Embedded Trusted Computing on ARM-based systems
|
|
- Claribel King
- 7 years ago
- Views:
Transcription
1 1 / 26 Embedded Trusted Computing on ARM-based systems Martin Schramm, M.Eng
2 Agenda 2 of 26 martin.schramm@th-deg.de
3 Embedded computing platforms have become omnipresent intend to alleviate everyday life up and running in a 24/7 manner applications with high requirements for safety, security and privacy industrial automation medical automotive well-defined hardware and software components cost pressure ease of development arising problems regarding system security attacker effort is considerably reduced tremendous financial damage physical injury loss of human lives 3 of 26 martin.schramm@th-deg.de
4 Trusted Platform Module usually connected via LPC Bus Roots of Trust (RTS, RTR and RTM) CRTM implemented in BIOS Well-defined 4 of 26 martin.schramm@th-deg.de
5 PCR: PCR usage: 0 CRTM, BIOS and Platform Extensions 1 Platform Configuration 2 Option ROM Code 3 Option ROM Configuration and Data 4 IPL Code (usually the MBR) 5 IPL Configuration and Data (for use by the IPL Code) 6 State Transition and Wake Events 7 Host Platform Manufacturer Control 8-15 Defined for use by the Static Operating System 16 Debug Defined for use by the Dynamic Operating System BIOS part often poorly implemented User often has no insight of what is going on 5 of 26 martin.schramm@th-deg.de
6 TPM connected via embedded interface (e.g. I 2 C) Unique identification possible Lack of BIOS on ARM-based systems Root of Trust for Measurement must be redefined New Core Root of Trust for Measurement concept needed must be guaranteed 6 of 26 martin.schramm@th-deg.de
7 Freescale High Assurance Boot Implemented in Boot ROM Based on signed code execution Validation of efuses Reset Subsystem Security Bootloader CSF HAB Library i.mx Boot Rom Boot Device Driver Device Driver Boot Stages First Second Third Bootloader TPM Boot Device Driver OS Policy OS 7 of 26 martin.schramm@th-deg.de
8 Freescale High Assurance Boot Secure Boot capability HAB Library in Boot ROM is CRTM RTM comprised by enhanced Bootloader RTS and RTR located inside of the TPM Manufacturer has to be trusted 8 of 26 martin.schramm@th-deg.de
9 U-Boot Verified Boot Uses Flattened uimage Tree (FIT) images { kernel@1 { data = <data for kernel1 > signature@1 { algo = " sha1, rsa2048 " ; value = <... k e r n e l s i g n a t u r e 1... > } ; } ; fdt@1 { data = <data for fdt1 >; signature@1 { algo = " sha1, rsa2048 " ; vaue = <... f d t s i g n a t u r e 1... > } ; } ; } ; Sign images in FIT Hash an image in the FIT Sign the hash Store resulting signature in the FIT Verify the images Read the FIT and obtain public key Extract the signature from FIT and hash image Verify the signature 9 of 26 martin.schramm@th-deg.de
10 U-Boot Verified Boot Public key must be trusted Stored in U-Boot s control Flattened Device Tree (FDT) Secure field-upgrades are possible U-Boot must be loaded from read-only memory (CRTM) Chaining images possible Signed configurations possible c o n f i g u r a t i o n s { default = " conf@1 " ; conf@1 { kernel = " kernel@1 " ; f d t = " fdt@1 " ; signature@1 { algo = " sha1, rsa2048 " ; key name hint = " dev " ; sign images = " f d t ", " k ernel " ; } ; } ; } ; 10 of 26 martin.schramm@th-deg.de
11 libsboot libsboot, libtlcl and TPM drivers Secure Boot example for pre-os boot environment U-Boot binary loaded by a Second Phase Loader (SPL) EEPROM defining platform indentification and configuration Environment data read from an initial external source Environment variables set via the U-Boot console Flattened Device Tree files Initial Ram Disks An OS kernel Initialization of libsboot occurs from ROM code Initialization of TPM in SPL Verification that PCRs are reset Asserts Physical Presence 11 of 26 martin.schramm@th-deg.de
12 libsboot Sealed data stored in TPM NVRAM Pre-execution of U-Boot OS kernel System only boots after successfull unseal operation Extend PCRs with random data after measurements/error Trustworthy modifications of U-Boot are difficult Signature based approach possible 12 of 26
13 I HAB + TPM 13 of 26 martin.schramm@th-deg.de
14 I U-Boot verified Boot 14 of 26
15 libsboot 15 of 26
16 PCR: Possible PCR usage: 0 U-Boot image 1 U-Boot environment variables 2 U-Boot typed in commands 3 Kernel FDT 4 Initial RAM Disk 5 OS kernel image 6 reserved for further use 7 reserved for further use 8-15 Defined for use by the Static Operating System 16 Debug Defined for use by the Dynamic Operating System 16 of 26 martin.schramm@th-deg.de
17 Embedded devices might be uniquely identified Endorsement Key certificate Hash of public Endorsement Key Barcode of public EK Hash Easy exchange of Trustworthy devices 17 of 26
18 What if signed image gets compromised? TPM chip features monotonic counters Can be used to implement rollback counters Rolling back an older signed firmware can be mitigated 18 of 26
19 I requires authentic AIK key I I PrivacyCA (online verification) AIK direct proof (offline verification) 19 of 26 martin.schramm@th-deg.de
20 via TPM_QUOTE 20 of 26
21 Possibility to certify any key in the TPM key hierarchy 21 of 26
22 Prevent compromise of the hosts that connect to a network Based on extended attributes such as platform authentication, endpoint compliance or software state information Policy for assessment, isolation and remediation needed Common three party model: Access Requester (AR), Policy Decision Point (PDP) and Policy Enforcement Point (PEP) AR might be a VPN Client or IEEE 802.1X Supplicant AR s request processed by PDP which might be a software component or a RADIUS server PDP reports its decision (access granted or denied) to a PEP PEP might be a VPN gateway, switch, firewall or IEEE 802.1X Access Point 22 of 26 martin.schramm@th-deg.de
23 23 of 26
24 24 of 26
25 Manifold application areas of embedded devices Urgent need for sophisticated security solutions must be guaranteed Unique identification and anti-rollback possible Well-defined policies are of great importance Security versus Usability! 25 of 26
26 Thank you for your attention! 26 of 26
Patterns for Secure Boot and Secure Storage in Computer Systems
Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de
More informationTechnical Brief Distributed Trusted Computing
Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,
More informationTCG PC Client Specific Implementation Specification for Conventional BIOS
TCG PC Client Specific Implementation Specification for Conventional BIOS Specification Version 1.21 Errata Revision 1.00 February 24 th, 2012 For TPM Family 1.2; Level 2 Contact: admin@trustedcomputinggroup.org
More informationBitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation
BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker
More informationBypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken
Bypassing Local Windows Authentication to Defeat Full Disk Encryption Ian Haken Who Am I? Currently a security researcher at Synopsys, working on application security tools and Coverity s static analysis
More informationAcronym Term Description
This glossary contains definitions of terms created by TCG, or terms that have a particular meaning in trusted computing, or terms that cause particular confusion in trusted computing. Acronym Term Description
More informationSoftware-based TPM Emulator for Linux
Software-based TPM Emulator for Linux Semester Thesis Mario Strasser Department of Computer Science Swiss Federal Institute of Technology Zurich Summer Semester 2004 Mario Strasser: Software-based TPM
More informationRecipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory
Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed
More informationTrusted Platform Module
Trusted Platform Module TPM Fundamental APTISS, August 2008 Raymond Ng Infineon Technologies Asia Pacific Pte Ltd Raymond.ng@infineon.com TPM Fundamental Introduction to TPM Functional Component of TPM
More informationProperty Based TPM Virtualization
Property Based Virtualization Marcel Winandy Joint work with: Ahmad Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security Chair for System Security Ruhr University Bochum, Germany Sirrix
More informationPenetration Testing Windows Vista TM BitLocker TM
Penetration Testing BitLocker TM Drive Encryption Douglas MacIver Penetration Engineer System Integrity Group, Corporation Hack In The Box 2006/09/21 2006 Corporation. All rights reserved. Trustworthy
More informationTrustworthy Computing
Stefan Thom Senior Software Development Engineer and Security Architect for IEB, Microsoft Rob Spiger, Senior Security Strategist Trustworthy Computing Agenda Windows 8 TPM Scenarios Hardware Choices with
More informationIndex. BIOS rootkit, 119 Broad network access, 107
Index A Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models,
More informationSecure Data Management in Trusted Computing
1 Secure Data Management in Trusted Computing Ulrich Kühn Deutsche Telekom Laboratories, TU Berlin Klaus Kursawe (KU Leuven) Stefan Lucks (U Mannheim) Ahmad-Reza Sadeghi (RU Bochum) Christian Stüble (RU
More informationCycurHSM An Automotive-qualified Software Stack for Hardware Security Modules
CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules Dr. Frederic Stumpf, ESCRYPT GmbH Embedded Security, Stuttgart, Germany 1 Introduction Electronic Control Units (ECU) are embedded
More informationLecture Embedded System Security Dynamic Root of Trust and Trusted Execution
1 Lecture Embedded System Security Dynamic Root of Trust and Execution Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2014 Dynamic Root
More informationvtpm: Virtualizing the Trusted Platform Module
vtpm: Virtualizing the Trusted Platform Module Stefan Berger Ramón Cáceres Kenneth A. Goldman Ronald Perez Reiner Sailer Leendert van Doorn {stefanb, caceres, kgoldman, ronpz, sailer, leendert}@us.ibm.com
More informationDell Client BIOS: Signed Firmware Update
Dell Client BIOS: Signed Firmware Update An Implementation and Deployment Guide to NIST SP800-147 BIOS Protections for Dell Client BIOS Rick Martinez Dell Client BIOS This white paper is for informational
More informationBuilding Blocks Towards a Trustworthy NFV Infrastructure
Building Blocks Towards a Trustworthy NFV Infrastructure IRTF NFVRG Adrian L. Shaw Hewlett-Packard Laboratories / July 22 nd, 2015 1 Why security and trust? Big requirement for critical
More informationHi and welcome to the Microsoft Virtual Academy and
Hi and welcome to the Microsoft Virtual Academy and 2012 Microsoft Corporation 1 the start of the Windows 8 Security Insights training. My name is Milad Aslaner I m part of the Premier Field Engineering
More informationAssertion Framework for BYOD. Chris Daly General Dynamics C4 Systems Chris.daly@gdc4s.com
Assertion Framework for BYOD Chris Daly General Dynamics C4 Systems Chris.daly@gdc4s.com Overview BYOD Problems, Requirements, and Scenarios What is an assertion? Why trust assertions for BYOD? Keys to
More informationi.mx USB loader A white paper by Tristan Lelong
i.mx USB loader A white paper by Tristan Lelong Introduction This document aims to explain the serial downloader feature of i.mx SoCs on Linux (available across i.mx family starting with i.mx23). This
More informationOn the security of Virtual Machine migration and related topics
Master thesis On the security of Virtual Machine migration and related topics Ramya Jayaram Masti Submitted in fulfillment of the requirements of Master of Science in Computer Science Department of Computer
More informationUsing the TPM: Data Protection and Storage
Using the TPM: Data Protection and Storage Ariel Segall ariels@alum.mit.edu Day 2 Approved for Public Release: 12-2749. Distribution unlimited License All materials are licensed under a Creative Commons
More informationTPM Key Backup and Recovery. For Trusted Platforms
TPM Key Backup and Recovery For Trusted Platforms White paper for understanding and support proper use of backup and recovery procedures for Trusted Computing Platforms. 2006-09-21 V0.95 Page 1 / 17 Contents
More informationUsing the TPM to Solve Today s Most Urgent Cybersecurity Problems
Using the to Solve Today s Most Urgent Cybersecurity Problems May 20, 2014 10:00AM PDT 2 Stacy Cannady, Technical Marketing Trustworthy Computing, Cisco Stacy Cannady, CISSP, is technical marketing - Trustworthy
More informationA Virtualized Linux Integrity Subsystem for Trusted Cloud Computing
A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing Stefan Berger Joint work with: Kenneth Goldman, Dimitrios Pendarakis, David Safford, Mimi Zohar IBM T.J. Watson Research Center 09/21/2011
More informationProtecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013
Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust Dan Griffin DefCon 2013 Time-Bound Keys Announcements New tool: TimedKey.exe New whitepaper: Trusted Tamperproof Time on Mobile
More informationTCG Based Approach for Secure Management of Virtualized Platforms State-of-the-art
SICS Technical Report T2010:05 ISSN 1100-3154 TCG Based Approach for Secure Management of Virtualized Platforms State-of-the-art (June 05, 2010) Mudassar Aslam, Christian Gehrmann {Mudassar.Aslam, Christian.Gehrmann}@sics.se
More informationTrusted Computing. Insecure PCs. Foundations for secure e-commerce (bmevihim219)
Foundations for secure e-commerce (bmevihim219) Dr. Levente Buttyán associate professor BME Híradástechnikai Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu
More informationOpal SSDs Integrated with TPMs
Opal SSDs Integrated with TPMs August 21, 2012 Robert Thibadeau, Ph.D. U.S. Army SSDs Must be Opal s We also Studied using the TPM (Trusted Platform Module) with an Opal SSD (Self-Encrypting Drive) 2 Security
More informationTNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group
TNC: Open Standards for Network Security Automation Copyright 2010 Trusted Computing Group Agenda Introduce TNC and TCG Explanation of TNC What problems does TNC solve? How does TNC solve those problems?
More informationSecure Boot on i.mx50, i.mx53, and i.mx 6 Series using HABv4
Freescale Semiconductor, Inc. Document Number: AN4581 Application Note Rev. 1, 10/2015 Secure Boot on i.mx50, i.mx53, and i.mx 6 Series using HABv4 1. Introduction 1.1. Purpose Executing trusted and authentic
More informationAn Improved Trusted Full Disk Encryption Model
An Improved Trusted Full Disk Encryption Model Prasenjit Das and Nirmalya Kar Department of Computer Sc. & Engineering, National Institute of Technology Agartala, India. e-mail: pj.cstech@gmail.com; nirmalya@nita.ac.in
More informationSecure Cloud Storage and Computing Using Reconfigurable Hardware
Secure Cloud Storage and Computing Using Reconfigurable Hardware Victor Costan, Brandon Cho, Srini Devadas Motivation Computing is more cost-efficient in public clouds but what about security? Cloud Applications
More informationHow to Secure Infrastructure Clouds with Trusted Computing Technologies
How to Secure Infrastructure Clouds with Trusted Computing Technologies Nicolae Paladi Swedish Institute of Computer Science 2 Contents 1. Infrastructure-as-a-Service 2. Security challenges of IaaS 3.
More informationTECHNISCHE UNIVERSITÄT MÜNCHEN. Lehrstuhl für Datenverarbeitung. Runtime integrity framework based on trusted computing.
TECHNISCHE UNIVERSITÄT MÜNCHEN Lehrstuhl für Datenverarbeitung Runtime integrity framework based on trusted computing Chun Hui Suen Vollständiger Abdruck der von der Fakultät für Elektrotechnik und Informationstechnik
More informationBackground. TPMs in the real world. Components on TPM chip TPM 101. TCG: Trusted Computing Group. TCG: changes to PC or cell phone
CS 155 Spring 2006 Background TCG: Trusted Computing Group Dan Boneh TCG consortium. Founded in 1999 as TCPA. Main players (promotors): (>200 members) AMD, HP, IBM, Infineon, Intel, Lenovo, Microsoft,
More informationFastboot Techniques for x86 Architectures. Marcus Bortel Field Application Engineer QNX Software Systems
Fastboot Techniques for x86 Architectures Marcus Bortel Field Application Engineer QNX Software Systems Agenda Introduction BIOS and BIOS boot time Fastboot versus BIOS? Fastboot time Customizing the boot
More informationOVAL+TPM. A Case Study in Enterprise Trusted Computing. Ariel Segall. June 21, 2011
OVAL+TPM A Case Study in Enterprise Trusted Computing Ariel Segall June 21, 2011 Approved for Public Release: 11-0144. Distribution Unlimited. c 2011. All Rights Reserved. (1/15) Motivation Goal: Demonstrate
More informationSecure Boot on i.mx25, i.mx35, and i.mx51 using HABv3
Freescale Semiconductor Application Note Document Number: AN4547 Rev. 0, 10/2012 Secure Boot on i.mx25, i.mx35, and i.mx51 using HABv3 by Freescale Semiconductor, Inc. This application note explains how
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
More informationImproving End-user Security and Trustworthiness of TCG-Platforms
Improving End-user Security and Trustworthiness of TCG-Platforms Klaus Kursawe, kursawe@acm.org Christian Stüble Saarland University, Germany stueble@acm.org September 29, 2003 Abstract Over the last two
More informationSecurity Policy for FIPS 140 2 Validation
BitLocker Windows OS Loader Security Policy for FIPS 140 2 Validation BitLocker Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise Windows Server 2012 R2 Windows Storage Server 2012 R2 Surface
More informationHierarchies. Three Persistent Hierarchies. Chapter 9
Chapter 9 Hierarchies A hierarchy is a collection of entities that are related and managed as a group. Those entities include permanent objects (the hierarchy handles), primary objects at the root of a
More informationEnhancing Organizational Security Through the Use of Virtual Smart Cards
Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company
More informationThat Point of Sale is a PoS
SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach
More informationTNC Endpoint Compliance and Network Access Control Profiles
TNC Endpoint Compliance and Network Access Control Profiles TCG Members Meeting June 2014 Barcelona Prof. Andreas Steffen Institute for Internet Technologies andapplications HSR University of Applied Sciences
More informationTrusted Platforms for Homeland Security
Trusted Platforms for Homeland Security By Kevin Schutz, Product Manager Secure Products Summary Ongoing threats from hackers, viruses, and worms continue to make security a top priority for IT and business
More informationIn the past few years, increasing volumes of computer
Enhancing PC Security with a A boot system that uses a can help ensure the integrity of fairly static PC components. Moreover, the associated two-factor authentication makes a mobile computer s theft less
More informationLesson 06: Basics of Software Development (W02D2
Lesson 06: Basics of Software Development (W02D2) Balboa High School Michael Ferraro Lesson 06: Basics of Software Development (W02D2 Do Now 1. What is the main reason why flash
More informationTrusted Network Connect (TNC)
Trusted Network Connect (TNC) Josef von Helden josef.vonhelden@inform.fh-hannover.de Martin Schmiedel Daniel Wuttke First European Summer School on Trusted Infrastructure Technologies September 2006 1
More informationCertification Report
Certification Report EAL 4+ Evaluation of BlackBerry Enterprise Server version 5.0.0 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification
More informationi.mx Trust Architecture Protects assets of multiple stakeholders Guards against sophisticated attacks Assures software measures TM 2
September 2013 i.mx-based products Rich, mobile, end-user, connected platforms Increasingly valuable assets: end-user data, licensed content, access credentials, intellectual property Increasingly threatened:
More informationEnd User Devices Security Guidance: Apple OS X 10.10
GOV.UK Guidance End User Devices Security Guidance: Apple OS X 10.10 Published Contents 1. Changes since previous guidance 2. Usage scenario 3. Summary of platform security 4. How the platform can best
More informationSecurity Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation
Security Overview for Windows Vista Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Agenda User and group changes Encryption changes Audit changes User rights New and modified
More informationSecure Storage. Lost Laptops
Secure Storage 1 Lost Laptops Lost and stolen laptops are a common occurrence Estimated occurrences in US airports every week: 12,000 Average cost of a lost laptop for a corporation is $50K Costs include
More informationCS 155 Spring 2010. TCG: Trusted Computing Architecture
CS 155 Spring 2010 TCG: Trusted Computing Architecture Background! TCG consortium. Founded in 1999 as TCPA. Main players (promotors):! Goals: AMD, HP, IBM, Infineon, Intel, Lenovo, Microsoft, Sun (>200
More informationGuidance End User Devices Security Guidance: Apple OS X 10.9
GOV.UK Guidance End User Devices Security Guidance: Apple OS X 10.9 Published 23 January 2014 Contents 1. Changes since previous guidance 2. Usage Scenario 3. Summary of Platform Security 4. How the Platform
More informationDELL. Unified Server Configurator Security Overview. A Dell Technical White Paper. By Raja Tamilarasan, Wayne Liles, Marshal Savage and Weijia Zhang
DELL A Dell Technical White Paper Unified Server Configurator Security Overview By Raja Tamilarasan, Wayne Liles, Marshal Savage and Weijia Zhang THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND
More informationSecurity 4.0 - Security by Separation
Security 4.0 - Security by Separation Making Industrial Control Systems More Secure Author(s): Date: Version Mehmet Özer 19.05.2015 v1.0 SYSGO AG 1 Agenda Security Challenges IoT Architecture for Industrial
More informationEncrypting stored data. Tuomas Aura T-110.4206 Information security technology
Encrypting stored data Tuomas Aura T-110.4206 Information security technology Outline 1. Scenarios 2. File encryption 3. Encrypting file system 4. Full disk encryption 5. Data recovery Simple applications
More informationNetwork Access Control (NAC) and Network Security Standards
Network Control (NAC) and Network Security Standards Copyright 2011 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #1 Agenda Goals of NAC Standards What
More informationAnalysis of the Linux Audit System 1
Analysis of the Linux Audit System 1 Authors Bruno Morisson, MSc (Royal Holloway, 2014) Stephen Wolthusen, ISG, Royal Holloway Overview Audit mechanisms on an operating system (OS) record relevant system
More informationHardware Security for Device Authentication in the Smart Grid
Hardware Security for Device Authentication in the Smart Grid Andrew J. Paverd and Andrew P. Martin Department of Computer Science, University of Oxford, UK {andrew.paverd,andrew.martin}@cs.ox.ac.uk Abstract.
More informationDigital Rights Management Demonstrator
Digital Rights Management Demonstrator Requirements, Analysis, and Design Authors: Andre Osterhues, Marko Wolf Institute: Ruhr-University Bochum Date: March 2, 2007 Abstract: This document describes a
More informationTrusted Network Connect (TNC) 4th European Trusted Infrastructure Summer School August / September 2009
Trusted Network Connect (TNC) 4th European Trusted Infrastructure Summer School August / September 2009 Josef von Helden University of Applied Sciences and Arts, Hanover josef.vonhelden@fh-hannover.de
More informationCautions When Using BitLocker Drive Encryption on PRIMERGY
Cautions When Using BitLocker Drive Encryption on PRIMERGY July 2008 Fujitsu Limited Table of Contents Preface...3 1 Recovery mode...4 2 Changes in hardware configurations...5 3 Prior to hardware maintenance
More informationCreating Security for BYOD Current Approaches
Creating Security for BYOD Current Approaches Patrik Ekdahl Ericsson Research - Security Bring Your Own Device BYOD refers to the act of employees using their personal mobile devices for work-related purposes.
More informationTable Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10
Table Of Contents - - WINDOWS SERVER 2003 MAINTAINING AND MANAGING ENVIRONMENT...1 WINDOWS SERVER 2003 IMPLEMENTING, MANAGING & MAINTAINING...6 WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS
More informationWhat s New in MySQL 5.7 Security Georgi Joro Kodinov Team Lead MySQL Server General Team
What s New in MySQL 5.7 Security Georgi Joro Kodinov Team Lead MySQL Server General Team Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information
More informationData At Rest Protection
Data At Rest Protection Dell Data Protection Encryption Full Volume Encryption Whitepaper October 2011 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL
More informationUNCLASSIFIED Version 1.0 May 2012
Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice
More informationMobile Phone Work Group
Mobile Phone Work Group Selected Use Case Analyses v 1.0 Abstract This document describes a set of selected mobile phone uses cases and identifies required security mechanisms in a mobile phone implementation
More informationAbstract. 1 Introduction
Credo: Trusted Computing for s with a Commodity Hypervisor Himanshu Raj, David Robinson, Talha Bin Tariq, Paul England, Stefan Saroiu, Alec Wolman Microsoft Research Abstract This paper presents the Credo
More informationEmbedded Linux development training 4 days session
Embedded Linux development training 4 days session Title Overview Duration Trainer Language Audience Prerequisites Embedded Linux development training Understanding the Linux kernel Building the Linux
More informationSecure mobile business information processing
Secure mobile business information processing Nicolai Kuntze, Roland Rieke Fraunhofer Institute for Secure Information Technology Darmstadt, Germany e-mail: {nicolai.kuntze roland.rieke}@sit.fraunhofer.de
More informationSession ID: Session Classification:
Session ID: Session Classification: Protecting Data with Encryption Access Control Protect Sensitive Data Protect and Manage Threats Groundbreaking Malware Resistance Protects the client, data, and corporate
More informationios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33
ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback - http://j.mp/psumac33 Why care about ios Security? 800M 800 million ios devices activated 130 million in last year 98%
More informationIoT Security Concerns and Renesas Synergy Solutions
IoT Security Concerns and Renesas Synergy Solutions Simon Moore CTO - Secure Thingz Ltd Agenda Introduction to Secure.Thingz. The Relentless Attack on the Internet of Things Building protection with Renesas
More informationCisco Trust Anchor Technologies
Data Sheet Cisco Trust Anchor Technologies Overview Cisco Trust Anchor Technologies provide the foundation for trustworthy systems across Cisco. The Cisco Trust Anchor and a Secure Boot check of signed
More informationTPM 2.0, UEFI and their Impact on Security and Users Freedom
