Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security & Reliability with Windows Vista Martin Parry Developer & Platform Group, Microsoft Ltd

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security & Reliability with Windows Vista Martin Parry Developer & Platform Group, Microsoft Ltd"— Presentation transcript:

1 Security & Reliability with Windows Vista Martin Parry Developer & Platform Group, Microsoft Ltd martin.parry@microsoft.com http://martinparry.com

2 Agenda Reliability –Restart and Recovery –Transactional NTFS and Registry Security –User Account Control –Windows CardSpace

3 Restart and Recovery Applications sometimes fail Windows Vista can detect more failures –Crash, hang, memory leak Windows Vista can: - –Restart your app automatically –Give the dying process a “last chance” to save data

4 Restart and Recovery

5 Restart Manager Controlled restart during s/w installation Two sides… –Processes use Restart APIs as before –Setup scripts use new APIs Shutdown is more controlled: - –WM_QUERYENDSESSION Setup can use Windows Installer 4

6 Transactions System.Transactions Transactional File System & Registry –Isolation Level: Read Committed –Lock Granularity: File Handle, Registry Key New APIs –CreateFileTransacted –RegCreateKeyTransacted –etc...

7 Transactional File System

8 Where are we? Reliability –Restart and Recovery –Transactional NTFS and Registry Security –User Account Control –Windows CardSpace

9 User Account Control We are at risk from malware when running as administrator TCO benefits with “standard user” managed desktops Running without admin privilege can be difficult UAC makes everyone a “standard user” Explicit consent required for elevation

10 UAC Standard User Rights Administrative Rights Admin logon “Standard User” Token Admin Token User Process Change Time ZoneChange Time Zone Run IT Approved ApplicationsRun IT Approved Applications Install FontsInstall Fonts Install PrintersInstall Printers … Admin Process Install Application Admin Process Configure IIS Admin Process Change Time Standard User Mode Split Token Admin Privileges Admin Privilege Standard User Privilege User Computer

11 Shield UI

12 Consent Dialog - Windows

13 Consent Dialog – Signed App

14 Consent Dialog – Unsigned App

15 Elevation Starting a process with the “full” token Embed a manifest Installer detection Application-compatibility shim Right-click...

16 User Account Control

17 Virtualization Some existing apps write to admin locations –HKLM\Software; %SystemDrive%\Program Files … Virtualization removes need for elevation –Writes to system areas redirected to per-user areas –Copy-on-write Avoids security exceptions, but…! This is for apps that don’t know about UAC…!

18 Windows CardSpace.NET Fx V3.0 V2.0 Compilers V2.0 CLR VS 2005 Windows Vista, XP SP2, Server 2003 SP1

19 Identity on the Internet Identity on the Internet poses problems –Identity theft –I want multiple identities to choose from –Complexity of identity information We built an identity system a while ago –Microsoft Passport –Working very well for access to our sites –There were some trust issues

20 A New Approach www.identityblog.com –The seven laws of identity We have interoperable WS-* specs We have standard format for credentials –SAML tokens We have all the pieces for a cross-platform identity metasystem

21 Identity Metasystem Relying Parties Require identities Subjects Individuals and other entities about whom claims are made Identity Providers Issue identities

22 Windows CardSpace The Identity Selector for Windows Grounded in real-world metaphor of physical cards –Credit card, driving licence, etc. –Personal cards & managed cards Implemented as secure subsystem –Protected UI –Anti-spoofing techniques

23 Windows CardSpace

24 Requesting a Card Click here to sign in <param name="requiredClaims" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privateperso nalidentifier" />

25 Partner: Experian Joe Pygall IT Business Consultant

26 Use the Moment ® Consumer intelligence that delivers results at the speed of life Experian Identity Management Joe Pygall IT Business Consultant

27 Use the Moment ® Consumer intelligence that delivers results at the speed of life What does Experian do? Experian is a Global leader in providing information solutions Headquartered in Nottingham and Costa Mesa, California 12,500 employees worldwide Global FTSE 100 company operating in over 60 countries One of our capabilities is validating that people are who they say they are: –Identity Authentication Millions of transactions per year At the start of the new business relationship and throughout Our UK Data Centres are secure; your identities are safe

28 Use the Moment ® Consumer intelligence that delivers results at the speed of life What did we decide to do? Objective – to reduce fraud through the introduction of trusted consumer identities How are we going to do this? –By being involved in every transaction between a consumer and their chosen organisation we will be able to verify that users are who they say they are –As a step towards this objective, we embarked on a Proof of Concept with Microsoft

29 Use the Moment ® Consumer intelligence that delivers results at the speed of life What did we do? Engaged with our customers to assess their identity issues Produced a working prototype with.Net 3.0, CardSpace and Vista Developed software in Visual Studio 2005, using C# Created applications based on web services, SOAP and XML Utilised the Microsoft Technology Centre (Reading)

30 Use the Moment ® Consumer intelligence that delivers results at the speed of life What does it look like?

31 Use the Moment ® Consumer intelligence that delivers results at the speed of life What does it look like? Identity Provider 1) Enrolment

32 Use the Moment ® Consumer intelligence that delivers results at the speed of life What does it look like? ` IdentityProvider 1) Enrolment

33 Use the Moment ® Consumer intelligence that delivers results at the speed of life What does it look like? Identity Provider 1) Enrolment

