Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nishanth Lingamneni Program Manager Microsoft Corporation SYS-009T.

Similar presentations

Presentation on theme: "Nishanth Lingamneni Program Manager Microsoft Corporation SYS-009T."— Presentation transcript:


2 Nishanth Lingamneni Program Manager Microsoft Corporation SYS-009T

3 Protect and manage threats Protect sensitive data Protect access to resources IT needs to protect data in an environment with a porous network perimeter, requiring data protection by location, device and access method Malware can compromise core operating system components which adversely impacts business and personal data IT needs to address a broad segment of mobile workers who travel, work from home, work from their phones, and use hotspots around the globe

4 Malware Resistance Pervasive Encryption Modern Access Control What did our focus groups say? "This is the end of boot sector viruses as we know them" "Encryption is typically an afterthought, [but] this makes [encryption] part of the build process" “[This] makes it easier for users to get what they want to get to but without giving up safety" Protect and manage threats Protect sensitive data Protect access to resources

5 Security & hardware

6 Key security benefits Secure boot eDrive support for BitLocker Network unlock support for BitLocker WDS multicast A Windows Certification requirement Other benefits SOC support (including ARM and Intel) UX value prop from F5 day one: Fast boot, OEM Certification, no back flash, etc. Support for > 2.2 TB system disks Seamless boot (UEFI Graphics) Boot Next support (UEFI Variable Services)

7 Value proposition Enables commercial-grade security via physical and virtual key isolation from OS TPM 1.2 spec: mature standard, years of deployment and hardening Improvements in TPM provisioning lowers deployment barriers TCG standard evolution: TPM 2.0* Algorithm extensibility allows for implementation and deployment in additional countries Security scenarios are compatible with TPM 1.2 or 2.0 Windows 8: TPM 2.0 support enables implementation choice Discrete TPM Firmware-based (Intel Security Engine,ARM TrustZone ® ) Windows Certification requirement for Connected Standby** platforms only * Microsoft refers to the TCG TPM.Next as “TPM 2.0”; For remainder of presentation, “TPM” refers to either discrete TPM or firmware-based secure execution environment. ** Connected Standby: New terminology that replaces what Microsoft called ‘Connected Standby capable’.

8 Windows goals Windows TPM features, new APIs work uniformly with TPM 1.2 or TPM 2.0 Enable smooth ecosystem migration from TPM 1.2 to TPM 2.0 Value proposition in Windows 8 Improvements in TPM provisioning lowers deployment barriers Simplified design for software applications requiring TPM Security scenarios are compatible with TPM 1.2 or 2.0 Allows OEMs to preserve existing TPM investments in migrating to TPM 2.0 at their own pace with Windows 8

9 #FeatureTPM*UEFI 1BitLocker: Volume EncryptionXX 2BitLocker: Volume Network UnlockXX 3Secured Boot: Secure BootX 4Secured Boot: ELAMX 5Measured BootXX 6Virtual Smart Cards (TPM)XX 7Certificate storage (TPM Based)XX 8Automatic TPM provisioningXX

10 Pervasive encryption

11 Challenges Windows volume encryption can be difficult to manage Volume encryption imposes additional expenses for end users and partners Windows 8 solution Broad support for devices and hardware: Slates, clustered server; leverages eDrives functionality Support for online recovery for nondomain-joined scenarios Frictionless user experience Improved performance, standard user support, seamless integration Reduces time to provision in mass deployment scenarios Encrypt data-only option Simplified TPM provisioning Protects data from exposure or theft when device is lost, stolen, or inappropriately decommissioned 11

12 Strongly recommend TPM for all systems Windows 8 supports TPM 1.2 or TPM 2.0 * TCG Physical Presence Interface 1.2 TPM is required for Connected Standby platforms Intel Security Engine (Based on HW based security engine embedded in Intel SOCs) Connected Standby capable systems are likely to use TPM 2.0 ARM systems will implement TPM 2.0 features using TrustZone TM TPM 2.0 features for other platform classes to emerge Ship with eDrive-enabled storage Windows 8 System Certification requirements UEFI 2.3.1, Class II no CSM/Class III

13 Challenges Software encryption imposes performance overhead During initial encryption, run time, and common scenarios like startup, sleep, hibernate Exacerbated if software encryption is run on slate or low-power PCs Self-encrypting drives require a key management solution Windows 8 solution—eDrives Offloads encryption processing to hardware; mitigates impact to system performance Windows manages eDrives; no need for another key management solution to deploy eDrives Value proposition Initial encryption time eliminated. Run-time performance significantly improved eDrive-enabled systems have improved CPU utilization, battery life Systems without eDrives will use software-based encryption Minimize encryption impact to system performance and deployment time without introducing infrastructure changes 13

