Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows 10 Security Internals

Published byAriel Edwards Modified over 6 years ago

Similar presentations

Presentation on theme: "Windows 10 Security Internals"— Presentation transcript:

1 Windows 10 Security Internals
6/10/ :37 PM Windows 10 Security Internals Chris Jackson Sr. Architect, Cybersecurity © Microsoft Corporation. All rights reserved.

2 Isolate and Containerize
Security principles Known Good Reduce Actors Trust Software by Exception Whitelist Validate Constrain Execution Assume Breach Minimize Impact Isolate and Containerize Isolation Sandboxes Contain Damage © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

3 Isolate and Containerize

4 Isolate and Containerize
6/10/2018 Isolate and Containerize SAP Outlook Edge Visual Studio Word © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

5 Microsoft Edge app Container Isolation
6/10/2018 Microsoft Edge app Container Isolation Isolation improvements with MS Edge + AppContainer MS Edge Multi-AC Isolation Model Addresses all previous limitations of Internet Explorer sandbox Significant attack surface reduction Flash running out-of-content process (starting in Windows 10 Anniversary Update) Edge Manager Process (AppContainer) Elevation Broker (MediumIL) Trust Boundary IPC Trust Boundary IPC Trust Boundary Edge Tab (AppContainer) Flash Content Process IPC The Microsoft Edge isolation model addresses all previously known “by-design” sandbox attacks © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

6 traditional platform stack
6/10/2018 traditional platform stack Device Hardware Kernel Windows Platform Services Apps © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

7 VIRTUALIZATION BASED SECURITY Windows 10
6/10/2018 VIRTUALIZATION BASED SECURITY Windows 10 Kernel Windows Platform Services Apps SystemContainer Trustlet #1 Trustlet #2 Trustlet #3 Hypervisor Device Hardware Windows Operating System Hyper-V © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

8 Trust Code by Exception

9 APPS Today’s challenge: Trusted by default until defined as threat
6/10/2018 Today’s challenge: Trusted by default until defined as threat Detection based methods alone can’t keep up APPS © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

10 Device guard in vbs environment
6/10/2018 Device guard in vbs environment decisive mitigation Kernel Windows Platform Services Apps SystemContainer DEVICE GUARD Trustlet #2 Trustlet #3 Hypervisor Device Hardware Windows Operating System Hyper-V © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

11 Blacklist User Writeable Areas
6/10/2018 Blacklist User Writeable Areas Program Files Windows Windows System © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

12 Post-Compile Mitigations
6/10/2018 Post-Compile Mitigations Administrative Templates\System\Mitigation Options\Process Mitigation Options 3 2 1 9 8 7 6 5 4 F E D C B A A Enable DEP B Enable ATL Thunk emulation for DEP C Enable SEHOP D Enable ASLR E Enable Bottom-Up ASLR Always On F Enable Bottom-Up ASLR Always Off © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

13 Control Flow Guard Valid jump locations 6/10/2018
Y YY © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

14 6/10/ :37 PM © Microsoft Corporation. All rights reserved.

Download ppt "Windows 10 Security Internals"

Similar presentations

Saurabh Bhatia Program Manager Microsoft Corporation Andrew Whitechapel Senior PM Microsoft Corporation TL01.

Saurabh Bhatia Program Manager Microsoft Corporation Andrew Whitechapel Senior PM Microsoft Corporation TL01.
1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
1 Julius Davies Architectural Technology Specialist Microsoft.

1 Julius Davies Architectural Technology Specialist Microsoft.
Msdevcon.ru#msdevcon. ИЗ ПЕРВЫХ РУК: КАК СДЕЛАТЬ ВАШ КОД БЫСТРЫМ ПРОФАЙЛИНГ КЛИЕНТСКИХ И СЕРВЕРНЫХ ПРИЛОЖЕНИЙ В VISUAL STUDIO 2012 MAXIM GOLDIN Senior.

Msdevcon.ru#msdevcon. ИЗ ПЕРВЫХ РУК: КАК СДЕЛАТЬ ВАШ КОД БЫСТРЫМ ПРОФАЙЛИНГ КЛИЕНТСКИХ И СЕРВЕРНЫХ ПРИЛОЖЕНИЙ В VISUAL STUDIO 2012 MAXIM GOLDIN Senior.
11/12/2017 12:06 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

11/12/ :06 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Volume Licensing Readiness: Level 100

Volume Licensing Readiness: Level 100
Fundamentals Sunny Sharma Microsoft

Fundamentals Sunny Sharma Microsoft
Windows 10 – the safest and most secure version of Windows

Windows 10 – the safest and most secure version of Windows
5/25/2018 2:27 PM Secure Tier 2! Enhance Your Security Posture on End User Machines with Windows 10 Chris Jackson Cybersecurity Enthusiast Chief Awesomeologist,

5/25/2018 2:27 PM Secure Tier 2! Enhance Your Security Posture on End User Machines with Windows 10 Chris Jackson Cybersecurity Enthusiast Chief Awesomeologist,
Volume Licensing Readiness: Level 100

Volume Licensing Readiness: Level 100
The changing of the guard

The changing of the guard
Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM

Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM
Journey to Microsoft Secure Cloud

Journey to Microsoft Secure Cloud
Unit testing your metro style apps built using XAML

Unit testing your metro style apps built using XAML
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
Mapping NIST CSF and GDPR Frameworks to Microsoft Technologies

Mapping NIST CSF and GDPR Frameworks to Microsoft Technologies
Contain and Isolate Ransomware with Citrix and Microsoft

Contain and Isolate Ransomware with Citrix and Microsoft
Tactic 4: Defend Your Domain Controllers

Tactic 4: Defend Your Domain Controllers
Learning about Containers in the Real World

Learning about Containers in the Real World
Best practices to secure Windows 10 with already included features

Best practices to secure Windows 10 with already included features

Similar presentations

Ads by Google