OVAL+TPM. A Case Study in Enterprise Trusted Computing. Ariel Segall. June 21, 2011

Size: px
Start display at page:

Download "OVAL+TPM. A Case Study in Enterprise Trusted Computing. Ariel Segall. June 21, 2011"

Transcription

1 OVAL+TPM A Case Study in Enterprise Trusted Computing Ariel Segall June 21, 2011 Approved for Public Release: Distribution Unlimited. c All Rights Reserved. (1/15)

2 Motivation Goal: Demonstrate that attestation and the TPM can be tremendously advantageous to existing enterprise applications. Most enterprise TPM discussion: TNC, DRM, drive encryption Our research focus: attestation and other less standard TPM use Common response: Come back and talk to us when it s real Wanted to show immediate, real-world benefits to today s enterprise applications Approved for Public Release: Distribution Unlimited. c All Rights Reserved. (2/15)

3 What Is OVAL? Open Vulnerability and Assessment Language Security automation standard created in 2004 Language makes assertions about system characteristics, configuration OVAL interpreters assess a system based an OVAL schema Used for patch management, policy enforcement, enterprise status evaluation Supported by commercial, academic, government partners Approved for Public Release: Distribution Unlimited. c All Rights Reserved. (3/15)

4 Common OVAL Architecture, Briefly Server 1. Determine machine, schema 2. Create report request Report Request Client Machine OVAL Interpreter 1. Record results Report Approved for Public Release: Distribution Unlimited. c All Rights Reserved. (4/15)

5 Why OVAL Needs the TPM OVAL is intended to provide centralized assessment and reporting of system state. But... OVAL interpreter lives within the system it evaluates The root of trust for OVAL reports is OVAL itself OVAL reports have no reliable freshness guarantee Interpreters do not sign reports, or use software-held keys OVAL queries include correct answers Why do we believe these reports? Note: common problems for many enterprise reporting tools! Approved for Public Release: Distribution Unlimited. c All Rights Reserved. (5/15)

6 Trusted OVAL We identified three areas where the TPM could be used to enhance OVAL: Integrate TPM Quote into OVAL report Connect to hardware root of trust for reporting Provide evidence of accuracy of OVAL report Sign OVAL report with TPM key Reliably connect report with originating machine With Quote (and nonce), prevent replay attacks Include TPM configuration information in OVAL report Take advantage of central architecture to collect TPM data All of these could apply to other asset reporting applications. Approved for Public Release: Distribution Unlimited. c All Rights Reserved. (6/15)

7 Trusted OVAL Architecture Server 1. Determine machine, AIK, schema 2. Generate Nonce 3. Create report request Report Request Client Machine OVAL Interpreter TPM Approved for Public Release: Distribution Unlimited. c All Rights Reserved. (7/15)

8 Trusted OVAL Architecture Server 1. Determine machine, AIK, schema 2. Generate Nonce 3. Create report request Report Request Client Machine OVAL Interpreter Quote TPM Get Capabilities Approved for Public Release: Distribution Unlimited. c All Rights Reserved. (7/15)

9 Trusted OVAL Architecture Server 1. Determine machine, AIK, schema 2. Generate Nonce 3. Create report request Report Request Client Machine OVAL Interpreter Quote TPM Get Capabilities Report Sign Approved for Public Release: Distribution Unlimited. c All Rights Reserved. (7/15)

10 Trusted OVAL Architecture Server 1. Determine machine, AIK, schema 2. Generate Nonce 3. Create report request Report Request Client Machine OVAL Interpreter Quote TPM Get Capabilities 1. Evaluate Signature 2. Verify nonce, quote 3. Evaluate report Report Sign Approved for Public Release: Distribution Unlimited. c All Rights Reserved. (7/15)

11 Measuring OVAL How do we know the report came from a good OVAL? We don t. But: Trusted GRUB (tgrub) can help us determine whether we re running the expected OS tgrub s file measurement lets us determine whether the expected OVAL files, libraries are correct on the system IMA can help us determine whether the correct OVAL is actually running Each step gives us greater assurance, even if not perfect. Note: All of these solutions are primarily for Linux. Approved for Public Release: Distribution Unlimited. c All Rights Reserved. (8/15)

12 OVAL TPM Probe Goal: Remotely report on TPM status, configuration Basic information: version, manufacturer, PCR count, etc. Configuration: enabled, clear flags, physical presence, etc. Crypto: available algs, FIPS flag, etc. TPM info included in OVAL report Allow central tracking of TPM information, particularly useful for managing failures and updates Encourage monitoring of key configurations like FIPS flag In general: more awareness better! OVAL infrastructure makes using TPM info easy Already well-supported by vendors Approved for Public Release: Distribution Unlimited. c All Rights Reserved. (9/15)

13 Implementation Status Working prototype built, tested, including: New features: nonce generation, signature verification Quote generation and detailed verification (signature, nonce, individual expected PCR values) Central checking of expected AIK and machine identity Basic TPM information integrated into report tgrub measurements of OS, OVAL, key libraries on Linux TPM signatures not included due to time, but straightforward. Approved for Public Release: Distribution Unlimited. c All Rights Reserved. (10/15)

14 Implementation Hurdles TPM configuration information not possible to get in probe Need to be TPM owner to get even routine flag information...including ownership flag! Owner permissions not feasible; delegation too complicated, even if successful Basic TPM information sometimes hard to understand Version, PCR count obvious; manufacturer & revision values have no clear meaning Windows 7 TPM integration not as simple as anticipated Trusted Base Services instead of TSS Port of Linux code to Windows TrouSerS so far unsuccessful Complete rewrite of TPM interface may be required? Approved for Public Release: Distribution Unlimited. c All Rights Reserved. (11/15)

15 Challenges: Enterprise Integration OVAL community response: Lots of exciting potential, major logistical concerns Enterprise TPM setup costs matter Large-scale provisioning Key management and PKI Smooth, easy Windows support Ideally including basic OS measurements Approved for Public Release: Distribution Unlimited. c All Rights Reserved. (12/15)

16 Challenges: Meaningful Measurement How close can we get to verifying reporting application? Interpretation of today s hash-based measurements Can we predict expected measurements? Can we associate measurements with software state on a large scale? Usability of measurement tools Ideal: Easy install, easy reporting, no local customization Application measurement Good software identification Untrusted software detection Today s public tools best for Linux; need Windows support! Approved for Public Release: Distribution Unlimited. c All Rights Reserved. (13/15)

17 Conclusion Attestation and other TPM functions can provide significant security improvements for real enterprise applications. Most pieces are in place to start integrating trusted computing Application developers at least potentially interested Still hurdles to overcome for adoption: Large-scale enterprise infrastructure support Meaningful, easy-to-use system measurements Approved for Public Release: Distribution Unlimited. c All Rights Reserved. (14/15)

18 Questions? Approved for Public Release: Distribution Unlimited. c All Rights Reserved. (15/15)

Attestation and Authentication Protocols Using the TPM

Attestation and Authentication Protocols Using the TPM Attestation and Authentication Protocols Using the TPM Ariel Segall June 21, 2011 Approved for Public Release: 11-2876. Distribution Unlimited. c 2011. All Rights Reserved. (1/28) Motivation Almost all

More information

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding

More information

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013 Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust Dan Griffin DefCon 2013 Time-Bound Keys Announcements New tool: TimedKey.exe New whitepaper: Trusted Tamperproof Time on Mobile

More information

William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly

William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly Ramesh Karri (rkarri@poly.edu) Associate Professor, Electrical and Computer Engineering NYU-Poly Why is cyber

More information

Using the TPM: Data Protection and Storage

Using the TPM: Data Protection and Storage Using the TPM: Data Protection and Storage Ariel Segall ariels@alum.mit.edu Day 2 Approved for Public Release: 12-2749. Distribution unlimited License All materials are licensed under a Creative Commons

More information

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing Stefan Berger Joint work with: Kenneth Goldman, Dimitrios Pendarakis, David Safford, Mimi Zohar IBM T.J. Watson Research Center 09/21/2011

More information

HW (Fat001) TPM. Figure 1. Computing Node

HW (Fat001) TPM. Figure 1. Computing Node 1. Overview Two major components exist in our current prototype systems: the management node, including the Cloud Controller, Cluster Controller, Walrus and EBS, and the computing node, i.e. the Node Controller

More information

Integrity measurements for stronger cloud-based authentication

Integrity measurements for stronger cloud-based authentication Integrity measurements for stronger cloud-based authentication John Žic1 Thomas Hardjono 2 1 CSIRO Computational Informatics 2 MIT Kerberos and Internet of Trust Trust in the Digital World: Enabling the

More information

Trusted Virtual Machine Management for Virtualization in Critical Environments

Trusted Virtual Machine Management for Virtualization in Critical Environments Trusted Virtual Machine Management for Virtualization in Critical Environments Khan Ferdous Wahid Fraunhofer SIT Rheinstraße 75 64295 Darmstadt Germany www.sit.fraunhofer.de khan.wahid@sit.fraunhofer.de

More information

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution 1 Lecture Embedded System Security Dynamic Root of Trust and Execution Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2014 Dynamic Root

More information

How to Secure Infrastructure Clouds with Trusted Computing Technologies

How to Secure Infrastructure Clouds with Trusted Computing Technologies How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.

More information

Trustworthy Computing

Trustworthy Computing Stefan Thom Senior Software Development Engineer and Security Architect for IEB, Microsoft Rob Spiger, Senior Security Strategist Trustworthy Computing Agenda Windows 8 TPM Scenarios Hardware Choices with

More information

Building Blocks Towards a Trustworthy NFV Infrastructure

Building Blocks Towards a Trustworthy NFV Infrastructure Building Blocks Towards a Trustworthy NFV Infrastructure IRTF NFVRG Adrian L. Shaw Hewlett-Packard Laboratories / July 22 nd, 2015 1 Why security and trust? Big requirement for critical

More information

Secure Data Management in Trusted Computing

Secure Data Management in Trusted Computing 1 Secure Data Management in Trusted Computing Ulrich Kühn Deutsche Telekom Laboratories, TU Berlin Klaus Kursawe (KU Leuven) Stefan Lucks (U Mannheim) Ahmad-Reza Sadeghi (RU Bochum) Christian Stüble (RU

More information

UNCLASSIFIED Version 1.0 May 2012

UNCLASSIFIED Version 1.0 May 2012 Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice

More information

Acronym Term Description

Acronym Term Description This glossary contains definitions of terms created by TCG, or terms that have a particular meaning in trusted computing, or terms that cause particular confusion in trusted computing. Acronym Term Description

More information

Embedded Trusted Computing on ARM-based systems

Embedded Trusted Computing on ARM-based systems 1 / 26 Embedded Trusted Computing on ARM-based systems Martin Schramm, M.Eng. 10.04.2014 Agenda 2 of 26 martin.schramm@th-deg.de Embedded computing platforms have become omnipresent intend to alleviate

More information

TNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group

TNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group TNC: Open Standards for Network Security Automation Copyright 2010 Trusted Computing Group Agenda Introduce TNC and TCG Explanation of TNC What problems does TNC solve? How does TNC solve those problems?

More information

Property Based TPM Virtualization

Property Based TPM Virtualization Property Based Virtualization Marcel Winandy Joint work with: Ahmad Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security Chair for System Security Ruhr University Bochum, Germany Sirrix

More information

CAREER TRACKS PHASE 1 UCSD Information Technology Family Function and Job Function Summary

CAREER TRACKS PHASE 1 UCSD Information Technology Family Function and Job Function Summary UCSD Applications Programming Involved in the development of server / OS / desktop / mobile applications and services including researching, designing, developing specifications for designing, writing,

More information

SECURING HEALTH INFORMATION IN THE CLOUD. Feisal Nanji, Executive Director, Techumen feisal@techumen.com

SECURING HEALTH INFORMATION IN THE CLOUD. Feisal Nanji, Executive Director, Techumen feisal@techumen.com SECURING HEALTH INFORMATION IN THE CLOUD Feisal Nanji, Executive Director, Techumen feisal@techumen.com Conflict of Interest Disclosure Feisal Nanji, MPP, CISSP Has no real or apparent conflicts of interest

More information

Streamlining Patch Testing and Deployment

Streamlining Patch Testing and Deployment Streamlining Patch Testing and Deployment Using VMware GSX Server with LANDesk Management Suite to improve patch deployment speed and reliability Executive Summary As corporate IT departments work to keep

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Configuration and Asset Management

Configuration and Asset Management IT Product Life Cycle Management 43 Chapter 4 Configuration and Asset Management Configuration management is the process of monitoring and reviewing approved product configurations periodically while the

More information

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed

More information

Background. TPMs in the real world. Components on TPM chip TPM 101. TCG: Trusted Computing Group. TCG: changes to PC or cell phone

Background. TPMs in the real world. Components on TPM chip TPM 101. TCG: Trusted Computing Group. TCG: changes to PC or cell phone CS 155 Spring 2006 Background TCG: Trusted Computing Group Dan Boneh TCG consortium. Founded in 1999 as TCPA. Main players (promotors): (>200 members) AMD, HP, IBM, Infineon, Intel, Lenovo, Microsoft,

More information

Intel Active Management Technology Embedded Host-based Configuration in Intelligent Systems

Intel Active Management Technology Embedded Host-based Configuration in Intelligent Systems WHITE PAPER Intel vpro Technology Embedded Host-based Configuration in Intelligent Systems Easy activation of Intel vpro technology remote manageability without trade-offs in security, functionality, and

More information

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING 6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING The following is a general checklist for the audit of Network Administration and Security. Sl.no Checklist Process 1. Is there an Information

More information

Sync Security and Privacy Brief

Sync Security and Privacy Brief Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical

More information

Software Requirements. Specification. Day Health Manager. for. Version 1.1. Prepared by 4yourhealth 2/10/2015

Software Requirements. Specification. Day Health Manager. for. Version 1.1. Prepared by 4yourhealth 2/10/2015 Software Requirements Specification. for Day Health Manager Version 1.1 Prepared by 4yourhealth Senior Project 2015 2/10/2015 Table of Contents Table of Contents Revision History Introduction Purpose Document

More information

Innovations in Digital Signature. Rethinking Digital Signatures

Innovations in Digital Signature. Rethinking Digital Signatures Innovations in Digital Signature Rethinking Digital Signatures Agenda 2 Rethinking the Digital Signature Benefits Implementation & cost issues A New Implementation Models Network-attached signature appliance

More information

MWR InfoSecurity Security Advisory. Symantec s Altiris Deployment Solution File Transfer Race Condition. 7 th January 2010

MWR InfoSecurity Security Advisory. Symantec s Altiris Deployment Solution File Transfer Race Condition. 7 th January 2010 al al MWR InfoSecurity Security Advisory Symantec s Altiris Deployment Solution File Transfer Race Condition 7 th January 2010 20010-01-07 Page 1 of 8 Contents Contents 1 Detailed Vulnerability Description...4

More information

Establishing and Sustaining System Integrity via Root of Trust Installation

Establishing and Sustaining System Integrity via Root of Trust Installation Establishing and Sustaining System Integrity via Root of Trust Installation Luke St.Clair, Joshua Schiffman, Trent Jaeger, Patrick McDaniel Systems and Internet Infrastructure Security Laboratory The Pennsylvania

More information

Implementation of a Trusted Ticket System

Implementation of a Trusted Ticket System Implementation of a Trusted Ticket System Andreas Leicher 1, Nicolai Kuntze 2, and Andreas U. Schmidt 3 1 Johann Wolfgang Goethe-Universität, Frankfurt am Main,Germany, leicher@cs.uni-frankfurt.de 2 Fraunhofer

More information

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A

More information

vtpm: Virtualizing the Trusted Platform Module

vtpm: Virtualizing the Trusted Platform Module vtpm: Virtualizing the Trusted Platform Module Stefan Berger Ramón Cáceres Kenneth A. Goldman Ronald Perez Reiner Sailer Leendert van Doorn {stefanb, caceres, kgoldman, ronpz, sailer, leendert}@us.ibm.com

More information

vtpm: Virtualizing the Trusted Platform Module

vtpm: Virtualizing the Trusted Platform Module Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA vtpm: Virtualizing the

More information

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions AMD DAS (DASH, AMD Virtualization (AMD-V ) Technology, and Security) 1.0 is a term used to describe the various

More information

Security Considerations in Cloud Deployments Matthew Garrett <matthew.garrett@nebula.com>

Security Considerations in Cloud Deployments Matthew Garrett <matthew.garrett@nebula.com> Security Considerations in Cloud Deployments Matthew Garrett (cloud) Computing for the Enterprise Security concerns in traditional hosting Someone hacks your system Your hosting

More information

Alliance Key Manager A Solution Brief for Technical Implementers

Alliance Key Manager A Solution Brief for Technical Implementers KEY MANAGEMENT Alliance Key Manager A Solution Brief for Technical Implementers Abstract This paper is designed to help technical managers, product managers, and developers understand how Alliance Key

More information

CONQUERING COMPLIANCE ISSUES WITH RHN SATELLITE AND TENABLE NESSUS SECURITY

CONQUERING COMPLIANCE ISSUES WITH RHN SATELLITE AND TENABLE NESSUS SECURITY CONQUERING COMPLIANCE ISSUES WITH RHN SATELLITE AND TENABLE NESSUS SECURITY Akash Chandrashekar - Solution Architect, Red Hat Renaud Deraison - Tenable Network Security, Inc. / Nessus.org Compliance Issues

More information

Mobile Device as a Platform for Assured Identity for the Federal Workforce

Mobile Device as a Platform for Assured Identity for the Federal Workforce Mobile Device as a Platform for Assured Identity for the Federal Workforce Dr. Sarbari Gupta President and CEO, Electrosoft U.S. Army Information Technology Agency (ITA) Security Forum Fort Belvoir Electrosoft

More information

Lecture 7: Privacy and Security in Mobile Computing. Cristian Borcea Department of Computer Science NJIT

Lecture 7: Privacy and Security in Mobile Computing. Cristian Borcea Department of Computer Science NJIT Lecture 7: Privacy and Security in Mobile Computing Cristian Borcea Department of Computer Science NJIT Location Privacy Location Authentication Trusted Ad Hoc Networks 2 Privacy Violated Request: Retrieve

More information

IS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS

More information

Improving End-user Security and Trustworthiness of TCG-Platforms

Improving End-user Security and Trustworthiness of TCG-Platforms Improving End-user Security and Trustworthiness of TCG-Platforms Klaus Kursawe, kursawe@acm.org Christian Stüble Saarland University, Germany stueble@acm.org September 29, 2003 Abstract Over the last two

More information

NEES@Buffalo Cybersecurity Plan. Introduction. Roles and Responsibilities. Laboratory Executive Commitee (ExCom)

NEES@Buffalo Cybersecurity Plan. Introduction. Roles and Responsibilities. Laboratory Executive Commitee (ExCom) NEES@Buffalo Cybersecurity Plan Introduction The NEES Cyberinfrastructure (CI) system is composed of fourteen equipment sites and one central IT facility, henceforth referred to as NEEScomm IT. With IT

More information

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication

More information

Trusted Network Connect (TNC)

Trusted Network Connect (TNC) Trusted Network Connect (TNC) Josef von Helden josef.vonhelden@inform.fh-hannover.de Martin Schmiedel Daniel Wuttke First European Summer School on Trusted Infrastructure Technologies September 2006 1

More information

Digital Rights Management Demonstrator

Digital Rights Management Demonstrator Digital Rights Management Demonstrator Requirements, Analysis, and Design Authors: Andre Osterhues, Marko Wolf Institute: Ruhr-University Bochum Date: March 2, 2007 Abstract: This document describes a

More information

Oracle Database Security. Nathan Aaron ICTN 4040 Spring 2006

Oracle Database Security. Nathan Aaron ICTN 4040 Spring 2006 Oracle Database Security Nathan Aaron ICTN 4040 Spring 2006 Introduction It is important to understand the concepts of a database before one can grasp database security. A generic database definition is

More information

Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems

Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems Lorenzo Martignoni, Pongsin Poosankam, y Matei Zaharia, Jun Han, y Stephen McCamant, Dawn Song, Vern Paxson, Adrian Perrig,

More information

Data Protection Simple. Compliant. Secure. CONTACT US Call: 020 3397 9026 Email: Support@jms-securedata.co.uk Visit: www.jms-securedata.co.

Data Protection Simple. Compliant. Secure. CONTACT US Call: 020 3397 9026 Email: Support@jms-securedata.co.uk Visit: www.jms-securedata.co. Data Protection Simple. Compliant. Secure CONTACT US Call: 020 3397 9026 Email: Support@jms-securedata.co.uk Visit: www.jms-securedata.co.uk COMPLEX CHALLENGES SIMPLE SOLUTIONS Backups Tricky but necessary

More information

Technical Brief Distributed Trusted Computing

Technical Brief Distributed Trusted Computing Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,

More information

Simplify Your Windows Server Migration

Simplify Your Windows Server Migration SOLUTION BRIEF: ENDPOINT MANAGEMENT........................................ Simplify Your Windows Server Migration Who should read this paper Windows Server 2003 customers looking to migrate to the latest

More information

On the security of Virtual Machine migration and related topics

On the security of Virtual Machine migration and related topics Master thesis On the security of Virtual Machine migration and related topics Ramya Jayaram Masti Submitted in fulfillment of the requirements of Master of Science in Computer Science Department of Computer

More information

One-Stop Intel TXT Activation Guide

One-Stop Intel TXT Activation Guide One-Stop Intel TXT Activation Guide HP Gen8 Family Based Server Systems Intel Trusted Execution Technology (Intel TXT) for Intel Xeon processor-based servers is commonly used to enhance platform security

More information

Data Protection: From PKI to Virtualization & Cloud

Data Protection: From PKI to Virtualization & Cloud Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security

More information

Hi and welcome to the Microsoft Virtual Academy and

Hi and welcome to the Microsoft Virtual Academy and Hi and welcome to the Microsoft Virtual Academy and 2012 Microsoft Corporation 1 the start of the Windows 8 Security Insights training. My name is Milad Aslaner I m part of the Premier Field Engineering

More information

The Casper Suite An ROI overview

The Casper Suite An ROI overview The Casper Suite An ROI overview Introduction Inside Read how the Casper Suite delivers significant ROI in the following areas: Imaging Inventory Software Distribution Patch Management Settings and Security

More information

TPM Key Backup and Recovery. For Trusted Platforms

TPM Key Backup and Recovery. For Trusted Platforms TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents

More information

Patterns for Secure Boot and Secure Storage in Computer Systems

Patterns for Secure Boot and Secure Storage in Computer Systems Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de

More information

Columbia University Web Security Standards and Practices. Objective and Scope

Columbia University Web Security Standards and Practices. Objective and Scope Columbia University Web Security Standards and Practices Objective and Scope Effective Date: January 2011 This Web Security Standards and Practices document establishes a baseline of security related requirements

More information

Patch and Vulnerability Management Program

Patch and Vulnerability Management Program Patch and Vulnerability Management Program What is it? A security practice designed to proactively prevent the exploitation of IT vulnerabilities within an organization To reduce the time and money spent

More information

Cisco Unified Computing Remote Management Services

Cisco Unified Computing Remote Management Services Cisco Unified Computing Remote Management Services Cisco Remote Management Services are an immediate, flexible management solution that can help you realize the full value of the Cisco Unified Computing

More information

TNC Endpoint Compliance and Network Access Control Profiles

TNC Endpoint Compliance and Network Access Control Profiles TNC Endpoint Compliance and Network Access Control Profiles TCG Members Meeting June 2014 Barcelona Prof. Andreas Steffen Institute for Internet Technologies andapplications HSR University of Applied Sciences

More information

Index. BIOS rootkit, 119 Broad network access, 107

Index. BIOS rootkit, 119 Broad network access, 107 Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,

More information

Chapter 15 User Authentication

Chapter 15 User Authentication Chapter 15 User Authentication 2015. 04. 06 Jae Woong Joo SeoulTech (woong07@seoultech.ac.kr) Table of Contents 15.1 Remote User-Authentication Principles 15.2 Remote User-Authentication Using Symmetric

More information

IBM Tivoli Endpoint Manager for Security and Compliance

IBM Tivoli Endpoint Manager for Security and Compliance IBM Endpoint Manager for Security and Compliance A single solution for managing endpoint security across the organization Highlights Provide up-to-date visibility and control from a single management console

More information

IoT Security Platform

IoT Security Platform IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there

More information

Managed Services OVERVIEW

Managed Services OVERVIEW Managed Services OVERVIEW overview 24/7 Support Services Tailored for large and small businesses MANAGED SERVICES 3 MONITORING AND ALERTING SERVICE 4 SUMMARY 4 DESCRIPTION 4 MONITORING 4 ALERTING 4 RESPONSIBILITY

More information

Designing Security for Microsoft SQL Server 2005

Designing Security for Microsoft SQL Server 2005 Designing Security for Microsoft SQL Server 2005 Course 2787 Two Days Hands-On, Instructor-Led Introduction This two-day instructor-led course enables database administrators who work with enterprise environments

More information

IBM Crypto Server Management General Information Manual

IBM Crypto Server Management General Information Manual CSM-1000-0 IBM Crypto Server Management General Information Manual Notices The functions described in this document are IBM property, and can only be used, if they are a part of an agreement with IBM.

