Property Based TPM Virtualization
|
|
- Hugo Houston
- 2 years ago
- Views:
Transcription
1 Property Based Virtualization Marcel Winandy Joint work with: Ahmad Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security Chair for System Security Ruhr University Bochum, Germany Sirrix AG security technologies Bochum, Germany Marcel Winandy Property Based Virtualization 1
2 Introduction: Virtualization Features Commodity operating systems on various hardware platforms Virtual machines: suspend & resume, migration Security: isolation of virtual machines Application scenario: corporate/private computing Isolated work loads for private and corporate working Isolated work loads for different security levels Linux Linux Windows Linux Windows Hypervisor Hardware Hypervisor Hardware Marcel Winandy Property Based Virtualization 2
3 Introduction: Trusted Computing () : cheap, tamper evident hardware security module Cryptographic functions (RSA, SHA 1, key generation, RNG) Protected storage for small data (e.g. keys) Special keys: Endorsement Key (EK) and Storage Root Key (SRK) Authenticated Boot (recording integrity measurements) Measurements stored in Platform Configuration Registers (PCRs) Each component measures next component (chain of trust) hash hash hash hash Apps OS Boot Loader BIOS CRTM store hash store hash store hash store hash PCRs SRK EK Attestation and Sealing Attestation Identity Key (AIK) signs PCRs for (remote) attestation Binding key is used to encrypt data to the current PCR values (decrypting only possible with same PCR states) Marcel Winandy Property Based Virtualization 3
4 Introduction: Virtual () Each should be able to use Providing protected storage and crypto coprocessor Assurance about the booted hypervisor and virtual machines Support for migration Private Working Unclassified Corporate Classified Corporate Hypervisor Hardware Marcel Winandy Property Based Virtualization 4
5 Introduction: Virtual () Each should be able to use Providing protected storage and crypto coprocessor Assurance about the booted hypervisor and virtual machines Support for migration Virtualization of the Emulation in software, but binding to and hardware Berger et al. (USENIX 2006), Scarlata et al. (2007) Private Working Unclassified Corporate Classified Corporate Driver Driver Driver Hypervisor Hardware Marcel Winandy Property Based Virtualization 5
6 Shortcomings of Existing Solutions Migration Protected data bound to binary representation of hypervisor 's data may be unavailable after migration to another platform Keys Differentiated strategies for key generation missing some IT environments demand hardware protected keys wheras others would benefit from flexibility of software keys Privacy Revealing information about system configuration (v) reveals information during remote attestation of PCR values Profiling (security risk) and discrimination possible Marcel Winandy Property Based Virtualization 6
7 New Design Adding new components to internal design: Property Management Representation of virtual PCRs Different mechanisms to store and read values Realizing property based attestation and sealing Key Management Creating and loading cryptographic keys Supports software keys or keys of physical Policy User defined policy of the instance Marcel Winandy Property Based Virtualization 7
8 Flexible Architecture Driver Key Management _CreateWrapKey() _Extend(i, m) Interface CreateKey() Extend(i, m) Property Management PCRRead(i) _PCRRead(i) crypto Cryptographic Functions Management Interface migrate() Migration Controller Software Key Hardware Key PropertyProvider 1 PropertyProvider 2 PropertyProvider N PropertyFilter Policy Hypervisor Key Novel components for Marcel Winandy Property Based Virtualization 8
9 Property Providers Each property provider has its own PCR vector How to store values is up to each implementation This results in a matrix of vpcrs Policy decides which vector to use on which operation Instance vpcr[0] vpcr[1] PropertyProvider 1 PropertyProvider j PropertyProvider N Mapping vpcr[n] Initialization Applying all property providers to build the vpcr matrix Each Property Provider can implement a different mapping PCRs Marcel Winandy Property Based Virtualization 9
