and Bright Security Embedded Tech Trends 2018 Does this mean: Everything is Big and Bright our security is 100% effective? or There are Big security concerns but Bright solutions? or Security issues are so Big and Bright - there are no solutions? We will look at this in the context of our embedded defense customers

Security Risks depend on the Environment Embedded Tech Trends 2018 Consumer Use Embedded Use Open and connected Closed, controlled Many Tasks Single Task Single User Multiple Users Embedded users can leverage some consumer technologies

Security Timeline Embedded Tech Trends 2018 1993 2002 2009 2012 2015 User access permissions IPv6 using IPSec TPM 1.2 Bitlocker, User Account Control, Defender UEFI Secure Boot TPM 2.0 Device Guard, Credential Guard, Boot Guard TPM Trusted Platform Module

What is a TPM? Embedded Tech Trends 2018 A tamper-resistant integrated circuit Enables: Cryptographic key generation Safe storage of small amounts of sensitive information, such as passwords and cryptographic keys Generation of random numbers

TPM can help ensure image security Embedded Tech Trends 2018 The TPM can record hashes that measure the images for later validation Secure Boot only loads trusted (signed) operating system bootloaders, which in turn will only load a trusted OS BIOS Initialises HW Check loader signature Loader Locate Kernel image Check Kernel signature Kernel Start Kernel Check OS signature OS Start OS Check application measurements TPM

Guards utilizing TPMs Embedded Tech Trends 2018 Microsoft Credential Guard prevents against credential creep in large organizations: User credentials are isolated from the operating system kernel using virtualization and TPM measurements Intel Boot Guard is a hardware based scheme that prevents boot block takeover

TPM 2.0 Improvements Embedded Tech Trends 2018 Support for additional cryptographic algorithms, i.e. SHA256, SHA384, SHA512, and SM3_256 Enhancements to the availability of the TPM to applications Enhanced authorization mechanisms Simplified TPM management All new boards from Concurrent Technologies come with TPM 2.0 and it is now an option on boards announced since 2014

Security Timeline Embedded Tech Trends 2018 1993 2002 2009 2012 2015 User access permissions IPv6 using IPSec TPM 1.2 Bitlocker, User Account Control, Defender UEFI Secure Boot TPM 2.0 Device Guard, Credential Guard, Boot Guard What if you can t use the latest OS?

Use a Hypervisor Run a legacy OS and application in a Virtual Machine Can utilize native hypervisor or OS based Has an impact on real time performance Boot method more secure but legacy OS and application concerns Virtual Machine Hypervisor

Use a Board based Security Solution Embedded Tech Trends 2018 Guardian Security Package Available since 2012 Processor boards are available with the option of additional hardware, firmware and software components for holistic security

Three Key Goals of Guardian Embedded Tech Trends 2018 Preventing unauthorized use: To prevent an unauthorized person from interfering with or operating the equipment Preventing unauthorized access: To prevent an unauthorized person from gaining access to sensitive data when they have access to the equipment To prevent a person with legitimate access to the hardware from gaining access to sensitive data Allowing sensitive data to be purged on-demand: To ensure that all sensitive data can be deleted rendering the hardware inoperable or returning it to the original factory configuration

Guardian protects against: Embedded Tech Trends 2018 Physical intrusion Booting from non-secure sources Accessing classified data Retrieving sensitive Intellectual Property Modifying non-volatile memory Executing non-trusted software Unauthorized modification of system configuration Bypassing low level firmware Reverse engineering

Testing and Deployment Embedded Tech Trends 2018 Board is configured: Enables extensive testing without lock activating Security Lock enabled: A breach of any selected measure will lock a board permanently Boards are suitable for deployment Remove from Service: Sanitization option to scrub and securely erase devices

Conclusions Embedded Tech Trends 2018 Improved security has now (finally) become more important to some defense customers than backwards compatibility: TPM 2.0 and Windows 10 Secure Boot Boot Guard Even tightly controlled, closed solutions need security options Be flexible - one solution doesn t fit every customer Nothing is 100% secure There are Big security concerns but Bright solutions

Concurrent Technologies gocct.co m Thanks for listening

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback