Uni-directional Trusted Path: Transaction Confirmation on Just One Device
|
|
- Juliana Lyons
- 8 years ago
- Views:
Transcription
1 Uni-directional Trusted Path: Transaction Confirmation on Just One Device Atanas Filyanov 1, Jonathan M. McCune 2, Ahmad-Reza Sadeghi 3, Marcel Winandy 1 1 Ruhr-University Bochum, Germany 2 Carnegie Mellon University, USA 3 Technical University Darmstadt, Germany DSN st Annual IEEE/IFIP International Conference on Dependable Systems and Networks Hong Kong, China, June 2011
2 Motivation Malware can have strong power on commodity systems Keyloggers, transaction generators,... (commit online fraud) Credit card companies, banks absorb most liabilities s have disincentive to solve the problem Even e-commerce servers are under attack! Sony: attackers have eventually stolen credit card data from several customers Recently similar attacks at other game companies 2
3 Motivation Malware can have strong power on commodity systems Keyloggers, transaction generators,... (commit online fraud) Credit card companies, banks absorb most liabilities s have disincentive to solve the problem Even e-commerce servers are under attack! Sony: attackers have eventually stolen credit card data from several customers Recently similar attacks at other game companies If all had used our proposed solution, there would have been no problem! :-) 2
4 Threat Scenario issue transaction request confirmation confirmation request transaction request confirmation confirmation Typical scenarios: online purchases, online banking, e-government, enrollment for online services, etc. 3
5 Threat Scenario Adversary issue transaction request confirmation confirmation request transaction request confirmation confirmation Typical scenarios: online purchases, online banking, e-government, enrollment for online services, etc. Adversary: controls network traffic and controls client system only software attacks (no hardware tampering) 3
6 Threat Scenario Adversary issue transaction request confirmation confirmation request transaction request confirmation confirmation Typical scenarios: online purchases, online banking, e-government, enrollment for online services, etc. Adversary: controls network traffic and controls client system only software attacks (no hardware tampering) 3
7 Threat Scenario Adversary issue transaction request confirmation confirmation request transaction request confirmation confirmation Typical scenarios: online purchases, online banking, e-government, enrollment for online services, etc. Adversary: controls network traffic and controls client system only software attacks (no hardware tampering) 3
8 Threat Scenario Adversary issue transaction request confirmation confirmation request transaction request confirmation confirmation Typical scenarios: online purchases, online banking, e-government, enrollment for online services, etc. Adversary: controls network traffic and controls client system only software attacks (no hardware tampering) 3
9 Threat Scenario cannot distinguish between transactions issued/ confirmed by user or malware Adversary issue? transaction request confirmation confirmation request transaction request confirmation confirmation Typical scenarios: online purchases, online banking, e-government, enrollment for online services, etc. Adversary: controls network traffic and controls client system only software attacks (no hardware tampering) 3
10 Our Goals Assurance to a remote server that a user indeed confirmed a proposed action Technical solution without additional devices, but compatible to existing operating systems Minimal/no deviation from normal user experience Assumption: hardware provides some form of secure execution environment 4
11 Our Goals Assurance to a remote server that a user indeed confirmed a proposed action Technical solution without additional devices, but compatible to existing operating systems Minimal/no deviation from normal user experience Assumption: hardware provides some form of secure execution environment Available on commodity platforms: PC: Intel TXT, AMD SVM Mobile: ARM TrustZone; Playstation3: Cell BE 4
12 Idea of the Uni-directional Trusted Path
13 Full Trusted Path Properties: Application Application Application 1. Isolation of I/O channels (integrity & confidentiality) 2. Assurance for user about authenticity of application 3. Assurance for application about user-generated input 6
14 Trusted Path: Existing Approaches Secure GUI (reserved screen area) Requires a secure Secure Attention Sequence (e.g., Ctrl+Alt+Delete) Requires kernel to remain uncompromised Additional hardware indicators (e.g., color LED) Requires kernel to remain uncompromised 7
15 Trusted Path: Existing Approaches Secure GUI (reserved screen area) Requires a secure Secure Attention Sequence (e.g., Ctrl+Alt+Delete) Requires kernel to remain uncompromised Additional hardware indicators (e.g., color LED) Requires kernel to remain uncompromised No widespread adoption, or lack of interest from users (also: usability unclear) 7
16 Uni-directional Trusted Path (UTP) Properties: Application 3 1. Isolation of I/O channels (integrity & confidentiality) 2. Assurance for user about authenticity of application 1 UTP Agent 3. Assurance for application about user-generated input 8
17 Uni-directional Trusted Path (UTP) Properties: Application 3 1. Isolation of I/O channels (integrity & confidentiality) 2. Assurance for user about authenticity of application 1 UTP Agent 3. Assurance for application about user-generated input 8
18 Uni-directional Trusted Path (UTP) Properties: Application 3 1. Isolation of I/O channels (integrity & confidentiality) 2. Assurance for user about authenticity of application 1 UTP Agent 3. Assurance for application about user-generated input Enable remote server to gain assurance about human-initiated action Based on s capability to switch between untrusted and secure execution mode UTP is only available in : Isolated execution environment and control of user I/O devices Ability to provide evidence to remote system what has executed in this mode 8
19 Transaction Confirmation with UTP
20 Transaction Initiation Browser I/O Devices UTP Agent 10
21 Transaction Initiation 1. issues transaction Browser I/O Devices UTP Agent 10
22 Transaction Initiation 2. requests transaction 1. issues transaction Browser I/O Devices UTP Agent 10
23 Transaction Initiation 2. requests transaction 1. issues transaction Browser 3. requests confirmation I/O Devices UTP Agent 10
24 Transaction Confirmation Browser 3. requests confirmation I/O Devices 11
25 Transaction Confirmation Browser 3. requests confirmation I/O Devices 11
26 Transaction Confirmation Browser 3. requests confirmation I/O Devices UTP Agent 11
27 Transaction Confirmation Browser 3. requests confirmation I/O Devices UTP Agent 11
28 Transaction Confirmation 4. show conf. message + request confirmation Browser 3. requests confirmation I/O Devices UTP Agent 11
29 Transaction Confirmation 4. show conf. message + request confirmation 5. confirm/abort I/O Devices Browser UTP Agent 3. requests confirmation 11
30 Transaction Confirmation 4. show conf. message + request confirmation 5. confirm/abort I/O Devices Browser UTP Agent confirm/abort 3. requests confirmation 11
31 Transaction Confirmation 4. show conf. message + request confirmation 5. confirm/abort I/O Devices Browser UTP Agent confirm/abort 3. requests confirmation 6. attestation evidence: - UTP Agent integrity measurement - conf. message from server - confirm/abort from user 11
32 Transaction Confirmation 4. show conf. message + request confirmation 5. confirm/abort I/O Devices Browser UTP Agent confirm/abort 3. requests confirmation 6. attestation evidence: - UTP Agent integrity measurement - conf. message from server - confirm/abort from user Uni-directional Trusted Path 11
33 Transaction Confirmation 4. show conf. message + request confirmation 5. confirm/abort I/O Devices Browser UTP Agent confirm/abort 3. requests confirmation 6. attestation evidence: - UTP Agent integrity measurement - conf. message from server - confirm/abort from user 11
34 Transaction Confirmation 4. show conf. message + request confirmation 5. confirm/abort I/O Devices Browser UTP Agent confirm/abort 7. accept/discard 3. requests confirmation 6. attestation evidence: - UTP Agent integrity measurement - conf. message from server - confirm/abort from user 11
35 Transaction Confirmation 4. show conf. message + request confirmation 5. confirm/abort I/O Devices Browser 7. accept/discard 3. requests confirmation 6. attestation evidence: - UTP Agent integrity measurement - conf. message from server - confirm/abort from user 11
36 Transaction Confirmation 4. show conf. message + request confirmation 5. confirm/abort I/O Devices Browser 7. accept/discard 3. requests confirmation 6. attestation evidence: - UTP Agent integrity measurement - conf. message from server - confirm/abort from user 11
37 Transaction Confirmation 4. show conf. message + request confirmation 5. confirm/abort 8. show result I/O Devices Browser 7. accept/discard 3. requests confirmation 6. attestation evidence: - UTP Agent integrity measurement - conf. message from server - confirm/abort from user 11
38 Security Considerations Transaction generated by malware 1. requests transaction Browser 2. requests confirmation I/O Devices UTP Agent 12
39 Security Considerations Transaction generated by malware 1. requests transaction unexpected Browser 2. requests confirmation I/O Devices UTP Agent 12
40 Security Considerations Transaction generated by malware 1. requests transaction unexpected Browser 2. requests confirmation I/O Devices UTP Agent will notice (unexpected transaction) 12
41 Security Considerations Transaction manipulation + manipulated UTP agent 1. issues transaction Browser 2. requests transaction 3. requests confirmation I/O Devices UTP Agent 13
42 Security Considerations Transaction manipulation + manipulated UTP agent 1. issues transaction Browser 2. requests transaction 3. requests confirmation I/O Devices UTP Agent 13
43 Security Considerations Transaction manipulation + manipulated UTP agent 1. issues transaction Browser 2. requests transaction 3. requests confirmation I/O Devices UTP Agent 13
44 Security Considerations Transaction manipulation + manipulated UTP agent 1. issues transaction expected Browser 2. requests transaction 3. requests confirmation I/O Devices UTP Agent 13
45 Security Considerations Transaction manipulation + manipulated UTP agent 1. issues transaction expected Browser 2. requests transaction 3. requests confirmation I/O Devices UTP Agent 6. attestation evidence: - UTP Agent integrity measurement - conf. message from server - confirm/abort from user 13
46 Security Considerations Transaction manipulation + manipulated UTP agent 1. issues transaction expected Browser 2. requests transaction 3. requests confirmation I/O Devices UTP Agent 6. attestation evidence: - UTP Agent integrity measurement - conf. message from server - confirm/abort from user will notice and reject (UTP integrity violation) 13
47 Security Considerations Transaction manipulation + faked confirmation dialog 1. issues transaction Browser 2. requests transaction 3. requests confirmation I/O Devices 14
48 Security Considerations Transaction manipulation + faked confirmation dialog 1. issues transaction 4. faked conf. message I/O Devices Browser 2. requests transaction 3. requests confirmation 14
49 Security Considerations Transaction manipulation + faked confirmation dialog 1. issues transaction 4. faked conf. message I/O Devices Browser 2. requests transaction 3. requests confirmation 6. attestation evidence: -??? 14
50 Security Considerations Transaction manipulation + faked confirmation dialog 1. issues transaction 4. faked conf. message I/O Devices Browser 2. requests transaction 3. requests confirmation 6. attestation evidence: -??? will notice and reject (no UTP execution) 14
51 Setup: Device Enrollment knows that a human confirmed a transaction But how does the server know which user? Solution: binding the device to the user account Requires to register user devices in a setup phase Establishes a cryptographic credential to perform login (e.g. public key protected by ) Protects against misuse of stolen account data! Attackers cannot use data (e.g. credit card number) because their devices are not registered with that account at the server 15
52 Realization of UTP
53 PC-Based Implementation Evidence attestation: Trusted Platform Module (TPM) Hardware root of trust (secure storage for keys; cryptographic operations) PCRs: registers that can be extended with integrity measurements of code Attestation: cryptographic signature of PCRs with a TPM-protected key : Intel Trusted Execution Technology (TXT) Late Launch creates dynamic root of trust (DRTM) Reinitializes and memory controller into known-good state Resets dynamic PCRs of the TPM (only can reset these registers) Software framework: Flicker Allows to execute very small code in DRTM mode (without any ) During DRTM mode, normal is halted; after switch back, is resumed 17
54 Implementation Architecture Client (Intel TXT) Web Browser Extension HTTPS Webserver Application Script Extension Client Utility Program Verification Program Flicker Launch Secure Mode UTP Agent TPM 18
55 Implementation Architecture Client (Intel TXT) Web Browser Extension HTTPS Webserver Application Script Extension Client Utility Program Verification Program Flicker Launch Secure Mode UTP Agent LOC TPM 18
56 Implementation Architecture Client (Intel TXT) Web Browser Extension Client Utility Program } HTTPS LOC (non-tcb) Webserver Application Script Extension Verification Program Flicker Launch Secure Mode UTP Agent LOC TPM 18
57 Implementation Architecture Client (Intel TXT) Web Browser Extension Client Utility Program } HTTPS LOC (non-tcb) Webserver Application Script Extension Verification Program Flicker Launch TPM Secure Mode UTP Agent 2335 LOC (TCB) LOC 18
58 Screenshot (Transaction Initiation) 19
59 Screenshot (Transaction Initiation) 19
60 Screenshot (Transaction Confirmation) 20
61 Evaluation Code complexity: Very small total TCB: 2335 LOC (sel4 about 9000 [Klein et al. SP 2009]) Including VGA and PS/2 keyboard driver (USB would add another 2000) Deployment: -side: only minor modifications necessary Client-side: users just need to download UTP software Performance: Switching time about 1 sec Remaining actions: waiting for user input, or in untrusted mode Usability: Confirmation message should not be simply "Press OK" (user tend to ignore) UTP is generic, confirmation message can be provided by service providers 21
62 Conclusion Existing solutions against transaction generators are inconvenient or not widely deployed Our proposal: a one-way trusted path to enable service providers to gain assurance about userinitiated transactions Realization based on on-demand isolated execution environment and temporal control of user I/O devices Very small TCB and compatible to existing software Deployable on commodity systems today 22
63 Questions? Contact: Marcel Winandy Ruhr-University Bochum 23
64 BACKUP
65 Implementation of UTP with Flicker 25
Patterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de
More informationLecture Embedded System Security Dynamic Root of Trust and Trusted Execution
1 Lecture Embedded System Security Dynamic Root of Trust and Execution Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2014 Dynamic Root
More informationDigital Rights Management Demonstrator
Digital Rights Management Demonstrator Requirements, Analysis, and Design Authors: Andre Osterhues, Marko Wolf Institute: Ruhr-University Bochum Date: March 2, 2007 Abstract: This document describes a
More informationCloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems
Cloud Terminal: Secure Access to Sensitive Applications from Untrusted Systems Lorenzo Martignoni, Pongsin Poosankam, y Matei Zaharia, Jun Han, y Stephen McCamant, Dawn Song, Vern Paxson, Adrian Perrig,
More informationBuilding Blocks Towards a Trustworthy NFV Infrastructure
Building Blocks Towards a Trustworthy NFV Infrastructure IRTF NFVRG Adrian L. Shaw Hewlett-Packard Laboratories / July 22 nd, 2015 1 Why security and trust? Big requirement for critical
More informationProperty Based TPM Virtualization
Property Based Virtualization Marcel Winandy Joint work with: Ahmad Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security Chair for System Security Ruhr University Bochum, Germany Sirrix
More informationSecuring the E-Health Cloud
Securing the E-Health Cloud Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy 1st ACM International Health Informatics Symposium (IHI 2010) Arlington, Virginia, USA, 11-12 November 2010 Introduction Buzzwords
More informationTrustworthy Identity Management for Web Authentication
Trustworthy Identity Management for Web Authentication Ramasivakarthik Mallavarapu Aalto University, School of Science and Technology kmallava@tkk.fi Abstract Identity theft today is one of the major security
More informationKASPERSKY FRAUD PREVENTION FOR ENDPOINTS
KASPERSKY FRAUD PREVENTION FOR ENDPOINTS www.kaspersky.com 2 Fraud Prevention for Endpoints KASPERSKY FRAUD PREVENTION 1. Ways of Attacking The prime motive behind cybercrime is making money, and today
More informationPosition Paper: Can the Web Really Use Secure Hardware?
Position Paper: Can the Web Really Use Secure Hardware? Justin King-Lacroix 1 Department of Computer Science, University of Oxford justin.king-lacroix@cs.ox.ac.uk Abstract. The Web has become the platform
More informationSecure Data Management in Trusted Computing
1 Secure Data Management in Trusted Computing Ulrich Kühn Deutsche Telekom Laboratories, TU Berlin Klaus Kursawe (KU Leuven) Stefan Lucks (U Mannheim) Ahmad-Reza Sadeghi (RU Bochum) Christian Stüble (RU
More informationKaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking
Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey
More informationEmbedding Trust into Cars Secure Software Delivery and Installation
Embedding Trust into Cars Secure Software Delivery and Installation André Adelsbach, Ulrich Huber, Ahmad-Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security, Bochum, Germany Third Workshop
More informationCOMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationSecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes!
SecureSwitch: BIOS-Assisted Isolation and Switch between Trusted and Untrusted Commodity OSes! Kun Sun, Jiang Wang, Fengwei Zhang, Angelos Stavrou! Center for Secure Information Systems! George Mason University!
More informationSecuring Network Input via a Trusted Input Proxy
Securing Network Input via a Trusted Input Proxy Kevin Borders, Atul Prakash University of Michigan {kborders, aprakash}@umich.edu Abstract The increasing popularity of online transactions involving sensitive
More informationParental controls NOTICE TO PARENTS. Vita system before allowing your child to play. Set parental controls on the PlayStation 4-419-422-01(1)
Parental controls NOTICE TO PARENTS Set parental controls on the PlayStation Vita system before allowing your child to play. 4-419-422-01(1) The PlayStation Vita system offers functions to help parents
More informationNSi Mobile Installation Guide. Version 6.2
NSi Mobile Installation Guide Version 6.2 Revision History Version Date 1.0 October 2, 2012 2.0 September 18, 2013 2 CONTENTS TABLE OF CONTENTS PREFACE... 5 Purpose of this Document... 5 Version Compatibility...
More informationOne-Stop Intel TXT Activation Guide
One-Stop Intel TXT Activation Guide DELL* PowerEdge 12G Server Systems Intel Trusted Execution Technology (Intel TXT) for Intel Xeon processor-based servers is commonly used to enhance platform security
More informationImproving End-user Security and Trustworthiness of TCG-Platforms
Improving End-user Security and Trustworthiness of TCG-Platforms Klaus Kursawe, kursawe@acm.org Christian Stüble Saarland University, Germany stueble@acm.org September 29, 2003 Abstract Over the last two
More informationUSB Portable Storage Device: Security Problem Definition Summary
USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides
More informationA Proxy-Based Data Security Solution in Mobile Cloud
, pp. 77-84 http://dx.doi.org/10.14257/ijsia.2015.9.5.08 A Proxy-Based Data Security Solution in Mobile Cloud Xiaojun Yu 1,2 and Qiaoyan Wen 1 1 State Key Laboratory of Networking and Switching Technology,
More informationIndex. BIOS rootkit, 119 Broad network access, 107
Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,
More informationCompulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows
Compulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows Compulink Business Systems, Inc. 2645 Townsgate Road, Suite 200 Westlake Village, CA 91361 2013 Compulink
More informationHow To Test Your Web Site On Wapt On A Pc Or Mac Or Mac (Or Mac) On A Mac Or Ipad Or Ipa (Or Ipa) On Pc Or Ipam (Or Pc Or Pc) On An Ip
Load testing with WAPT: Quick Start Guide This document describes step by step how to create a simple typical test for a web application, execute it and interpret the results. A brief insight is provided
More informationEnterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere
Enterprise Security Management CheckPoint SecuRemote VPN v4.0 for pcanywhere White Paper 7KH#&KDOOHQJH Virtual Private Networks (VPNs) provides a powerful means of protecting the privacy and integrity
More informationAngel Dichev RIG, SAP Labs
Enabling SSL and Client Certificates on the SAP J2EE Engine Angel Dichev RIG, SAP Labs Learning Objectives As a result of this session, you will be able to: Understand the different SAP J2EE Engine SSL
More informationIntel Identity Protection Technology with PKI (Intel IPT with PKI)
Intel Identity Protection Technology with PKI (Intel IPT with PKI) Technology Overview White Paper by Paul Carbin Rev 1.0, May 22 2012 Technology Overview Page 1 of 26 Legal Notices and Disclaimers INFORMATION
More informationIntel Embedded Virtualization Manager
White Paper Kelvin Lum Fee Foon Kong Platform Application Engineer, ECG Penang Intel Corporation Kam Boon Hee (Thomas) Marketing Development Manager, ECG Penang Intel Corporation Intel Embedded Virtualization
More informationEnd User Devices Security Guidance: Apple OS X 10.10
GOV.UK Guidance End User Devices Security Guidance: Apple OS X 10.10 Published Contents 1. Changes since previous guidance 2. Usage scenario 3. Summary of platform security 4. How the platform can best
More informationMobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard
Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.
More informationOne-Stop Intel TXT Activation Guide
One-Stop Intel TXT Activation Guide HP Gen8 Family Based Server Systems Intel Trusted Execution Technology (Intel TXT) for Intel Xeon processor-based servers is commonly used to enhance platform security
More informationhttp://docs.trendmicro.com
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,
More informationStart building a trusted environment now... (before it s too late) IT Decision Makers
YOU CAN T got HAP Start building a trusted environment now... IT Decision Makers (before it s too late) HAP reference implementations and commercial solutions are available now in the HAP Developer Kit.
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationProtecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013
Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust Dan Griffin DefCon 2013 Time-Bound Keys Announcements New tool: TimedKey.exe New whitepaper: Trusted Tamperproof Time on Mobile
More informationFirewalls. Chapter 3
Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border
More informationThis document is intended to make you familiar with the ServersCheck Monitoring Appliance
ServersCheck Monitoring Appliance Quick Overview This document is intended to make you familiar with the ServersCheck Monitoring Appliance Although it is possible, we highly recommend not to install other
More informationhttp://docs.trendmicro.com
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,
More informationPenetration Testing Windows Vista TM BitLocker TM
Penetration Testing BitLocker TM Drive Encryption Douglas MacIver Penetration Engineer System Integrity Group, Corporation Hack In The Box 2006/09/21 2006 Corporation. All rights reserved. Trustworthy
More informationHardware Security for Device Authentication in the Smart Grid
Hardware Security for Device Authentication in the Smart Grid Andrew J. Paverd and Andrew P. Martin Department of Computer Science, University of Oxford, UK {andrew.paverd,andrew.martin}@cs.ox.ac.uk Abstract.
More informationUNCLASSIFIED Version 1.0 May 2012
Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice
More informationTrusted Virtual Machine Management for Virtualization in Critical Environments
Trusted Virtual Machine Management for Virtualization in Critical Environments Khan Ferdous Wahid Fraunhofer SIT Rheinstraße 75 64295 Darmstadt Germany www.sit.fraunhofer.de khan.wahid@sit.fraunhofer.de
More informationCompulink Advantage Online TM
Compulink Advantage Online TM COMPULINK ADVANTAGE ONLINE TM INSTALLATION, CONFIGURATION AND PERFORMANCE GUIDE FOR WINDOWS (Revised 07/08/2011) 2011 Compulink Business Systems, Inc. All rights reserved
More informationIntegration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008
Integration Guide Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008 Integration Guide: Microsoft Active Directory Rights Management Services (AD RMS) Imprint
More informationA SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1
A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile
More informationWindows Server Virtualization & The Windows Hypervisor
Windows Server Virtualization & The Windows Hypervisor Brandon Baker Lead Security Engineer Windows Kernel Team Microsoft Corporation Agenda - Windows Server Virtualization (WSV) Why a hypervisor? Quick
More informationPrivateServer HSM Integration with Microsoft IIS
PrivateServer HSM Integration with Microsoft IIS January 2014 Document Version 1.1 Notice The information provided in this document is the sole property of Algorithmic Research Ltd. No part of this document
More informationMAC Web Based VPN Connectivity Details and Instructions
MAC Web Based VPN Connectivity Details and Instructions UMDNJ s Web-based VPN utilizes an SSL Based Cisco Application that provides VPN functionality without having to install a full client for end users
More informationBitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation
BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker
More informationTPM Key Backup and Recovery. For Trusted Platforms
TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents
More informationLBSEC. http://www.liveboxcloud.com
2014 LBSEC http://www.liveboxcloud.com LiveBox Srl does not release declarations or guarantee regarding this documentation and its use and declines any expressed or implied commercial or suitability guarantee
More informationUsing RD Gateway with Azure Multifactor Authentication
Using RD Gateway with Azure Multifactor Authentication We have a client that uses RD Gateway to allow users to access their RDS deployment from outside their corporate network. They have about 1000+ users.
More informationCustomer Release Notes for Xerox Integrated Fiery Color Server for the Xerox Color C75 Press, version 1.0
Customer Release Notes for Xerox Integrated Fiery Color Server for the Xerox Color C75 Press, version 1.0 This document contains important information about this release. Be sure to provide this information
More informationSecure Web Access Solution
Secure Web Access Solution I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. E-CODE SECURE WEB ACCESS SOLUTION... 3 OVERVIEW... 3 PKI SECURE WEB ACCESS... 4 Description...
More informationHow to Secure Infrastructure Clouds with Trusted Computing Technologies
How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.
More informationSpyware Doctor Enterprise Technical Data Sheet
Spyware Doctor Enterprise Technical Data Sheet The Best of Breed Anti-Spyware Solution for Businesses Spyware Doctor Enterprise builds on the strength of the industry-leading and multi award-winning Spyware
More informationGuardian: Hypervisor as Security Foothold for Personal Computers
Guardian: Hypervisor as Security Foothold for Personal Computers Yueqiang Cheng, Xuhua Ding Singapore Management University (SMU) The International Conference on Trust & Trustworthy Computing (TRUST),
More informationM-Shield mobile security technology
Technology for Innovators TM M-Shield mobile security technology making wireless secure Overview As 3G networks are successfully deployed worldwide, opportunities are arising to deliver to end-users a
More informationAttestation and Authentication Protocols Using the TPM
Attestation and Authentication Protocols Using the TPM Ariel Segall June 21, 2011 Approved for Public Release: 11-2876. Distribution Unlimited. c 2011. All Rights Reserved. (1/28) Motivation Almost all
More informationNetwork Licensing. White Paper 0-15Apr014ks(WP02_Network) Network Licensing with the CRYPTO-BOX. White Paper
WP2 Subject: with the CRYPTO-BOX Version: Smarx OS PPK 5.90 and higher 0-15Apr014ks(WP02_Network).odt Last Update: 28 April 2014 Target Operating Systems: Windows 8/7/Vista (32 & 64 bit), XP, Linux, OS
More informationBitDefender Security for Exchange
Quick Start Guide Copyright 2011 BitDefender 1. About This Guide This guide will help you install and get started with BitDefender Security for Exchange. For detailed instructions, please refer to the
More informationBioCatch Fraud Detection CHECKLIST. 6 Use Cases Solved with Behavioral Biometrics Technology
BioCatch Fraud Detection CHECKLIST 6 Use Cases Solved with Behavioral Biometrics Technology 1 2 MAN-IN-THE- BROWSER MALWARE ATTACK DETECTION (E.G. DYRE, NEVERQUEST) REMOTE ACCESS (RAT) DETECTION Challenge:
More informationNew Systems and Services Security Guidance
New Systems and Services Security Guidance Version Version Number Date Author Type of modification / Notes 0.1 29/05/2012 Donna Waymouth First draft 0.2 21/06/2012 Donna Waymouth Update re certificates
More informationBypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken
Bypassing Local Windows Authentication to Defeat Full Disk Encryption Ian Haken Who Am I? Currently a security researcher at Synopsys, working on application security tools and Coverity s static analysis
More informationProcedure for How to Enroll for Digital Signature
Procedure for How to Enroll for Digital Signature In Online Processing System getting to implement Digital Signature and Electronic Token for security and Authentication Purpose. For that bidder must have
More informationAvaya TM G700 Media Gateway Security. White Paper
Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional
More informationAvaya G700 Media Gateway Security - Issue 1.0
Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise
More informationThat Point of Sale is a PoS
SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach
More information2. Installation and System requirements
RELEASE NOTES F-Secure Anti-Virus for Windows Servers Version 9.00 build 333 Copyright 1993-2010 F-Secure Corporation. All Rights Reserved. Portions Copyright 2004 BackWeb Technologies Inc. This product
More informationAgilent System Protocol Test Release Note
Agilent System Protocol Test Release Note Release 6.0, Build 5.5.5.29 October 2006 This document provides information on fixes and known problems for the software released with this version. This version
More informationCitrix XenClient 1.0
White Paper Citrix XenClient Citrix XenClient 1.0 Proof of Concept Implementation Guide www.citrix.com Contents Introduction... 3 Hardware and Software Requirements... 3 Installation and Configuration...
More informationHardware Security Modules for Protecting Embedded Systems
Hardware Security Modules for Protecting Embedded Systems Marko Wolf, ESCRYPT GmbH Embedded Security, Munich, Germany André Weimerskirch, ESCRYPT Inc. Embedded Security, Ann Arbor, USA 1 Introduction &
More informationWIND RIVER SECURE ANDROID CAPABILITY
WIND RIVER SECURE ANDROID CAPABILITY Cyber warfare has swiftly migrated from hacking into enterprise networks and the Internet to targeting, and being triggered from, mobile devices. With the recent explosion
More informationWindows Web Based VPN Connectivity Details & Instructions
VPN Client Overview UMDNJ s Web based VPN utilizes an SSL (Secure Socket Layer) Based Cisco Application that provides VPN functionality without having to install a full client for end users running Microsoft
More informationShakambaree Technologies Pvt. Ltd.
Welcome to Support Express by Shakambaree Technologies Pvt. Ltd. Introduction: This document is our sincere effort to put in some regular issues faced by a Digital Signature and USB Token user doing on
More informationContents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008
Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication
More informationSecure Messaging Server Console... 2
Secure Messaging Server Console... 2 Upgrading your PEN Server Console:... 2 Server Console Installation Guide... 2 Prerequisites:... 2 General preparation:... 2 Installing the Server Console... 2 Activating
More informationTrusteer Rapport. User Guide. Version 3.5.1307 April 2014
Trusteer Rapport User Guide Version 3.5.1307 April 2014 Contents About this Guide 1 Need More Information about Trusteer Rapport? 1 Sending us Feedback 1 1. What is Trusteer Rapport? 3 Antivirus: A False
More informationAvira Server Security. HowTo
Avira Server Security HowTo Table of Contents 1. Setup Modes... 3 1.1. Complete...3 1.2 Custom...3 2. Configuration... 8 2.1 Update configuration for the Avira Update Manager...8 2.2 Configuration of product
More informationProtect Your Business and Customers from Online Fraud
DATASHEET Protect Your Business and Customers from Online Fraud What s Inside 2 WebSafe 5 F5 Global Services 5 More Information Online services allow your company to have a global presence and to conveniently
More informationSmartCenter for Pointsec - MI Overview
Chapter SmartCenter for Pointsec - MI Overview 1 SmartCenter for Pointsec - MI is a management and administration framework solution for the Check Point Endpoint Security product line that integrates with
More informationOwner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de
Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Microsoft Forefront TMG How to use SQL Server 2008 Express Reporting Services Abstract In this
More informationTrustDefender Mobile Technical Brief
TrustDefender Mobile Technical Brief Fraud Protection for Native Mobile Applications TrustDefender Mobile from ThreatMetrix is a lightweight SDK library for Google Android and Apple ios mobile devices.
More informationUSB Portable Storage Device: Security Problem Definition Summary
USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides
More informationA Virtualized Linux Integrity Subsystem for Trusted Cloud Computing
A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing Stefan Berger Joint work with: Kenneth Goldman, Dimitrios Pendarakis, David Safford, Mimi Zohar IBM T.J. Watson Research Center 09/21/2011
More information20 System Overview. Note: It is a good idea to schedule an automatic backup of your configuration. See Scheduling for details. ACP ThinManager 6.
2 System Overview 2.1 Quick Start Checklist Microsoft Build a terminal server with the Microsoft Windows 2003 or 2008 Server operating system. Add the Terminal Services/Remote Desktop Services Role. See
More informationThis document is intended to make you familiar with the ServersCheck Monitoring Appliance
ServersCheck Monitoring Appliance Quick Overview This document is intended to make you familiar with the ServersCheck Monitoring Appliance Although it is possible, we highly recommend not to install other
More informationArchitecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference
Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise
More informationLEARNING SOLUTIONS website milner.com/learning email training@milner.com phone 800 875 5042
Course 6451B: Planning, Deploying and Managing Microsoft System Center Configuration Manager 2007 Length: 3 Days Published: June 29, 2012 Language(s): English Audience(s): IT Professionals Level: 300 Technology:
More informationBYOD Guidance: BlackBerry Secure Work Space
GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.
More informationCSE543 Computer and Network Security Module: Cloud Computing
CSE543 Computer and Network Security Module: Computing Professor Trent Jaeger 1 Computing Is Here Systems and Internet Infrastructure Security (SIIS) Laboratory 2 Computing Is Here Systems and Internet
More informationNetWrix USB Blocker. Version 3.6 Administrator Guide
NetWrix USB Blocker Version 3.6 Administrator Guide Table of Contents 1. Introduction...3 1.1. What is NetWrix USB Blocker?...3 1.2. Product Architecture...3 2. Licensing...4 3. Operation Guide...5 3.1.
More informationWindows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org
Windows 7 Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org 1 Overview 1. Financial Institution s Preliminary Steps 2. User Interface 3. Data Protection 4. User and Group Changes
More informationRemote Deposit Capture Installation Guide
Remote Deposit Capture Installation Guide Please contact businessbanking@farmingtonbankct.com or call 860-284-6549 with any questions. Remote Deposit Capture Installation Instructions It is necessary to
More informationTrustKey Tool User Manual
TrustKey Tool User Manual 1 Table of Contents 1 Introduction... 5 2 TrustKey Product...6 2.1 TrustKey Tool... 6 2.2 TrustKey function modules...7 2.3 TrustKey using environment...7 3 TrustKey Tool Installation...
More informationValidity 1. Improvements in STEP 7 2. Improvements in WinCC 3. Simatic. Readme. Readme
Validity 1 Improvements in STEP 7 2 Simatic Improvements in WinCC 3 2012 Legal information Warning notice system This manual contains notices you have to observe in order to ensure your personal safety,
More informationEntrust Certificate Services for Adobe CDS
Entrust Certificate Services Entrust Certificate Services for Adobe CDS Getting Started Guide Entrust SafeNet Authentication Client: 8.3 Date of issue: July 2015 Document issue: 3.0 Revisions Issue and
More information