10 Changing the Measurement Function PCR extension function of the : Extend(i, m): PCR i SHA1(PCR m) i Generalizing this for each Provider j : Provider j.extend(i,m): vpcr i,j translate (vpcr,m) j i,j Examples: translate hash () is hashing like in hardware translate cert () looks for a certificate and stores the public key Marcel Winandy Property Based Virtualization 10
11 PCR Extension: Example OS measures a file and wants to extend the measurement in PCR 10 of the _Extend(10, f572d396fae fb2ce00f72e94f2258f) Property Management of instance calls each Property Provider vpcr 10,hash of Provider hash 09d2af8dd22201dd8d48e5dcfcaed281ff9422c7 vpcr 10,hash := SHA1(vPCR 10,hash f572d396fae fb2ce00f72e94f2258f) vpcr 10,cert of Provider cert PK certa Look for cert for hash f572d. If found one (e.g., certb), add its PK vpcr 10,hash : vpcr 10,cert : 3a2fdfb2e10d4286a c508b173c PK certa, PK certb Marcel Winandy Property Based Virtualization 11
12 Property Based Attestation with Provider cert is one example to use property certificates Certificates describe the properties for a particular measurement Issued by a Trusted Third Party 1. attest(nonce,i,,j) 6. (pcrdata, nonce) Verifier 2. quote(vaik ID,nonce,i,,j) 5. (pcrdata, nonce) 3. prov = policy.askforprovider(i,,j) 4. sign[vaik ID ](nonce,vpcr i,prov,,vpcr j,prov ) Marcel Winandy Property Based Virtualization 12
13 Migration of and Secure migration needed (confidentiality, integrity, authenticity) Example: move private working environment to home PC Private Working Classified Corporate Online Gaming Hypervisor (Xen 3.1) Hypervisor (Xen 3.2) Hardware (Office PC) Hardware (Home PC) Marcel Winandy Property Based Virtualization 13
14 Trusted Channel based Migration Source platform requests trusted channel to destination Creates secret encryption key bound to and configuration of destination platform (assurance about integrity of end points) Configuration can also be property based Re usable for several migrations Private Working Classified Corporate Online Gaming Hypervisor (Xen 3.1) Hypervisor (Xen 3.2) Hardware (Office PC) Trusted Channel Hardware (Home PC) Marcel Winandy Property Based Virtualization 14
15 Trusted Channel based Migration Source platform requests trusted channel to destination Creates secret encryption key bound to and configuration of destination platform (assurance about integrity of end points) Configuration can also be property based Re usable for several migrations Private Working Classified Corporate Online Gaming Hypervisor (Xen 3.1) Hypervisor (Xen 3.2) Hardware (Office PC) Trusted Channel Hardware (Home PC) Transfer encrypted state via Trusted Channel No re mapping of PCRs necessary (because of property providers) Marcel Winandy Property Based Virtualization 15
16 Trusted Channel based Migration Source platform requests trusted channel to destination Creates secret encryption key bound to and configuration of destination platform (assurance about integrity of end points) Configuration can also be property based Re usable for several migrations Classified Corporate Private Working Online Gaming Hypervisor (Xen 3.1) Hypervisor (Xen 3.2) Hardware (Office PC) Trusted Channel Hardware (Home PC) Transfer encrypted state via Trusted Channel No re mapping of PCRs necessary (because of property providers) Marcel Winandy Property Based Virtualization 16
17 Summary Key Management Software Key Hardware Key Key Driver _CreateWrapKey() _Extend(i, m) Interface CreateKey() Extend(i, m) Property Management PropertyProvider 1 PropertyProvider 2 PropertyProvider N PropertyFilter Policy PCRRead(i) _PCRRead(i) crypto Cryptographic Functions Management Interface Migration Controller migrate() Novel components for New Design Property Providers Key Management Policy Allows to link hypervisor to based on properties Availability of sealed data after migration or software updates Trusted Migration protocol ensures binding to trustworthy platform More flexibility in key usage Key Management can delegate key requests to hardware User defined policy decides which information to reveal Policy defines which Property Provider to use on attestation Marcel Winandy Property Based Virtualization 17
