EMB304 Building Trustworthy Windows CE Embedded Devices and Applications Ganapathy Raman Program Manager Windows CE Security Team Microsoft Corporation.

Slides:



Advertisements
Similar presentations
4/6/ :35 AM © 2004 Microsoft Corporation. All rights reserved.
Advertisements

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
EMB306 Building Windows CE Devices With DX Support John L. Marcantonio Program Manager Windows CE Multimedia Microsoft Corporation.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
Start Mobile Developer Nuggets David Goon 27 October 2005.
Amit Chopra APP209 Introducing “Orcas” Huh ? What’s “Orcas”?
What’s new for Rich Clients? Martin Parry Developer & Platform Group Microsoft Ltd
Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.
WebCCTV 1 Contents Introduction Getting Started Connecting the WebCCTV NVR to a local network Connecting the WebCCTV NVR to the Internet Restoring the.
EMB321 How To Write A Windows CE SDIO Client
Johan Arwidmark Chief Technical Architect TrueSec WEM303.
Rob Hwacinski Sr. Program Manager Lead Microsoft Corporation WEM206 Ashwin Kulkarni Sr. Product Manager Microsoft Corporation.
Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
EMB313 Increasing Developer Productivity With Windows CE 5.0 Matt Young Windows Mobile Joint Development Program (JDP) Microsoft.
CLI339 Building Bluetooth Applications On The Windows CE 5.0 And Windows Mobile Platforms Anil Dhawan Program Manager Windows Mobile.
Using The WDK For Windows Logo And Signature Testing Craig Rowland Program Manager Windows Driver Kits Microsoft Corporation.
What is Windows Embedded all about? Don Kerr Embedded Strategy Manager Microsoft Australia Andrew McGrath PrincipalBluBits SOL215.
EMB425 Using Advanced Platform Builder Debugger Features James Stulz Program Manager Windows CE Core Tools Microsoft Corporation.
EMB313 Increasing Developer Productivity With Windows CE 5.0
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
EMB318 Improve Product Quality Using Windows CE Error Reporting (Watson) James Stulz Program Manager Windows CE Core Tools Microsoft Corporation.
EMB315 Non-Volatile Object Store And Hive Based Registry Design For Windows CE Rick Austin Principle Engineer Intermec Corporation.
Microsoft ® Official Course Module 8 Securing Windows 8 Desktops.
EMB426 Windows CE Memory Architecture Steve Maillet CEO/Chief Software Architect EmbeddedFusion.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Using the WDK for Windows Logo and Signature Testing Craig Rowland Program Manager Windows Driver Kits Microsoft Corporation.
Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.
CLI324 Tablet PC Platform Advanced Topics Software Design Engineer/Test Lead
Week #7 Objectives: Secure Windows 7 Desktop
BIZ208 Windows CE 5.0 Bringing to Market a Broad Range of Devices Dan Javnozon Product Manager MEDG Microsoft Corporation Business Track Presentation.
EMB423 Creating A Trusted Environment For Windows CE 5.0 Nat Frampton President Real Time Development
EMB320 Windows CE 5.0 Image Configuration, Boot Loaders, And Security
DEV325 Deploying Visual Studio.NET Applications Billy Hollis Author / Consultant.
Windows Forms in Visual Studio 2005: An Overview Name: Joe Stegman Title: Lead Program Manager Session code.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
EMB422 Advanced Embedded Visual C++ Application Development Control - View Nat Frampton President Real Time Development
EMB424 Implementing Fault Tolerant Systems in Windows CE 5.0 Nat Frampton President Real Time Development
New Managed Messaging, State, And Notification APIs In Windows Mobile 2005 Gaurav Khanna Developer Evangelist Microsoft India.
EMB427 Writing Real-Time Applications On Windows CE 5.0 Nat Frampton President Real Time Development Corporation
CSCI 1033 Computer Hardware Course Overview. Go to enter TA in the “Enter Promotion Code” box on the bottom right corner.
Microsoft Management Seminar Series SMS 2003 Change Management.
CLI205 Basic Considerations For Mobile PC Application Development Tablet and Mobile PC Technical Evangelist Microsoft Corporation.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs This would be presented.
CLI325 In Depth – Ink Data Management Mark Hopkins Programmer Writer Tablet and Mobile PC Group Microsoft Corporation.
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
Microsoft Visual Studio 2005 Tools for the Office System: Building Office Solutions Using Visual Studio 2005 Tools for Office Andrew Coates Developer Evangelist.
SVR201 SQL Server 2005 Mobile Edition: The Evolution Of SQL Server CE Scott Smith Program Manager Visual Studio for Devices Microsoft Corporation.
CLI210 Introduction To Managed Development For Devices With Visual Studio 2005 Scott D. Smith Program Manager Visual Studio for Devices Microsoft Corporation.
Advanced Memory Management Douglas Boling President Boling Consulting Inc.
Step-by-Step Migration and Adoption Mark Michaelis Architect, Author, and Trainer Eric Lee Microsoft Product Manager Visual Studio 2005 Team Foundation.
Windows NT ® Security Management: Extending Windows NT 5.0 Security Management Tools, Part 2 Praerit Garg Program Manager Windows NT Security Microsoft.
Windows CE Services Douglas Boling President Boling Consulting Inc.
Gowtham Prasad K N Partner Technical Consultant | Microsoft Corporation |
ClickOnce Deployment (One-click Deployment)
6/11/2018 8:14 AM THR2175 Building and deploying existing ASP.NET applications using VSTS and Docker on Windows Marcel de Vries CTO, Xpirit © Microsoft.
Developing Hybrid Apps on Microsoft Azure Stack
Modernizing your Remote Access
Visual Studio Tools for Office 2005
A Fast Track into Device Guard
Developing Drivers in Visual Studio
Deploying Windows Embedded with Style
Tech·Ed North America /5/2018 6:43 PM
Microsoft Virtual Academy
1/14/2019 3:57 AM © 2004 Microsoft Corporation. All rights reserved.
DAT381 Team Development with SQL Server 2005
Delivering great hardware solutions for Windows
ClickOnce Deployment (One-click Deployment)
Mark Quirk Head of Technology Developer & Platform Group
SBS 2008 – One year on David Overton
Presentation transcript:

