Doug Cavit Chief Security Strategist Trustworthy Computing

© 2008 Microsoft Corporation Users must be empowered to make informed trust decisions (including accepting the risks of anonymity) Strong identity claims and reputation must be available to enhance security, privacy, and trust Better accountability must be created to deter crime and facilitate responses Beneficial change Social: Enabling a global village Economic: Easier, faster, cheaper commerce Political: Freer exchange of ideas Undesirable change Loss of data subject control over information Rise in identity theft Targeted attacks against businesses & governments Increases in other types of online and tech-facilitated crimes Now required: End to End Trust

© 2008 Microsoft Corporation Hardware O/S Drivers Applications GUI User Physical Examples SpywareSpyware RootkitsRootkits Application attacksApplication attacks Phishing/Social engineeringPhishing/Social engineering Attacks Getting More Sophisticated Traditional defenses are inadequate National Interest Personal Gain Personal Fame Curiosity AmateurExpertSpecialist Largest area by volume Largest area by $ lost $ lost Script-Kiddy Largest segment by $ spent on defense Fastestgrowingsegment Author Vandal Thief Spy Trespasser Crime On The Rise mainframe client/server Internet mobility B2E B2C B2B Pre-1980s1980s1990s2000s Number of Digital IDs Exponential Growth of IDs Identity and access management challenging Increasingly Sophisticated Malware Anti-malware alone is not sufficient Number of variants from over 7,000 malware families (1H07) Source: Microsoft Security Intelligence Report (January – June 2007)

© 2008 Microsoft Corporation SecurityPrivacyReliability BusinessPractices Secure against attacks Protects confidentiality, integrity & availability of data & systems Manageable Protects from unwanted communication Controls for informational privacy Products, online services adhere to fair information principles Dependable, Available Predictable, consistent responsive service Maintainable Resilient, works despite changes Recoverable, easily restored Proven, ready Commitment to customer-centric Interoperability Recognized industry leader, world-class partner Open, transparent Launched in January 2002 A Microsoft company-wide mandate Launched in January 2002 A Microsoft company-wide mandate Trustworthy Computing

© 2008 Microsoft Corporation  Security Development Lifecycle  Security Response Center  Better Updates And Tools

© 2008 Microsoft Corporation Microsoft Security Response Center (MSRC) Microsoft Malware Protection Center (MMPC) Windows Live OneCare and Forefront Client Security, powered by the Microsoft Malware Protection Center SPAM (Sender ID, Phishing Filters) Network Access Protection (NAP/NAC) Security Development Lifecycle process Engineered for security Design threat modeling SD3: Secure by Design Secure by Default Secure In Deployment Automated patching and update services SDL and SD3 Malware Example Consumer Education Laws Firewalls Antivirus Products Antispyware Products Malicious Software Removal Tool Memory Management (ASLR) Law Enforcement Defense in Depth Threat Mitigation Threat Mitigation

© 2008 Microsoft Corporation “I+4A” Trusted Hardware SecureFoundation Core Security Components Identity Claims Authentication Authorization Access Control Mechanisms Audit Trusted People TrustedStack Trusted Data Trusted Software INTEGRATED PROTECTION SDL and SD3 Defense in Depth Threat Mitigation

© 2008 Microsoft Corporation Trust decisions … are not binary may change as circumstances change are auditable may be rolled back if bad Effective trust decisions must Be based on a trusted stack Balance privacy, security & risk Be easy and informed Made automatically where possible Can people protect themselves and their family as they can in the physical world? Trusted People Trusted Software Trusted Hardware Trusted Data privacysecurity

© 2008 Microsoft Corporation Successful end-to-end trust needs solutions aligned with Societal values Market forces Regulatory environment These ideas, raised by many before, have not been implemented, in part because of misalignment We must come together to change the status quo, and find ways to address international barriers to implementation

© 2008 Microsoft Corporation Reduce types and severity of threats (e.g., de-value PII and reduce ID Theft) Create accountability for online crime Enable greater, safer personal Internet usage Enter new markets, expand Internet presence, and collaborate with partners and customers while reducing costs and risks Improve public safety and national security efforts, including disaster response (e.g., priority routing)

© 2008 Microsoft Corporation TwC – a good foundation Vulnerabilities greatly reduced but will never be zero Defense in Depth limits damage but cannot eliminate successful attacks Disabled features only protects against misuse of unused features For-profit crime is driving increasingly sophisticated attacks Enterprises can secure intranets, Internet not yet safe People would do more online if they felt safer TwC for the Internet Users need to be able to assess risks connecting to sites using software interacting with people Users need assurance of security & privacy Identity claims when required need to be provable Users need to be able to choose to be anonymous Too hard to know if a computer should be trusted Not possible to prove claims of identity beyond the intranet Porous enterprise boundaries make suspicious activity harder to detect Users need informed control of their computing experience Users need a simple way to make trust decisions on sites, software & data Bad actors like online criminals should be held accountable for their actions, which harm security and privacy Requires broad industry, government and citizen collaboration

© 2008 Microsoft Corporation Core Security Components Trust Founded on “Identity Claims,” not Identity Trusted Stack Protecting Privacy Needed for a trusted stack HW, SW, people & data validation Robust trust model Informed decisions based on integrity & reputation Scalable across all user scenarios Identity Claims Authentication Authorization Policies Access Control Mechanisms Audit Authenticate users on certified attributes In-person proofing Protects identity, reveals only data required to be Authenticated Authorized for Access Actions auditable, and privacy protected Stolen identity claim insufficient to cause data breach or ID loss Users should be able to control their PII Anonymity should be protected in appropriate contexts as a key social value, and clear to all parties People Software Hardware Data

© 2008 Microsoft Corporation Economic ForcesEconomic Forces Social Requirements Political/Legislative Core Security Components Trusted Stack Secure Foundation SDL and SD3 Defense in Depth Threat Mitigation “I+4A” Identity Claims Authentication Authorization Access Control Mechanisms Audit Integrated Protection

© 2008 Microsoft Corporation Safe electronic playgrounds for children Secure and easy electronic commerce with minimal identity theft Trustworthy systems and connections with user control Far less need to disclose personally identifiable information A more secure infrastructure able to respond in real-time to developing threats

© 2008 Microsoft Corporation © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

© 2008 Microsoft Corporation Appendix Unused Slides for Scott’s standard keynote

© 2008 Microsoft Corporation We need a broad dialogue on Technology Innovations Technology Innovations Economic Forces Economic Forces Political Standards Political Standards Social Change Social Change

© 2008 Microsoft Corporation Safe electronic playgrounds for children Secure and easy electronic commerce with minimal identity theft Trustworthy systems and connections with user control Far less need to disclose personally identifiable information A more secure infrastructure able to respond in real-time to developing threats