18 Thank you for your attention! Questions? Contact: Marcel Winandy Horst Görtz Institute for IT Security Ruhr University Bochum, Germany Marcel Winandy Property Based Virtualization 18
19 BACKUP Marcel Winandy Property Based Virtualization 19
20 Property Based Sealing Marcel Winandy Property Based Virtualization 20
21 Migration Protocol Source platform Destination platform Migration Controlling Process Migration Controlling Process ' migrate() initiatemigration() requesttrustedchannel() create() ' verify(pk Bind, cert Bind ) (PK Bind, cert Bind ) sk := createkey() esk := bind[pk Bind ](sk) s := getstate() es := encrypt[sk](s) deletekey(sk), deletestate() transfer(es,esk) X destroy() sk := unbind[pk Bind ](esk) s := decrypt[sk](es) setstate(s) Marcel Winandy Property Based Virtualization 21
Secure Data Management in Trusted Computing
1 Secure Data Management in Trusted Computing Ulrich Kühn Deutsche Telekom Laboratories, TU Berlin Klaus Kursawe (KU Leuven) Stefan Lucks (U Mannheim) Ahmad-Reza Sadeghi (RU Bochum) Christian Stüble (RU
Patterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de
vtpm: Virtualizing the Trusted Platform Module
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA vtpm: Virtualizing the
vtpm: Virtualizing the Trusted Platform Module
vtpm: Virtualizing the Trusted Platform Module Stefan Berger Ramón Cáceres Kenneth A. Goldman Ronald Perez Reiner Sailer Leendert van Doorn {stefanb, caceres, kgoldman, ronpz, sailer, leendert}@us.ibm.com
On the security of Virtual Machine migration and related topics
Master thesis On the security of Virtual Machine migration and related topics Ramya Jayaram Masti Submitted in fulfillment of the requirements of Master of Science in Computer Science Department of Computer
Opal SSDs Integrated with TPMs
Opal SSDs Integrated with TPMs August 21, 2012 Robert Thibadeau, Ph.D. U.S. Army SSDs Must be Opal s We also Studied using the TPM (Trusted Platform Module) with an Opal SSD (Self-Encrypting Drive) 2 Security
Using the TPM: Data Protection and Storage
Using the TPM: Data Protection and Storage Ariel Segall ariels@alum.mit.edu Day 2 Approved for Public Release: 12-2749. Distribution unlimited License All materials are licensed under a Creative Commons
Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04
Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 F. John Krautheim 1 Dhananjay S. Phatak Alan T. Sherman 1 Cyber
Improving End-user Security and Trustworthiness of TCG-Platforms
Improving End-user Security and Trustworthiness of TCG-Platforms Klaus Kursawe, kursawe@acm.org Christian Stüble Saarland University, Germany stueble@acm.org September 29, 2003 Abstract Over the last two
Embedded Trusted Computing on ARM-based systems
1 / 26 Embedded Trusted Computing on ARM-based systems Martin Schramm, M.Eng. 10.04.2014 Agenda 2 of 26 martin.schramm@th-deg.de Embedded computing platforms have become omnipresent intend to alleviate
Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04
Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 F. John Krautheim 1 Dhananjay S. Phatak Alan T. Sherman 1 Cyber
Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution
1 Lecture Embedded System Security Dynamic Root of Trust and Execution Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2014 Dynamic Root
Trustworthy Identity Management for Web Authentication
Trustworthy Identity Management for Web Authentication Ramasivakarthik Mallavarapu Aalto University, School of Science and Technology kmallava@tkk.fi Abstract Identity theft today is one of the major security
Software Execution Protection in the Cloud
Software Execution Protection in the Cloud Miguel Correia 1st European Workshop on Dependable Cloud Computing Sibiu, Romania, May 8 th 2012 Motivation clouds fail 2 1 Motivation accidental arbitrary faults
Uni-directional Trusted Path: Transaction Confirmation on Just One Device
Uni-directional Trusted Path: Transaction Confirmation on Just One Device Atanas Filyanov 1, Jonathan M. McCune 2, Ahmad-Reza Sadeghi 3, Marcel Winandy 1 1 Ruhr-University Bochum, Germany 2 Carnegie Mellon
TPM Key Backup and Recovery. For Trusted Platforms
TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents
TCG Based Approach for Secure Management of Virtualized Platforms State-of-the-art
SICS Technical Report T2010:05 ISSN 1100-3154 TCG Based Approach for Secure Management of Virtualized Platforms State-of-the-art (June 05, 2010) Mudassar Aslam, Christian Gehrmann {Mudassar.Aslam, Christian.Gehrmann}@sics.se
William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly
William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly Ramesh Karri (rkarri@poly.edu) Associate Professor, Electrical and Computer Engineering NYU-Poly Why is cyber
Trustworthy Computing
Stefan Thom Senior Software Development Engineer and Security Architect for IEB, Microsoft Rob Spiger, Senior Security Strategist Trustworthy Computing Agenda Windows 8 TPM Scenarios Hardware Choices with
Background. TPMs in the real world. Components on TPM chip TPM 101. TCG: Trusted Computing Group. TCG: changes to PC or cell phone
CS 155 Spring 2006 Background TCG: Trusted Computing Group Dan Boneh TCG consortium. Founded in 1999 as TCPA. Main players (promotors): (>200 members) AMD, HP, IBM, Infineon, Intel, Lenovo, Microsoft,
A TRUSTED STORAGE SYSTEM FOR THE CLOUD
University of Kentucky UKnowledge University of Kentucky Master's Theses Graduate School 2010 A TRUSTED STORAGE SYSTEM FOR THE CLOUD Sushama Karumanchi University of Kentucky, ska226@uky.edu Recommended
Software-based TPM Emulator for Linux
Software-based TPM Emulator for Linux Semester Thesis Mario Strasser Department of Computer Science Swiss Federal Institute of Technology Zurich Summer Semester 2004 Mario Strasser: Software-based TPM
BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation
BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker
A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing
A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing Stefan Berger Joint work with: Kenneth Goldman, Dimitrios Pendarakis, David Safford, Mimi Zohar IBM T.J. Watson Research Center 09/21/2011
Embedding Trust into Cars Secure Software Delivery and Installation
Embedding Trust into Cars Secure Software Delivery and Installation André Adelsbach, Ulrich Huber, Ahmad-Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security, Bochum, Germany Third Workshop
Agenda. BitLocker Drive. BitLocker Drive Encryption Hardware Enhanced Data Protection. BitLocker And TPM Features
BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker
Index. BIOS rootkit, 119 Broad network access, 107
Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,
Using the TPM to Solve Today s Most Urgent Cybersecurity Problems
Using the to Solve Today s Most Urgent Cybersecurity Problems May 20, 2014 10:00AM PDT 2 Stacy Cannady, Technical Marketing Trustworthy Computing, Cisco Stacy Cannady, CISSP, is technical marketing - Trustworthy
Acronym Term Description
This glossary contains definitions of terms created by TCG, or terms that have a particular meaning in trusted computing, or terms that cause particular confusion in trusted computing. Acronym Term Description
Attestation and Authentication Protocols Using the TPM
Attestation and Authentication Protocols Using the TPM Ariel Segall June 21, 2011 Approved for Public Release: 11-2876. Distribution Unlimited. c 2011. All Rights Reserved. (1/28) Motivation Almost all
Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory
Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed
Technical Brief Distributed Trusted Computing
Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,
Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006
Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006 April 12th, 2006 1 Synopsis Background Trusted boot Security enhancements to boot loader Necessary code U-Boot Kernel
Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken
Bypassing Local Windows Authentication to Defeat Full Disk Encryption Ian Haken Who Am I? Currently a security researcher at Synopsys, working on application security tools and Coverity s static analysis
Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013
Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust Dan Griffin DefCon 2013 Time-Bound Keys Announcements New tool: TimedKey.exe New whitepaper: Trusted Tamperproof Time on Mobile
OVAL+TPM. A Case Study in Enterprise Trusted Computing. Ariel Segall. June 21, 2011
OVAL+TPM A Case Study in Enterprise Trusted Computing Ariel Segall June 21, 2011 Approved for Public Release: 11-0144. Distribution Unlimited. c 2011. All Rights Reserved. (1/15) Motivation Goal: Demonstrate
Trusted Platform Module
Trusted Platform Module TPM Fundamental APTISS, August 2008 Raymond Ng Infineon Technologies Asia Pacific Pte Ltd Raymond.ng@infineon.com TPM Fundamental Introduction to TPM Functional Component of TPM
Mutual Authentication Cloud Computing Platform based on TPM
Mutual Authentication Cloud Computing Platform based on TPM Lei Peng 1, Yanli Xiao 2 1 College of Information Engineering, Taishan Medical University, Taian Shandong, China 2 Department of Graduate, Taishan
Introduction to the TPM 1.2
Introduction to the TPM 1.2 Mark Ryan University of Birmingham DRAFT of March 24, 2009 Comments welcome 1 Introduction The Trusted Platform Module (TPM) is a hardware chip designed to enable commodity
Trusted Virtual Machine Management for Virtualization in Critical Environments
Trusted Virtual Machine Management for Virtualization in Critical Environments Khan Ferdous Wahid Fraunhofer SIT Rheinstraße 75 64295 Darmstadt Germany www.sit.fraunhofer.de khan.wahid@sit.fraunhofer.de
Abstract. 1 Introduction
Credo: Trusted Computing for s with a Commodity Hypervisor Himanshu Raj, David Robinson, Talha Bin Tariq, Paul England, Stefan Saroiu, Alec Wolman Microsoft Research Abstract This paper presents the Credo
Using the TPM: Authentication and Attestation
Using the TPM: Machine Ariel Segall ariels@alum.mit.edu Day 2 Approved for Public Release: 12-2749. Distribution unlimited License All materials are licensed under a Creative Commons Share Alike license.
Windows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation
Boot Manager Security Policy Windows Server 2008 R2 Boot Manager Security Policy For FIPS 140-2 Validation v 1.3 6/8/11 1 INTRODUCTION... 1 1.1 Cryptographic Boundary for BOOTMGR... 1 2 SECURITY POLICY...
Threat Model for Software Reconfigurable Communications Systems
Threat Model for Software Reconfigurable Communications Systems Presented to the Management Group 6 March 007 Bernard Eydt Booz Allen Hamilton Chair, SDR Security Working Group Overview Overview of the
Injecting Trust to Cryptographic Key Management
Injecting Trust to Cryptographic Key Management Gökhan Bal Goethe-University Frankfurt am Main, Germany bal@cs.uni-frankfurt.de Andreas U. Schmidt Fraunhofer Institute for Secure Information Technology
Penetration Testing Windows Vista TM BitLocker TM
Penetration Testing BitLocker TM Drive Encryption Douglas MacIver Penetration Engineer System Integrity Group, Corporation Hack In The Box 2006/09/21 2006 Corporation. All rights reserved. Trustworthy
A Security Assessment of Trusted Platform Modules Computer Science Technical Report TR2007-597
A Security Assessment of Trusted Platform Modules Computer Science Technical Report TR2007-597 Evan R. Sparks Evan.R.Sparks.07@Alum.Dartmouth.ORG Senior Honors Thesis http://www.cs.dartmouth.edu/ pkilab/sparks/
Hardware Security for Device Authentication in the Smart Grid
Hardware Security for Device Authentication in the Smart Grid Andrew J. Paverd and Andrew P. Martin Department of Computer Science, University of Oxford, UK {andrew.paverd,andrew.martin}@cs.ox.ac.uk Abstract.
