Technical Brief Distributed Trusted Computing



Similar documents
Patterns for Secure Boot and Secure Storage in Computer Systems

How to Secure Infrastructure Clouds with Trusted Computing Technologies

Secure Data Management in Trusted Computing

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Embedded Trusted Computing on ARM-based systems

Software Execution Protection in the Cloud

Hi and welcome to the Microsoft Virtual Academy and

Control your corner of the cloud.

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013

White Paper How Noah Mobile uses Microsoft Azure Core Services

Security Considerations in Cloud Deployments Matthew Garrett

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Hardware Security Modules for Protecting Embedded Systems

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing

HW (Fat001) TPM. Figure 1. Computing Node

Index. BIOS rootkit, 119 Broad network access, 107

Penetration Testing Windows Vista TM BitLocker TM

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Building Blocks Towards a Trustworthy NFV Infrastructure

Floodgate Security Framework

IoT Security Platform

Cloud Security is a First Principle:

The Virtualization Practice

WIND RIVER SECURE ANDROID CAPABILITY

Property Based TPM Virtualization

Using the TPM: Data Protection and Storage

Opal SSDs Integrated with TPMs

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Cloud security architecture

McAfee Deep Safe. Security beyond the OS. Kai-Ping Seidenschnur Senior Security Engineer. October 16, 2012

Designing and Coding Secure Systems

Brainloop Cloud Security

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

Trustworthy Computing

Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot

Patch and Vulnerability Management Program

SOFTWARE ASSET MANAGEMENT Continuous Monitoring. September 16, 2013

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Cloud Security:Threats & Mitgations

TPM Key Backup and Recovery. For Trusted Platforms

Encrypted File Systems. Don Porter CSE 506

Start building a trusted environment now... (before it s too late) IT Decision Makers

Windows Phone 8 Security Overview

Security Issues in Cloud Computing

Appendix to; Assessing Systemic Risk to Cloud Computing Technology as Complex Interconnected Systems of Systems

DevOps with Containers. for Microservices

Virtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE

UNCLASSIFIED Version 1.0 May 2012

On the security of Virtual Machine migration and related topics

Trusted Platforms for Homeland Security

Acronym Term Description

Cloud Data Protection for the Masses

Container Clusters on OpenStack

Accelerate OpenStack* Together. * OpenStack is a registered trademark of the OpenStack Foundation

WHITEPAPER INTRODUCTION TO CONTAINER SECURITY. Introduction to Container Security

SECURITY IN OPEN SOURCE VIRTUALIZATION

Practical Guide to Platform as a Service.

SkySecure System Overview

Attestation and Authentication Protocols Using the TPM

Supply Chain (In-) Security

Intel Cloud Builders Guide: Cloud Design and Deployment on Intel Platforms

Security Policy for FIPS Validation

Cisco Trust Anchor Technologies

RED HAT CONTAINER STRATEGY

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Media Shuttle s Defense-in- Depth Security Strategy

Addressing Cloud Computing Security Considerations

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Cloud Computing Security Considerations

Frontiers in Cyber Security: Beyond the OS

Establishing and Sustaining System Integrity via Root of Trust Installation

Aircloak Analytics: Anonymized User Data without Data Loss

The Comprehensive Guide to PCI Security Standards Compliance

Cloud Data Protection for the Masses

Security Architecture Whitepaper

CloudCheck Compliance Certification Program

CorreLog Alignment to PCI Security Standards Compliance

Introduction to Cyber Security / Information Security

Example of Standard API

Data At Rest Protection

Windows Server Virtualization & The Windows Hypervisor

Secure Storage. Lost Laptops

TNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group

Windows Server 2008 R2 Boot Manager Security Policy For FIPS Validation

Payment Card Industry (PCI) Terminal Software Security. Best Practices

vtpm: Virtualizing the Trusted Platform Module

End User Devices Security Guidance: Apple OS X 10.10

Our Vulnerability Scanning Program

Mirantis OpenStack Express: Security White Paper

William Hery Research Professor, Computer Science and Engineering NYU-Poly

Towards Trustworthy Architectures for Secure Cloud Servers and End-User Devices

Goals. Understanding security testing

HIPAA Compliant Infrastructure Services. Real Security Outcomes. Delivered.