14 14

15 Challenges TPM + PIN is often not practical for desktops and servers protected by encryption When IT deploys a patch that requires Windows restart, desktops and servers end up waiting for PIN at boot Windows 8 solution Network Unlock and TPM + PIN are deployed to desktops and servers Windows 8 machines connect to Windows 8 WDS server, which authenticates protector PCs wired to corporate network successfully restart without waiting for PIN at boot When a PC is disconnected from, or not wired to, corporate network, PIN is required at boot Enable IT to deploy stronger encryption protection without disrupting software patching process 15

16 Hardware requirements TPM Windows 8 System Certification requirements UEFI (supports DHCPv4, DHPCPv6) 16

17 Malware resistance

18 Goal: Anti-malware more effective in Windows 8 Platform integrity investments make Windows 8 the trusted platform for consumers, businesses, financial institutions, and data centers New tools, APIs, and capabilities for anti- malware products Sophisticated malware, e.g., rootkits, can be reliably detected and removed Radically reduce systems compromised by malware “[Anti-fraud security tips] do not address or provide protection against the main method used by cyber criminals to collect account credentials – malware.” Turiss, Cyber Crime Trend Report, August 2010

19 Challenges Growing class of pervasive malware that targets the boot path Should Windows be compromised by this type of attack, often the only plausible method to fix the problem is to reinstall the operating system Windows 8 solution Secured Boot and remediation hardens the boot process against malware from the moment of power on through the initialization of anti-malware software Measured Boot performs a comprehensive chain of measurements during the boot process that can be used to further validate the boot process beyond Secure Boot. Early Launch Anti-Malware (ELAM) can start from a known good state, as determined by Secure Boot, and continue vigilant watch over the user’s PC from that point on Prevent malicious tampering and changes to the hardware, operating system, and to the anti-malware software

20 Malware resistance: Secured and Measured Boot Secured Boot End-to-end boot process protection: Windows operating system loader; Windows system files and drivers Anti-malware software Ensures and prevents: A compromised operating system from starting; Software from starting before Windows Third-party software from starting before anti-malware Automatic remediation/self-healing, if compromised Measured Boot Creates comprehensive of measurements of boot execution Can offer measurements to a remote service for analysis

21 Secured Boot: legacy vs. modern BIOSAny OS loaderOS start Legacy boot Native UEFI Verified OS loader only OS start Modern boot BIOS starts any OS Loader, even malware Malware may start before Windows The firmware enforces policy, only starts signed OS loaders OS loader enforces signature verification of Windows components Result—malware unable to change boot and OS components

22 Secured Boot: Early Launch Anti-Malware Windows 7 Windows 8 Malware is able to start before Windows and Anti-malware Malware able to hide and remain undetected Systems can be completely compromised Secured Boot starts Anti-malware early in the boot process Early Launch Anti-Malware (ELAM) driver is specially signed by Microsoft Windows starts ELAM software before any third-party boot drivers Malware can no longer bypass Anti-Malware inspection

23 Effects of Early Launch Anti-Malware Malware will move to attack the early boot components This is where Measured Boot comes in… We have moved the attack surface Native UEFI Windows 8 OS loader Anti-malware software start 3 rd party drivers Runtime Anti-malware Software Windows logon

24 Measured Boot with attestation Windows 8 Windows 7 Anti-malware Policy Enforcement Windows measures all components to AM software start in the Trusted Platform Module (TPM) AM software can invalidate attestation if it stops enforcing policy Enables attestation service to remotely evaluate client state using TPM measurements

25 Malware resistance: architecture Windows OS loader UEFI Boot Windows kernel and drivers AM software Anti-malware software is started before all 3 rd party software Boot policy AM policy 3 rd party software Secure Boot prevents malicious OS loader 1 2 TPM 3 Measurements of components including Anti- malware software are stored in the TPM Client Attestation service 4 Client retrieves TPM measurements of client state on demand Client Health Claim Windows logon


27 Challenges Cost of issuing tokens Complexity of deploying a public key infrastructure (PKI) Usability and user support Windows 8 solution Windows Smart Card Framework has been extended to support – This allows crypto-capable devices to present themselves and act just like Smart Cards Windows 8 exposes hardware-based security components, such as a TPM or virtual smartcard-capable device as a smart card Users can use their PCs to securely authenticate with websites without having to purchase additional devices

28 ENTERPRISE  Need  Machine and user ID using hardware protected certificates without requiring separate devices  Key scenarios  User authentication for remote access  Document/ signing  Strong machine network authentication CONSUMER  Need  Banks must “know” their customers, using commercially available determination methods to meet FFIEC multi-authentication requirement  Key scenarios  User certificate bound to the TPM  Stronger user authentication without the need for complex passwords or external second factor

29 CorpNet


31 Malware resistance Modern access control 31 Windows 8 security investments

32 Invest in technologies Source, build, ship: UEFI, TPM, eDrives Roadmap discussions with component/firmware/ vendors, OEMs, and other partners




Download ppt "Nishanth Lingamneni Program Manager Microsoft Corporation SYS-009T."

Similar presentations

Ads by Google