Building Blocks Towards a Trustworthy NFV Infrastructure
Building Blocks Towards a Trustworthy NFV Infrastructure IRTF NFVRG Adrian L. Shaw Hewlett-Packard Laboratories / July 22 nd, 2015 1 Why security and trust? Big requirement for critical
Implementation of a Trusted Ticket System
Implementation of a Trusted Ticket System Andreas Leicher 1, Nicolai Kuntze 2, and Andreas U. Schmidt 3 1 Johann Wolfgang Goethe-Universität, Frankfurt am Main,Germany, leicher@cs.uni-frankfurt.de 2 Fraunhofer
Trusted Computing. Insecure PCs. Foundations for secure e-commerce (bmevihim219)
Foundations for secure e-commerce (bmevihim219) Dr. Levente Buttyán associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu
Accelerate OpenStack* Together. * OpenStack is a registered trademark of the OpenStack Foundation
Accelerate OpenStack* Together * OpenStack is a registered trademark of the OpenStack Foundation Where are your workloads running Ensuring Boundary Control in OpenStack Cloud. Raghu Yeluri Principal Engineer,
CS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
M-Shield mobile security technology
Technology for Innovators TM M-Shield mobile security technology making wireless secure Overview As 3G networks are successfully deployed worldwide, opportunities are arising to deliver to end-users a
Using etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
Hierarchies. Three Persistent Hierarchies. Chapter 9
Chapter 9 Hierarchies A hierarchy is a collection of entities that are related and managed as a group. Those entities include permanent objects (the hierarchy handles), primary objects at the root of a
Secure Device Identity Tutorial
Mike Borza John Viega with Charles Qi Karen Zelenko 2005-07-18 Page 1 Agenda Secure Device Identity 100,000 foot view The 5 criteria The 10,000 foot view Related technologies Related presentations Charles
Digital Rights Management Demonstrator
Digital Rights Management Demonstrator Requirements, Analysis, and Design Authors: Andre Osterhues, Marko Wolf Institute: Ruhr-University Bochum Date: March 2, 2007 Abstract: This document describes a
Data At Rest Protection
Data At Rest Protection Dell Data Protection Encryption Full Volume Encryption Whitepaper October 2011 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL
TPM. (Trusted Platform Module) Installation Guide V2.1
TPM (Trusted Platform Module) Installation Guide V2.1 Table of contents 1 Introduction 1.1 Convention... 4 1.2 TPM - An Overview... 5 2 Using TPM for the first time 2.1 Enabling TPM... 6 2.2 Installing
Trusted Virtual Domains Design, Implementation and Lessons Learned
Trusted Virtual Domains Design, Implementation and Lessons Learned Luigi Catuogno 1, Alexandra Dmitrienko 1, Konrad Eriksson 2, Dirk Kuhlmann 3, Gianluca Ramunno 4, Ahmad-Reza Sadeghi 1, Steffen Schulz
Master s Thesis. End-To-End Application Security Using Trusted Computing. Michiel Broekman. August 18, 2005
Master s Thesis End-To-End Application Security Using Trusted Computing Michiel Broekman August 18, 2005 University of Oxford Software Engineering Programme University of Nijmegen Security of Systems Group
Lecture Overview. INF3510 Information Security Spring 2015. Lecture 4 Computer Security. Meaningless transport defences when endpoints are insecure
Lecture Overview INF3510 Information Security Spring 2015 Fundamental computer security concepts CPU and OS kernel security mechanisms Virtualization Memory Protection Trusted computing and TPM Lecture
Trusted Platforms for Homeland Security
Trusted Platforms for Homeland Security By Kevin Schutz, Product Manager Secure Products Summary Ongoing threats from hackers, viruses, and worms continue to make security a top priority for IT and business
The TCG Dynamic Root for Trusted Measurement
Copyright Trusted Computing Group 1 The TCG Dynamic Root for Trusted Measurement Author: Lee Wilson TCG D-RTM Subgroup Chair PureFlex Security Architect, IBM Corporation BASIC CONCEPTS Copyright 2013 Trusted
Secure Storage. Lost Laptops
Secure Storage 1 Lost Laptops Lost and stolen laptops are a common occurrence Estimated occurrences in US airports every week: 12,000 Average cost of a lost laptop for a corporation is $50K Costs include
CS 155 Spring 2010. TCG: Trusted Computing Architecture
CS 155 Spring 2010 TCG: Trusted Computing Architecture Background! TCG consortium. Founded in 1999 as TCPA. Main players (promotors):! Goals: AMD, HP, IBM, Infineon, Intel, Lenovo, Microsoft, Sun (>200
Securing the E-Health Cloud
Securing the E-Health Cloud Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy 1st ACM International Health Informatics Symposium (IHI 2010) Arlington, Virginia, USA, 11-12 November 2010 Introduction Buzzwords
IBM Crypto Server Management General Information Manual
CSM-1000-0 IBM Crypto Server Management General Information Manual Notices The functions described in this document are IBM property, and can only be used, if they are a part of an agreement with IBM.
Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant
Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV Nadav Elkabets Presale Consultant Protecting Your Data Encrypt Your Data 1 ProtectFile StorageSecure ProtectDB ProtectV Databases File
Remote 2014 Monitoring & Control. Securing Mobile Devices November 7 th 2014
Remote 2014 Monitoring & Control Securing Mobile Devices November 7 th 2014 Purpose / Agenda Ken Lewis, CISSP Director of Cross Domain Security Solutions for Tresys Technology Systems Security Engineer
TPM. (Trusted Platform Module) Installation Guide V3.3.0. for Windows Vista
TPM (Trusted Platform Module) Installation Guide V3.3.0 for Windows Vista Table of contents 1 Introduction 1.1 Convention... 4 1.2 TPM - An Overview... 5 2 Using TPM for the first time 2.1 Enabling TPM...
Encrypted File Systems. Don Porter CSE 506
Encrypted File Systems Don Porter CSE 506 Goals Protect confidentiality of data at rest (i.e., on disk) Even if the media is lost or stolen Protecting confidentiality of in-memory data much harder Continue
Secure Wireless Application Platform
Texas Instruments SW@P Secure Wireless Application Platform New Challenges for Wireless Handsets Open Environment Multi-application, Interoperability Multiple Access Data Paths GSM/GPRS, EDGE, 802.11,
Analyzing the Security Schemes of Various Cloud Storage Services
Analyzing the Security Schemes of Various Cloud Storage Services ECE 646 Project Presentation Fall 2014 12/09/2014 Team Members Ankita Pandey Gagandeep Singh Bamrah Pros and Cons of Cloud Storage Services
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles
Towards Automated Security Policy Enforcement in Multi-Tenant Virtual Data Centers
Towards Automated Security Policy Enforcement in Multi-Tenant Virtual Data Centers Serdar Cabuk, Chris I. Dalton, Konrad Eriksson, Dirk Kuhlmann, HariGovind V. Ramasamy, Gianluca Ramunno, Ahmad-Reza Sadeghi,
Too Young to be Secure: Analysis of UEFI Threats and Vulnerabilities
St. Petersburg State University of Aerospace Instrumentation Department of Information Systems Security Too Young to be Secure: Analysis of UEFI Threats and Vulnerabilities Anton Sergeev Vladimir Bashun
Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms
Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms Radhika G #1, K.V.V. Satyanarayana *2, Tejaswi A #3 1,2,3 Dept of CSE, K L University, Vaddeswaram-522502,
Integrity measurements for stronger cloud-based authentication
Integrity measurements for stronger cloud-based authentication John Žic1 Thomas Hardjono 2 1 CSIRO Computational Informatics 2 MIT Kerberos and Internet of Trust Trust in the Digital World: Enabling the
EMSCB: European Multilaterally Secure Computing Base
EMSCB: European Multilaterally Secure Computing Base DemoCD User Guide for Turaya-Crypt / Turaya-VPN June 19, 2006 Contents 1 Overview 3 1.1 EMSCB....................................... 3 1.2 Turaya-VPN....................................
