Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rajesh Kakde Senior Windows Embedded Consultant Adeneo Corporation Session Code: WEM302.

Published byPatricia Marshall Modified over 8 years ago

Similar presentations

Presentation on theme: "Rajesh Kakde Senior Windows Embedded Consultant Adeneo Corporation Session Code: WEM302."— Presentation transcript:

1

2 Rajesh Kakde Senior Windows Embedded Consultant Adeneo Corporation Session Code: WEM302

3 Agenda Adeneo at a glance Securing a Windows Embedded CE device Security markets: overview and trends System architecture for secured devices using Windows Embedded CE

4 Gold partner with MSFT on firmware and application development Adeneo at a Glance Involved in CE development since 1998 Strong partnership with SVs and board manufacturers Edition of BSP with maintenance & support to secure reliability Training and consultation services BSP, drivers, application development & turnkey services 2007 Excellence Awards Systems Integrator ISV/Software Solutions Mobility Solutions

5 Securing a Windows Embedded Device Trusted environment features Secured shells Windows Embedded CE Secured Devices Open platforms Semi-open platforms Closed platforms

6 Windows CE Trusted Environment Modules execute either in user or kernel mode Critical APIs available only for kernel mode modules All applications (.exe) executed in user mode Only libraries (.dll) can execute in kernel mode Certification function implemented in a dedicated module of the kernel Allow restricting execution to certified application CertMod.dll in public\common\oak\drivers\security\certmod

7 Windows Embedded CE Secured Shells Handles user interaction with the system Command shellGraphical shell Local shell Mono applicationsMulti applications Remote shell vs. Components of a typical graphical multi applications shell Desktop windowTaskbarTask manager

8 Windows Embedded CE Secured Shell Standard Windows shell Final application shell Secured application shell Full open platform Multi applications Closed platform Mono applications Closed or semi-opened platform Multiple applications support

9 Open platform device Windows Embedded CE Secured Shell Typical application – PDA like device Characteristics Standard shell allowing max user interaction No trusted environment for max flexi Benefits Lots of flexibility for end user/third party Security risks Malware when connected to external world 3rd party malware apps installed locally End user wrong usage

10 Windows Embedded CE Secured Shell Closed platform device Typical application – dedicated device Characteristics Direct application shell; mono application Fully trusted environment Benefits Completely secured Security risks None, if well designed

11 Windows Embedded CE Secured Shell Semi-opened platform device Typical application – dedicated device with 3 rd party expansion Characteristics Direct application shell Trusted environment Benefits Completely secured with some flexibility Security risks None, if well designed

12 Security Markets Overview Different types of markets Key characteristics: Norm driven FDADO178BPCIPED

13 Security Markets Overview Typical requirements Performance – real time / deterministic Completely secured against external access Software piracy Hardware piracy 100% test coverage Need for specific certified software and hardware Secured communication – authentication/cryptography

14 Security Markets Overview Emerging Needs More connectivity Wired and wireless More multimedia Audio, video etc… More openness New markets access through third party add-ons Incompatibility with specific certified software Huge work to develop from ground-up Requires complete re-certification of the system

15 Designing Secured Devices System architecture Identify critical and non-critical functions Hardware and software isolation between critical and non-critical parts Secure the interfaces

16 Designing Secured Devices Identification Which hardware and which peripherals Medical – all peripherals handling vital functions Payment terminal – peripherals related to pin entry & identification Which CPU Dedicated certified ASIC for critical features Dedicated MCUs with specific security features Which software Proprietary or dedicated certified OS Proprietary or dedicated certified application Identify critical software functions

17 Designing Secured Devices Isolation Be certain critical part of the design cannot be corrupted by non-critical part Hardware based isolation Dedicated secured ASIC for critical part Hardware design to ensure hardware security ASIC/CPU with secured storage area for encryption keys Violation detections (mechanical access, tamper detections…) Software based isolation SW Hypervisor/ Virtual Machine manager

18 Secured Device System Architecture Securing the interfaces Control all communication between critical and non-critical parts Full independence between critical and non-critical peripherals Only one interface, certified as part of critical part Dedicated ASIC when using h/w isolation Role of Hypervisor when using s/w isolation Startup and update of non-secured part is controlled by secured part

19 Case Study: Payment Terminal Compliant with PCIPED certification Allowing PIN based bank transactions Playing advertisement videos Wireless communication support (Bluetooth, Wi-Fi…)

20 CPU Keypad Battery Printer SAM Modem Display Touchscree n USBDev USBHost Bluetooth Wi-Fi EthernetSDIO Camera Serial Audio GPRS ASIC Prop.O S ARM CE 6.0 FPGA Case Study: Payment Terminal Block diagram