More information

Using SNMP to Obtain Port Counter Statistics During Live Migration of a Virtual Machine. Ronny L. Bull Project Writeup For: CS644 Clarkson University

Using SNMP to Obtain Port Counter Statistics During Live Migration of a Virtual Machine. Ronny L. Bull Project Writeup For: CS644 Clarkson University Using SNMP to Obtain Port Counter Statistics During Live Migration of a Virtual Machine Ronny L. Bull Project Writeup For: CS644 Clarkson University Fall 2012 Abstract If a managed switch is used during

More information

Using Symantec NetBackup with Symantec Security Information Manager 4.5

Using Symantec NetBackup with Symantec Security Information Manager 4.5 Using Symantec NetBackup with Symantec Security Information Manager 4.5 Using Symantec NetBackup with Symantec Security Information Manager Legal Notice Copyright 2007 Symantec Corporation. All rights

More information

Enterprise Security. Moving from Chaos to Control with Integrated Security Management. Yanet Manzano. Florida State University. manzano@cs.fsu.

Enterprise Security. Moving from Chaos to Control with Integrated Security Management. Yanet Manzano. Florida State University. manzano@cs.fsu. Enterprise Security Moving from Chaos to Control with Integrated Security Management Yanet Manzano Florida State University manzano@cs.fsu.edu manzano@cs.fsu.edu 1 Enterprise Security Challenges Implementing

More information

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet IBM PowerSC Security and compliance solution designed to protect virtualized datacenters Highlights Simplify security management and compliance measurement Reduce administration costs of meeting compliance

More information

BUSINESS PROTECTION. PERSONAL PRIVACY. ONE DEVICE.

BUSINESS PROTECTION. PERSONAL PRIVACY. ONE DEVICE. BUSINESS PROTECTION. PERSONAL PRIVACY. ONE DEVICE. Enhanced Security for Your Network and Business Intelligence. Work Hard. Rest Easy. Today, employees are always on, which for you means always vulnerable.

More information

How To Manage A Privileged Account Management

How To Manage A Privileged Account Management Four Best Practices for Passing Privileged Account Audits October 2014 1 Table of Contents... 4 1. Discover All Privileged Accounts in Your Environment... 4 2. Remove Privileged Access / Implement Least

More information

SEER Enterprise Shared Database Administrator s Guide

SEER Enterprise Shared Database Administrator s Guide SEER Enterprise Shared Database Administrator s Guide SEER for Software Release 8.2 SEER for IT Release 2.2 SEER for Hardware Release 7.3 March 2016 Galorath Incorporated Proprietary 1. INTRODUCTION...

More information

IBM Tivoli Endpoint Manager for Security and Compliance

IBM Tivoli Endpoint Manager for Security and Compliance IBM Endpoint Manager for Security and Compliance A single solution for managing endpoint security across the organization Highlights Provide up-to-date visibility and control from a single management console

More information

Network Licensing. White Paper 0-15Apr014ks(WP02_Network) Network Licensing with the CRYPTO-BOX. White Paper

Network Licensing. White Paper 0-15Apr014ks(WP02_Network) Network Licensing with the CRYPTO-BOX. White Paper WP2 Subject: with the CRYPTO-BOX Version: Smarx OS PPK 5.90 and higher 0-15Apr014ks(WP02_Network).odt Last Update: 28 April 2014 Target Operating Systems: Windows 8/7/Vista (32 & 64 bit), XP, Linux, OS

More information

Connecticut Justice Information System Security Compliance Assessment Form

Connecticut Justice Information System Security Compliance Assessment Form The Connecticut Justice Information System (CJIS-2) is used as a mechanism for municipalities, State and Federal agencies to assess their compliance with the CJIS Security Requirements & Recommendations

More information

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0 Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust

More information

Penetration Testing Windows Vista TM BitLocker TM

Penetration Testing Windows Vista TM BitLocker TM Penetration Testing BitLocker TM Drive Encryption Douglas MacIver Penetration Engineer System Integrity Group, Corporation Hack In The Box 2006/09/21 2006 Corporation. All rights reserved. Trustworthy

More information

UPDATE MANAGEMENT SERVICE The advantage of a smooth Software distribution

UPDATE MANAGEMENT SERVICE The advantage of a smooth Software distribution UPDATE MANAGEMENT SERVICE The advantage of a smooth Software distribution Introduction UMS Update Management Service is part of the SIMATIC IT Maintenance Program, it leverages on SIMATIC IT Software Management

More information

How To Understand The Architecture Of An Ulteo Virtual Desktop Server Farm

How To Understand The Architecture Of An Ulteo Virtual Desktop Server Farm ULTEO OPEN VIRTUAL DESKTOP V4.0.2 ARCHITECTURE OVERVIEW Contents 1 Introduction 2 2 Servers Roles 3 2.1 Session Manager................................. 3 2.2 Application Server................................

More information

IPLocks Vulnerability Assessment: A Database Assessment Solution

IPLocks Vulnerability Assessment: A Database Assessment Solution IPLOCKS WHITE PAPER February 2006 IPLocks Vulnerability Assessment: A Database Assessment Solution 2665 North First Street, Suite 110 San Jose, CA 95134 Telephone: 408.383.7500 www.iplocks.com TABLE OF

More information

PRETTY EASY PRIVACY 05-2014

PRETTY EASY PRIVACY 05-2014 PRETTY EASY PRIVACY 05-2014 It is called kinko Overview introduction spot the problem building good crypto tools challenges more than tools get involved Snowden 2013......rekindled interest in privacy.

More information

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75 Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.

More information

Software-based TPM Emulator for Linux

Software-based TPM Emulator for Linux Software-based TPM Emulator for Linux Semester Thesis Mario Strasser Department of Computer Science Swiss Federal Institute of Technology Zurich Summer Semester 2004 Mario Strasser: Software-based TPM

More information

Eliac Call Recording - Configurator Guide. Eliac. Call Recording System Ver. 2.x. www.smartsoft-eg.com

Eliac Call Recording - Configurator Guide. Eliac. Call Recording System Ver. 2.x. www.smartsoft-eg.com Eliac Call Recording System Ver. 2.x 1 System Overview Eliac Call Recording is a complete system that records both incoming and outgoing calls for any analog telephone lines, and can record either internal

More information

DOBUS And SBL Cloud Services Brochure

DOBUS And SBL Cloud Services Brochure 01347 812100 www.softbox.co.uk DOBUS And SBL Cloud Services Brochure enquiries@softbox.co.uk DOBUS Overview The traditional DOBUS service is a non-internet reliant, resilient, high availability trusted

More information

Oracle RAC Services Appendix

Oracle RAC Services Appendix 1 Overview Oracle RAC Services Appendix As usage of the Blackboard Academic Suite grows and the system reaches a mission critical level, customers must evaluate the overall effectiveness, stability and

More information

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES Contents Introduction... 3 DRM Threat Model... 3 DRM Flow... 4 DRM Assets... 5 Threat Model... 5 Protection of

More information

HEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY CONTROLS

HEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY CONTROLS Department of Health and Human Services OFFICE OF INSPECTOR GENERAL HEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY

More information

Information Technology Services Classification Level Range C Reports to. Manager ITS Infrastructure Effective Date June 29 th, 2015 Position Summary

Information Technology Services Classification Level Range C Reports to. Manager ITS Infrastructure Effective Date June 29 th, 2015 Position Summary Athabasca University Professional Position Description Section I Position Update Only Information Position Title Senior System Administrator Position # 999716,999902 Department Information Technology Services

More information

Securing the Service Desk in the Cloud

Securing the Service Desk in the Cloud TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,

More information

Unicorn: Two-Factor Attestation for Data Security

Unicorn: Two-Factor Attestation for Data Security Unicorn: Two-Factor Attestation for Data Security Mohammad Mannan Concordia Institute for Information Systems Engineering Concordia University Montreal, Canada Beom Heyn Kim Computer Science University

More information

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE Legal Marks No portion of this document may be reproduced or copied in any form, or by

More information