STRATEGIC WHITE PAPER. The next step in server virtualization: How containers are changing the cloud and application landscape

CSE543 Computer and Network Security Module: Cloud Computing

Lecture Overview. INF3510 Information Security Spring Lecture 4 Computer Security. Meaningless transport defences when endpoints are insecure

That Point of Sale is a PoS

Transcription:

Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify, log, and audit every layer of the modern microservices platform, from nodes to clusters to the containers that isolate and execute business applications. Get an overview of how Tectonic DTC leverages hardware, firmware, and software to form a chain of trust binding the entire enterprise stack to integrity validation of code, configuration, and environment. Find out how to begin testing and exercising DTC in the enterprise today. Tectonic, delivered by CoreOS, is the universal Kubernetes solution for deploying, managing and securing containers anywhere. Tectonic combines Kubernetes and the CoreOS stack in a commercial distribution, prepackaged with an enterprise-ready management dashboard, an integrated container registry and a supported, continuously up-to-date distributed platform. Tectonic is available in any environment, cloud or on-premise. @tectonicstack.

Summary Tectonic Leads in Security (DTC) comprises an industry-first set of capabilities to secure enterprise infrastructure across layers and across machines, from the hardware, to the container, to the distributed application cluster. In this overview, we outline the two architectural components that make the most trusted and secure place to build, run and manage containers: Secure Boot, which provides a verified system platform, and DTC itself, which harnesses both hardware and software to isolate and cryptographically verify and audit containers executing on clusters of Secure Booted nodes. We discuss development in the CoreOS bootloader, kernel, and operating system to enable cryptographic verification of boot mechanisms, system images, application containers and their runtime environment in Tectonic clusters. This work constructs a chain of trust rooted at enterprise public keys initialized into system firmware and used to validate signed binaries and hashes of their configuration arguments in order to provably demonstrate deployed systems match specifications exactly, even in potentially hostile environments presenting the threat of low-level system attacks. We show how these facilities ensure sensitive data, such as cluster secrets, and even cluster membership itself, are granted only to validated, trusted nodes. Components of Trusted Computing Verify integrity of the OS release Distributed Trusted Computing Components

DTC Secure Boot System Image Verification In DTC Secure Boot, the CoreOS boot process from power-on through user login is modified so that every stage is subjected to cryptographic validation, and can only execute if proven to validate with a public key, held in firmware, and used to sign the component during a controlled initialization. After power is applied, the bootloader, a small executable responsible for reading the operating system kernel from disk and setting it up its initial state in memory, is the first item validated. The bootloader stage is executed only if the signature is valid, proving no out of band modification has occurred. Before exiting, the loader validates the next link in the chain, which is usually a second-stage bootloader, or the operating system kernel itself. Once again the preceding stage cryptographically validates the next unit of code to be executed, and a decision is made about whether or not to proceed. Atomic Operating System CoreOS is particularly suited to this kind of validation by cryptographic signature, as the system is released in a signed, atomic version representing all software, kernel and user-mode, and stored on a read-only mount point. Since the CoreOS software stack isn t just a loose collection of packages, the collective environment can be verified during the boot process, and only allowed to proceed if its integrity can be mathematically assured. Making the TPM an Enterprise Asset Apply SecureBoot Principles to the Application Most software isn t part of the operating system or the bootloader. While Secure Boot provides a platform of verified integrity, the applications that a business creates and depends on, the software of the most interest to users, could still be vulnerable to replacement, modification, or other attacks. Tectonic Distributed Trusted Computing extends the principles of Secure Boot to the cluster s container execution environment.