Faculty IV - Business and Computer Science Department of Computer Science TPM 2.0, UEFI and their Impact on Security and Users Freedom A thesis submitted in partial fulfilment of the requirements for the
More informationIoT Security Platform
IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there
More informationvtpm: Virtualizing the Trusted Platform Module
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA vtpm: Virtualizing the
More informationSecurity Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2
BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution
More informationWilliam Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly
William Hery (whery@poly.edu) Research Professor, Computer Science and Engineering NYU-Poly Ramesh Karri (rkarri@poly.edu) Associate Professor, Electrical and Computer Engineering NYU-Poly Why is cyber
More informationMobile Platform Security Architectures A perspective on their evolution
Mobile Platform Security Architectures A perspective on their evolution N. Asokan Kari Kostiainen 1 NA, KKo, JEE, Nokia Resarch Center 2011-2012 Introduction Recent interest in smartphone security 2 NA,
More informationTrusted Virtual Machine Management for Virtualization in Critical Environments
Trusted Virtual Machine Management for Virtualization in Critical Environments Khan Ferdous Wahid Fraunhofer SIT Rheinstraße 75 64295 Darmstadt Germany www.sit.fraunhofer.de khan.wahid@sit.fraunhofer.de
More informationTrustKey Tool User Manual
TrustKey Tool User Manual 1 Table of Contents 1 Introduction... 5 2 TrustKey Product...6 2.1 TrustKey Tool... 6 2.2 TrustKey function modules...7 2.3 TrustKey using environment...7 3 TrustKey Tool Installation...
More informationLinux Embedded devices with PicoDebian Martin Noha 28.9.2006
Embedded systems Linux Embedded devices with PicoDebian Martin Noha 28.9.2006 24.03.2005 1 Agenda Why did I look in this stuff? What is an embedded device? Characteristic hardware global requirements for
More informationHW (Fat001) TPM. Figure 1. Computing Node
1. Overview Two major components exist in our current prototype systems: the management node, including the Cloud Controller, Cluster Controller, Walrus and EBS, and the computing node, i.e. the Node Controller
More informationOverview of Windows 10 Requirements for TPM, HVCI and SecureBoot
presented by Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot UEFI Spring Plugfest May 18-22, 2015 Gabe Stocco, Scott Anderson, Suhas Manangi Updated 2011-06-01 UEFI Plugfest May 2015 www.uefi.org
More informationAIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT THREE. Computer Basics and Virtual Machines. www.uscyberpatriot.
AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT THREE Computer Basics and Virtual Machines www.uscyberpatriot.org AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER
More informationTrustworthy Identity Management for Web Authentication
Trustworthy Identity Management for Web Authentication Ramasivakarthik Mallavarapu Aalto University, School of Science and Technology kmallava@tkk.fi Abstract Identity theft today is one of the major security
More informationPrivate Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04
Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing UMBC Computer Science Technical Report Number TR-CS-10-04 F. John Krautheim 1 Dhananjay S. Phatak Alan T. Sherman 1 Cyber
More informationFrontiers in Cyber Security: Beyond the OS
2013 DHS S&T/DoD ASD (R&E) CYBER SECURITY SBIR WORKSHOP Frontiers in Cyber Security: Beyond the OS Clear Hat Consulting, Inc. Sherri Sparks 7/23/13 Company Profile CHC was founded in 2007 by S. Sparks
More informationCloud Security is a First Principle:
Cloud Security is a First Principle: Elements of Private Cloud Security Table of Contents Why the Security Minded are Drawn to Private Cloud Deployments....2 Security is the Driver Behind Private Clouds...3
More informationCertification Report
Certification Report EAL 4+ Evaluation of ncipher nshield Family of Hardware Security Modules Firmware Version 2.33.60 Issued by: Communications Security Establishment Canada Certification Body Canadian
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More information