Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Computing David Grawrock TPM.

Slides:



Advertisements
Similar presentations
Operating-System Structures
Advertisements

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary December 2010 Irvine, CA – PWG Meeting Ira McDonald (High.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary and IDS WG TCG Activity Summary August 2010 Bagsvaerd, Denmark – PWG Meeting.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary 10 June 2010 Rochester, NY – PWG F2F Meeting Ira McDonald.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary 7 April 2010 Camas, WA – PWG F2F Meeting Ira McDonald (High.
1Copyright © 2011, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary May 2011 Webster, NY – PWG Meeting Ira McDonald (High North.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Vpn-info.com.
1 Trusted Systems in Networking Infrastructure Rafael Mantilla Montalvo Cisco Systems June 2013.
A Logic of Secure Systems and its Application to Trusted Computing Anupam Datta, Jason Franklin, Deepak Garg, and Dilsun Kaynar Carnegie Mellon University.
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.
Hardware-Rooted Security in Mobile Devices Andrew Regenscheid Lead, Hardware-Rooted Security Computer Security Division.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Putting Trust into the Network: Securing.
Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
Using Secure Coprocessors to Protect Access to Enterprise Networks Dr. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh
Enforcement of Security Policy Compliance in Virtual Private Networks Prof. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh
SEC316: BitLocker™ Drive Encryption
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Trusted Computing Platform Alliance – Introduction and Technical Overview – Joe Pato HP Labs MIT 6.805/ October 2002.
outline Purpose Design Implementation Market Conclusion presentation Outline.
Bootstrapping Trust in Commodity Computers Bryan Parno, Jonathan McCune, Adrian Perrig 1 Carnegie Mellon University.
© Check Point Software Technologies Ltd. All rights reserved. Proprietary and confidential. Trusted Computing Yaron Sheffer Manager, Standards.
Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.
Trusted Computing Platform Alliance
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Extending user controlled security domain.
Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.
An approach to on the fly activation and deactivation of virtualization-based security systems Denis Efremov Pavel Iakovenko
Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.
Guide to Linux Installation and Administration, 2e1 Chapter 2 Planning Your System.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3.
Reducing Trust Domain with TXT Daniel De Graaf. TXT overview Original TPM – Static Root of Trust – BIOS, all boot ROMs, bootloader, hypervisor, OS TPM.
An Introduction to Trusted Platform Technology Siani Pearson Hewlett Packard Laboratories, UK
(ITI310) By Eng. BASSEM ALSAID SESSION 2: Server Configuration & Administration Notes SAT 31-Oct-2015.
Trusted Infrastructure Xiaolong Wang, Xinming Ou Based on Dr. Andrew Martin’s slides from TIW 2013.
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
1 Information Security – Theory vs. Reality , Winter Lecture 12: Trusted computing architecture (cont.), Eran Tromer Slides credit:
What is BitLocker and How Does It Work? Steve Lamb IT Pro Evangelist, Microsoft Ltd
OPERATING SYSTEM REVIEW. System Software The programs that control and maintain the operation of the computer and its devices The two parts of system.
CHAPTER Network Operating System Concepts. Chapter Objectives Provide an overview of network operating systems and its functions Explain the concept of.
Copyright © 2009 Trusted Computing Group An Introduction to Federated TNC Josh Howlett, JANET(UK) 11 June, 2009.
Trusted Component Deployment Trusted Components Bernd Schoeller January 30 th, 2006.
Trusted Computing and the Trusted Platform Module
The Future? Or the Past and Present?
Trusted Infrastructure
Operating System Review
SY0-401 Exam Dumps CompTIA Security+ Certification Exam
Trusted Computing and the Trusted Platform Module
Outline What does the OS protect? Authentication for operating systems
Chapter 2: System Structures
The Future? Or the Past and Present?
Outline What does the OS protect? Authentication for operating systems
TRUST:Team for Research in Ubiquitous Secure Technologies
תרגול 9 – Windows Security
Operating System Review
Innovations for Grid Security from Trusted Computing
User-mode Secret Protection (SP) architecture
Operating System Review
TPM, UEFI, Trusted Boot, Secure Boot
Erica Burch Jesse Forrest
Bruce Maggs (with some slides from Bryan Parno)
Bruce Maggs (with some slides from Bryan Parno)
Presentation transcript:

Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Computing David Grawrock TPM Workgroup Chair

Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 1012 Trusted Computing Brief History TCPA forms in January 1999 –HP, IBM, Intel, Microsoft and others…. –Trusted platforms are those containing a h/w based subsystem devoted to maintaining trust and security between machines. Trusted Platform Design Features –Includes most cryptographic primitives (not bulk crypto) –Privacy enabled (fully opt-in) –No global secrets (crack one, get just one) –Low cost (not a crypto-coprocessor) –Ubiquity (low cost and exportable) February 2001 release of first Trusted Platform Module specifications –Protected non-volatile storage, protected execution, RNG and crypto services, tamper resistance

Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 1013 Trusted Computing Brief History TCPA formally becomes TCG In 2004 TCG defines trust: –An entity can be trusted if it always behaves in the expected manner for the intended operation. Today: –~100 companies are members of TCG –Multiple TPM providers Infineon, Natl Semi, and others –Multiple platform vendors Dell, HP, Lenovo, and others –Usage models coming to market Trusted Network Connect Verified boot / Trusted boot

Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 1014 Local Computing Environment Printer Subordinat e LAN Vulnerability Scanner Local Area Network Certificate Service Shared Application Servers Virus Protection Directory Services Protected Application Servers Intrusion Detection LAN Management Workstation Inside & Outside Source: IATF Release 3.0 The outside box is the enclave

Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 1015 Chain of Trust Goal is to gain trust in Entity C Operational standpoint is that A launches B and B launches C –To trust C one must trust B –To trust B one must trust A A to B to C creates a Chain of Trust Another term in use for this is Transitive Trust –Trust is transitive from A to B to C –It does not invert, trusting A does NOT imply that I must trust C –Trusting C REQUIRES me to trust A and B Entity AEntity BEntity C

Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 1016 Chain Measurement What does one need to trust the chain –The identity of each item in the chain –From definitions identity = measurement –Therefore A measures B before passing control to B –B measures C before passing control to C Generic flow is –Receive control –Measure next entity –Pass control to entity That works for the chain but who measured A? Entity AEntity BEntity C

Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 1017 Root of Trust A Root of Trust is an entity that must be trusted as there is no mechanism available to measure the entity When creating a chain of measurements the first entity in the chain MUST be the Root of Trust for Measurement (RTM) –Becomes the anchor of the chain A platform may have more than one RTM available –The Static RTM (SRTM) gains control on each boot of the platform –The Dynamic RTM (DRTM) gains control upon invocation of a specific platform operation If more than one RTM is available it means that more than one trust chain is possible RTMEntity BEntity C

Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 1018 Recap of the Basics Recap –Trusting C requires trust in B and the RTM (formerly A) –Links in the chain come from measurement (digital hash) of the entity –First link in the chain is the Root of Trust for Measurement RTMEntity BEntity C

Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust 1019 Static RTM On A PC The RTM gains control after platform reset The chain of trust starts then starts with reset and measures all of the components to the OS Blue lines indicate measurements Brown lines indicate extend operations The CRTM measures the BIOS and stores the measurement in the Trusted Platform Module (TPM) –Measurement storage uses the special TPM operation of Extend The other components measure the next link in the chain and also extend those measurements into the TPM RTM BIOS TPM Platform Reset MBR OS Loader Option ROM

Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust Dynamic RTM On A PC The RTM gains control upon execution of specific CPU instruction The Measured Launch Environment (MLE) gains control after the CPU RTM instruction completes the measurement of the MLE Typical MLE environments would be a Virtual Machine Monitor (VMM) or other specific security environments Blue lines indicate measurements Brown lines indicate extend operations The MLE can establish additional environments and also provide measurements of the those additional environments Note that the dynamic RTM provides a simpler trust chain then the static RTM RTM MLE TPM CPU Instruction

Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust Trusting The Enclave Now how does one trust the entities in the secure enclave? The answer comes from knowing how each entity is executing Knowing how each entity is executing comes from the measurement process (static, dynamic, or both) Each device may have a different RTM and there needs to be information as to what represents a trustable platform Printer Subordinat e LAN Vulnerability Scanner Local Area Network Certificate Service Shared Application Servers Virus Protection Directory Services Protected Application Servers Intrusion Detection LAN Management Workstation Inside & Outside

Copyright© 2006 Trusted Computing Group - Other names and brands are properties of their respective owners. © 2006 Intel Corporation 15 May 2007Trust Items Not Covered Today RTM definitions –Covered by platform type Already understood for PC and cell phones more coming Dynamic RTM processes –One example is Intel ® Trusted Execution Technology (formerly LaGrande Technology) All of the measurement values necessary to understand a platform state –Work ongoing with the TCG Infrastructure Workgroup

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.