EMB304 Building Trustworthy Windows CE Embedded Devices and Applications Ganapathy Raman Program Manager Windows CE Security Team Microsoft Corporation

M anagement T ools C ommunications & M essaging Device Update Agent Software Update Services Live Communications Server Exchange Server Internet Security and Acceleration Server Speech Server Image Update L ocation S ervices M ultimedia MapPoint DirectX Windows Media Visual Studio 2005 D evelopment T ools MFC 8.0, ATL 8.0 Win32 N ative M anaged S erver S ide L ightweight R elational SQL Server 2005 Express EditionEDB D ata P rogramming M odel D evice B uilding T ools D evice B uilding T ools H ardware/ D rivers Windows XP DDK Windows Embedded Studio Platform Builder OEM/IHV Supplied BSP (ARM, SH4, MIPS) OEM Hardware and Standard Drivers Standard PC Hardware and Drivers SQL Server 2005SQL Server 2005 Mobile Edition ASP.NET Mobile ControlsASP.NET.NET Compact Framework.NET Framework Microsoft Operations Manager Systems Management Server

Introduction Microsoft committed to helping you meet your security goals Secure Devices Secure Applications Demonstrate rich set of security features Share best practices, processes, tools

Code Execution Security Questions Control over code execution Control over code rights Answer Windows CE Trust Model Every exe/dll assigned trust level Trust level 0 – Don’t run 1 – Run normal (restricted rights) 2 – Run trusted

Code Execution Security Normal mode (restricted rights) Protected registry keys (write) Protected system files Protected API’s You can extend trusted boundary How does OS determine trust level? It does not; You do Implement secure loader Trust based on signatures

Code Execution Security

Secrets Storing secrets in software is DIFFICULT It’s best to not store the secret itself Think of key hierarchies Leverage secure storage in hardware Whom are you protecting the secret from ? ‘Normal’ processes on same device Theft of offline storage (CF card) Communication network User