21 Case Study: Payment Terminal Securing the interfaces Only one communication interface, handled by FPGA FPGA is critical part of the design Communication using mailbox mechanism Interfaces available Access to secure peripherals from Windows CE Access to non-secure peripherals from certified OS Windows CE firmware update FPGA driver on Windows CE side, with trust environment enabled JTAG controlled by certified OS through FPGA Windows CE firmware update handled by certified side

22 WEB server Stock Mgt Appli Windows Embedde d CE ARM Based Platform w/Security capabilities LCD Touchscreen Ethernet / Wi-Fi Secured Payment VM HID Secured VM TS driver LCD driver Windows Embedded CE VM vTS driver vLCD driver Hypervisor Ordering Appli.NET CF 3.5 Case Study: Payment Terminal System architecture

23 Summary Windows Embedded CE provides all the mechanism needed to build secure devices. These mechanisms are also a key part of the design of devices for security markets, where strong certification requirements apply. Strong system architecture using hardware or software isolation is required.

24

25 Resources Windows Embedded: http://www.microsoft.com/windowsembedded/en-us/default.mspx http://www.microsoft.com/windowsembedded/en-us/default.mspx Books for reference: http://msdn.microsoft.com/en-us/embedded/cc294468.aspx http://msdn.microsoft.com/en-us/embedded/cc294468.aspx Email: rkakde@adeneocorp.com rkakde@adeneocorp.com

26 Windows Embedded Resources Website: www.windowsembedded.com Social Channels: Social Channels: blogs.msdn.com/mikehallblogs.msdn.com/obloch Technical Resources: http://msdn.microsoft.com/embedded Tools evaluations: www.windowsembedded.com/downloads Required Slide Track PMs will supply the content for this slide, which will be inserted during the final scrub. Required Slide Track PMs will supply the content for this slide, which will be inserted during the final scrub.

27 www.microsoft.com/teched Sessions On-Demand & Community http://microsoft.com/technet Resources for IT Professionals http://microsoft.com/msdn Resources for Developers www.microsoft.com/learning Microsoft Certification & Training Resources Resources Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online. Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online.

28 Complete an evaluation on CommNet and enter to win! Required Slide

29 © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Required Slide

Download ppt "Rajesh Kakde Senior Windows Embedded Consultant Adeneo Corporation Session Code: WEM302."

Similar presentations

Faith Allington Program Manager Microsoft Corporation WSV322.

Faith Allington Program Manager Microsoft Corporation WSV322.
Feature: Reprint Outstanding Transactions Report © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product.

Feature: Reprint Outstanding Transactions Report © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product.
Agenda Customer pain points and how data classification can help Ecosystem Windows Server 2008 R2 for file Classification Infrastructure Demos Customer.

Agenda Customer pain points and how data classification can help Ecosystem Windows Server 2008 R2 for file Classification Infrastructure Demos Customer.
Kim Griffiths Sr. Product Manager Microsoft Corporation

Kim Griffiths Sr. Product Manager Microsoft Corporation
MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Tech·Ed North America /19/2017 6:02 AM

Tech·Ed North America /19/2017 6:02 AM
Johan Arwidmark Chief Technical Architect TrueSec WEM303.

Johan Arwidmark Chief Technical Architect TrueSec WEM303.
Rob Hwacinski Sr. Program Manager Lead Microsoft Corporation WEM206 Ashwin Kulkarni Sr. Product Manager Microsoft Corporation.

Rob Hwacinski Sr. Program Manager Lead Microsoft Corporation WEM206 Ashwin Kulkarni Sr. Product Manager Microsoft Corporation.
Tess Ferrandez ASP.NET Escalation Engineer Microsoft Session Code: WIA402.

Tess Ferrandez ASP.NET Escalation Engineer Microsoft Session Code: WIA402.
Session 1.

Session 1.
Feature: Assign an Item to Multiple Sites © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Feature: Assign an Item to Multiple Sites © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
Dan Parish Program Manager Microsoft Session Code: OFC 304.

Dan Parish Program Manager Microsoft Session Code: OFC 304.
WinHEC 2008 4/22/2017 © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

WinHEC /22/2017 © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Robert LevyDoug Kramer Program ManagerDevelopment Lead DTL337.

Robert LevyDoug Kramer Program ManagerDevelopment Lead DTL337.
Dion Hutchings Technical Evangelist Microsoft Session Code: EMB305.

Dion Hutchings Technical Evangelist Microsoft Session Code: EMB305.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or.
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or.

WPH301. announcement Overview Roadmap for Business Risk Management (security model, application security, security management) Deploying Windows Phone.

WPH301. announcement Overview Roadmap for Business Risk Management (security model, application security, security management) Deploying Windows Phone.
Nik Kalyani Co-founder DotNetNuke Corporation WUX312.

Nik Kalyani Co-founder DotNetNuke Corporation WUX312.

Similar presentations

Ads by Google