34 Use the Moment ® Consumer intelligence that delivers results at the speed of life What does it look like?` Identity Provider 1) Enrolment 2) Accepting a Card

35 Use the Moment ® Consumer intelligence that delivers results at the speed of life What does it look like?` Identity Provider 1) Enrolment 2) Accepting a Card

36 Use the Moment ® Consumer intelligence that delivers results at the speed of life What does it look like?` Identity Provider 1) Enrolment Relying Parties 3) Accessing a Website 2) Accepting a Card

37 Use the Moment ® Consumer intelligence that delivers results at the speed of life What does it look like?` Identity Provider 1) Enrolment 2) Accepting a Card Relying Parties 3) Accessing a Website

38 Use the Moment ® Consumer intelligence that delivers results at the speed of life What does it look like?` Identity Provider 1) Enrolment Relying Parties 3) Accessing a Website 2) Accepting a Card

39 Use the Moment ® Consumer intelligence that delivers results at the speed of life What does it look like?` Identity Provider 1) Enrolment 2) Accepting a Card Relying Parties 3) Accessing a Website

40 Use the Moment ® Consumer intelligence that delivers results at the speed of life What does it look like?` Identity Provider 1) Enrolment Relying Parties 3) Accessing a Website 2) Accepting a Card

41 Use the Moment ® Consumer intelligence that delivers results at the speed of life What does it look like?` Identity Provider 1) Enrolment Relying Parties 3) Accessing a Website 2) Accepting a Card

42 Use the Moment ® Consumer intelligence that delivers results at the speed of life What does it look like?` Identity Provider 1) Enrolment Relying Parties 3) Accessing a Website 4) Successful Authentication & Logon 2) Accepting a Card

43 Use the Moment ® Consumer intelligence that delivers results at the speed of life What does it look like?` Identity Provider 1) Enrolment 2) Accepting a Card Relying Parties 3) Accessing a Website 4) Successful Authentication & Logon

44 Use the Moment ® Consumer intelligence that delivers results at the speed of life What does it look like?` Identity Provider 1) Enrolment Relying Parties 3) Accessing a Website 4) Successful Authentication & Logon 2) Accepting a Card

45 Use the Moment ® Consumer intelligence that delivers results at the speed of life What does this mean for you? Relying Parties (e.g. Banks, Retailers): No longer need to manage user credentials Do not need to provide a mechanism for authentication No longer need to have authentication infrastructure Can process identities from multiple ID providers in a standard way Can be more confident in the identity of a customer Consumers (i.e. all of us): Will have the option to have a single trusted identity that can be reused Resulting in a consistent experience with every relying party `

46 Use the Moment ® Consumer intelligence that delivers results at the speed of life What needs to happen? Relying parties will need to partner with a reputable identity provider e.g. Experian Identity providers will need to be able to verify individuals identity effectively Technically - what do CardSpace adopters have to do? Implement standards like WS-* and SAML Implement card selector object tags Concept can be applied through standards to non Microsoft implementations e.g. Safari, Firefox

47 Use the Moment ® Consumer intelligence that delivers results at the speed of life Summary Technology is proven – it works Experian is already a key player in the identity provider arena Experian can offer an Identity Management solution to businesses that need one The PoC forms part of a much bigger IDM solution within Experian We are looking at other methods to complement this e.g. biometrics and conventional authentication

48 Use the Moment ® Consumer intelligence that delivers results at the speed of life Summary Experian and Microsoft are leading the way in providing online digital identities to consumers, ensuring that the internet is a safer place to transact business for both consumers and retailers

49 Summary Confidence = Reliability + Security Reliability –Restart & Recovery –Transactional NTFS & Registry –Etc. Security –User Account Control –Windows CardSpace –Etc.

50 Useful Resources http://www.microsoft.com/uk/ launch2007/dev/useful.mspxhttp://www.microsoft.com/uk/ launch2007/dev/useful.mspx

51 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Security & Reliability with Windows Vista Martin Parry Developer & Platform Group, Microsoft Ltd"

Similar presentations

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
Windows 8 (1) (2) (3) Windows 8 (1) (2) (3)

Windows 8 (1) (2) (3) Windows 8 (1) (2) (3)
Feature: Identity Management - Login © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

Feature: Identity Management - Login © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Feature: Reprint Outstanding Transactions Report © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product.

Feature: Reprint Outstanding Transactions Report © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product.
Feature: Purchase Requisitions - Requester © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Feature: Purchase Requisitions - Requester © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft

Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
 Lynn Ayres Program Manager Identity Services  Tore Sundelin Program Manager Identity Services BB29.

 Lynn Ayres Program Manager Identity Services  Tore Sundelin Program Manager Identity Services BB29.
Windows 7 Training. Windows ® 7 Compatibility Installer Detection.

Windows 7 Training. Windows ® 7 Compatibility Installer Detection.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
www.sitemasher.com Multitenant Model Request/Response General Model.

Multitenant Model Request/Response General Model.
Feature: Purchase Order Prepayments II © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.

Feature: Purchase Order Prepayments II © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
Feature: Web Client Keyboard Shortcuts © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.

Feature: Web Client Keyboard Shortcuts © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
Session 1.

Session 1.
Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Built by Developers for Developers…. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
 Rico Mariani Architect Microsoft Corporation.

 Rico Mariani Architect Microsoft Corporation.

Similar presentations

Ads by Google