Data Protection API (DPAPI) APICryptProtectDataCryptUnProtectData Easy to use Don’t have to create or manage keys Highly leveraged by OS components Does not deal with storage System flag support Restrict access to trusted code Can provide additional entropy (application specific information)

Data Protection API (DPAPI)

Data Protection API

Local Authentication – LASS Local Authentication Sub-System / Device Lock Applications can request user verification using configured device locking mechanism Ability to set simple policies via registry Prompt if 5 minutes has expired since last successful authentication Modular Device Lock mechanism with support for plug-ins Password / PIN plug-in Smart Card plug-in Fingerprint plug-in

Local Authentication LASS

Local Authentication

Writing Secure Code General best practices E.g.: Buffer overflow Good reference Writing Secure Code, Second Edition Michael Howard, David LeBlanc Windows CE specific best practices E.g.: Check trust level of caller Platform Builder Docs – Security Best practices section for each feature Defect detection tool PREFast Detect errors by static analysis

PREFast

Network Authentication

Credential Management Credential Manager (Credman) Higher level abstraction Simplified management Improved security Better user experience thro sharing Credential Characteristics Type Domain, Plaintext, Certificate, Custom Target WebSiteA, WebSiteB, FileShareC UserPasswordFlags Sensitive (prompt user before read) Trusted (only trusted callers can read) Persist in registry / memory

Credential Manager

Credman + SSPI integration

Credman + SSPI Integration

Features We Looked At Secure Loader (Trust model) DPAPI (Secret protection) LASS (Local Authentication) Tools (PREFast) SSPI (Network Authentication) Credential Manager (User credentials)

More Features Cryptography - CAPI1.0 3DES,AES,SHA,MD5,RSA PKI - CAPI2.0 CertificatesSmartcards 2 Factor authentication Secure Hardware Network security IPSECVPNWireless Component security Web Server, Bluetooth etc

Summary Windows CE platform has a rich set of security features Microsoft committed to helping you Build Secure Devices Develop Secure Applications Talk to us. We love to hear from you. Speaker cabana – Next 3 hours Can setup informal meetings. If interested mention in session feedback.

Related sessions EMB423 – Creating a trusted environment for windows CE 5.0 EMB320 – Windows CE 5.0 Boot Loader Security CLI320 – Security and device configuration for developers in windows mobile ENT313 – Panel discussion : Inside windows mobile security ENT312 – Mobile security – Its not an oxymoron ENT315 – Windows mobile platform security drilldown for the enterprise

While At MEDC 2005… Fill out an evaluation for this session Randomly selected instant WIN prizes! Randomly selected instant WIN prizes! Use real technology in a lab Instructor led Reef E/F & Breakers L Self-paced Reef B/C Self-paced Reef B/C Visit the Microsoft Product Pavilion in the Exhibit Hall Shorelines B in the Exhibit Hall Shorelines B

After The Conference… Develop Build InstallBuildJoin Install Enter Enter Join Full-featured trial versions of Windows CE and/or Windows XP Embedded Cool stuff & tell us about it: msdn.microsoft.com/embedded/community msdn.microsoft.com/embedded/community Windows Embedded Partner Program: Windows Mobile 5.0 Eval Kit including Visual Studio 2005 Beta 2 Mobile2Market Contest and win up to $25000: mobile2marketcontest.com mobile2marketcontest.com Microsoft Solutions Partner Program: partner.microsoft.com partner.microsoft.com

Tools & Resources msdn.microsoft.com/ embedded microsoft.public. windowsxp.embedded windowsce.platbuilder windowsce.platbuilder windowsce.embedded.vc windowsce.embedded.vc blogs.msdn.com/ mikehall Windows CE 5.0 Eval Kit Windows XP Embedded Eval Kit msdn.microsoft.com/ mobility microsoft.public. pocketpc.developer smartphone.developer dotnet.framework.compactframework blogs.msdn.com/ windowsmobile vsdteam netcfteam Windows Mobile 5.0 Eval Kit Websites Newsgroups Blogs Tools Build Develop

Questions? Ganapathy Raman

© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.