Encrypting stored data. Tuomas Aura T-110.4206 Information security technology
Encrypting stored data Tuomas Aura T-110.4206 Information security technology Outline 1. Scenarios 2. File encryption 3. Encrypting file system 4. Full disk encryption 5. Data recovery Simple applications
CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules
CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded
How to Secure Infrastructure Clouds with Trusted Computing Technologies
How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.
Certification Report
Certification Report EAL 4+ Evaluation of ncipher nshield Family of Hardware Security Modules Firmware Version 2.33.60 Issued by: Communications Security Establishment Canada Certification Body Canadian
Extending Secure Execution Environments Beyond the TPM (An Architecture for TPM & SmartCard Co-operative Model) Talha Tariq
Extending Secure Execution Environments Beyond the TPM (An Architecture for TPM & SmartCard Co-operative Model) Talha Tariq Technical Report RHUL-MA-2009-09 16th February 2009 Department of Mathematics
Cisco Trust Anchor Technologies
Data Sheet Cisco Trust Anchor Technologies Overview Cisco Trust Anchor Technologies provide the foundation for trustworthy systems across Cisco. The Cisco Trust Anchor and a Secure Boot check of signed
Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud
Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud 1 Contents The Obligation to Protect Patient Data in the Cloud................................................... Complying with the HIPAA
Trusted Virtual Platforms: A Key Enabler for Converged Client Devices
Trusted Virtual Platforms: A Key Enabler for Converged Client Devices Chris I Dalton, David Plaquin, Wolfgang Weidner, Dirk Kuhlmann, Boris Balacheff, Richard Brown HP Laboratories, Filton Road, Bristol
Secure web transactions system
Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends
TCG PC Client Specific Implementation Specification for Conventional BIOS
TCG PC Client Specific Implementation Specification for Conventional BIOS Specification Version 1.21 Errata Revision 1.00 February 24 th, 2012 For TPM Family 1.2; Level 2 Contact: admin@trustedcomputinggroup.org
Virtualization for Cloud Computing
Virtualization for Cloud Computing Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF CLOUD COMPUTING On demand provision of computational resources
Pulse Secure, LLC. January 9, 2015
Pulse Secure Network Connect Cryptographic Module Version 2.0 Non-Proprietary Security Policy Document Version 1.1 Pulse Secure, LLC. January 9, 2015 2015 by Pulse Secure, LLC. All rights reserved. May
SecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
FPGAs for Trusted Cloud Computing
FPGAs for Trusted Cloud Computing Traditional Servers Datacenter Cloud Servers Datacenter Cloud Manager Client Client Control Client Client Control 2 Existing cloud systems cannot offer strong security
Security Policy for FIPS 140 2 Validation
BitLocker Windows OS Loader Security Policy for FIPS 140 2 Validation BitLocker Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise Windows Server 2012 R2 Windows Storage Server 2012 R2 Surface
An Improved Trusted Full Disk Encryption Model
An Improved Trusted Full Disk Encryption Model Prasenjit Das and Nirmalya Kar Department of Computer Sc. & Engineering, National Institute of Technology Agartala, India. e-mail: pj.cstech@gmail.com; nirmalya@nita.ac.in
CRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
Cryptography as a service in a cloud computing environment
EINDHOVEN UNIVERSITY OF TECHNOLOGY Department of Mathematics and Computing Science MASTER S THESIS Cryptography as a service in a cloud computing environment Hugo a.w. Ideler Eindhoven, December 2012 Supervisors:
Towards a Trust Envisioned Cyber Security
International Journal of Innovation and Applied Studies ISSN 2028-9324 Vol. 2 No. 4 Apr. 2013, pp. 540-546 2013 Innovative Space of Scientific Research Journals http://www.issr-journals.org/ijias/ Towards