Making the TPM an Enterprise Asset Trusted Platform Module (TPM) Many recent computer systems include a motherboard component called a Trusted Platform Module (TPM). Specified by the industry Trusted Computing Group (TCG), the TPM is a cryptographic processor with special operating rules designed to integrate encryption keys directly into hardware. The TPM is a general mechanism for the assurance of integrity, and, with proper support in the operating system, can be employed by system owners to verify deployed hardware and software. Extending the Chain of Trust With DTC, the TPM becomes an enterprise asset used to extend the chain of trust established by Secure Boot to container execution on the cluster, logging, and audit forensics. At each stage of a system s boot process and container start up, the TPM generates a cryptographically signed, unique hash of the expected code and configuration. Because this verification computes a mathematical representation, a hash, of a given target, the TCG specification refers to the process as measurement. Each system s TPM consists of a microprocessor specialized for a few encryption and hashing functions, with access to a small amount of storage in the form of Platform Configuration Registers (PCRs). Thus, the TPM cryptoprocessor can measure requested targets: boot stages, executables, or environments, and store the measurement results in a PCR. The TPM then allows software to read PCR contents according to strict protection rules, and use the measurements stored there to make decisions about the integrity of the target and the next action to take. Under the protection and write semantics enforced by TPM hardware, it is not easily possible even for system-level software to tamper with the measurements stored in TPM registers without detection.

Making the TPM an Enterprise Asset TPM Utilized by rkt The rkt container execution environment, part of CoreOS, automatically uses the TPM to perform measurement of containers when running on a system that has performed a Secure Boot to join a Tectonic DTC cluster. The App Container Image (ACI) format used natively by rkt includes a cryptographic signature feature for image verification. The combination of these two facilities brings cryptographic verification to the cluster s container execution layer. A cluster of trusted nodes executing validated, isolated application containers is, by definition, Distributed Trusted Computing. Containers are Verified Before Execution means that no machine can boot without being mathematically validated as exactly the intended deployment, from firmware to operating system; that only verified, known nodes join clusters and gain access to cluster keys, secrets, or other sensitive data, and that the containers that execute applications and services on Tectonic clusters are subject to the same integrity verification and merciless restriction. Enterprise Deployments Secure Admission to the Cluster To this point, we have described the construction of a chain of trust, rooted at an enterprise-owned, initialized key in each system s firmware, extending through the boot process, to the operating system and utilities, with assurance of integrity at the cluster level for each executing application container. This has profound implications for deployment technology and economics. As briefly mentioned above, there is a potential space for vulnerability at the cluster admission level. DTC Secure Boot advances the current state of this art, even without specific cluster orchestration support, by effectively preventing anything but verified system images from booting and joining clusters. Systems whose integrity cannot be verified are never able to request or obtain cluster data or configuration secrets, never have containers scheduled on them, and never become a threat to the security of a Tectonic cluster. Future work is planned to expand this foundation along with proposed Kubernetes admission control mechanisms to provide higher-level abstractions for acting on node integrity.

Enterprise Deployments Safely Deploy to Hostile Locations Cryptographic and hardware-protected system and container image integrity validation proposes an answer to the emerging question of datacenter and provider security. Even if we imagine a completely hostile but tantalizingly low-cost colocation facility, deployers don t have to trust their provider. Tampering with rack units hardware or software to subvert or spy on operations is immediately detected, and stopped, by the Secure Boot process. Even a network attack on a container deployment link is foiled by the same integrity checking, integrated with rkt, the cluster container execution environment. The threat of even very low-level provider espionage is mitigated into a machine replacement issue, rather than a data disclosure or executable penetration. As the union of these facilities, Tectonic Enterprise with Distributed Trusted Computing builds trusted nodes together into clusters provably deployed exactly as specified, whether on-premises or in the least trustworthy datacenter conditions. Enterprise applications are then executed on trusted, verified Tectonic DTC clusters within isolated containers, each secured and validated by the same mechanisms. The result is a complete distributed system in a known state exactly matching the intended deployment, providing mission-critical services with assurance of trust at each layer of the platform, even from the other side of the corporate firewall. For more information vist: /trusted-computing Contact our Sales team : (800) 774-3507 Send us an email : sales@tectonic.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information