Presentation is loading. Please wait.

Presentation is loading. Please wait.

EMB304 Building Trustworthy Windows CE Embedded Devices and Applications Ganapathy Raman Program Manager Windows CE Security Team Microsoft Corporation.

Published byClementine Fields Modified over 9 years ago

Similar presentations

Presentation on theme: "EMB304 Building Trustworthy Windows CE Embedded Devices and Applications Ganapathy Raman Program Manager Windows CE Security Team Microsoft Corporation."— Presentation transcript:

1 EMB304 Building Trustworthy Windows CE Embedded Devices and Applications Ganapathy Raman Program Manager Windows CE Security Team Microsoft Corporation

2

3 M anagement T ools C ommunications & M essaging Device Update Agent Software Update Services Live Communications Server Exchange Server Internet Security and Acceleration Server Speech Server Image Update L ocation S ervices M ultimedia MapPoint DirectX Windows Media Visual Studio 2005 D evelopment T ools MFC 8.0, ATL 8.0 Win32 N ative M anaged S erver S ide L ightweight R elational SQL Server 2005 Express EditionEDB D ata P rogramming M odel D evice B uilding T ools D evice B uilding T ools H ardware/ D rivers Windows XP DDK Windows Embedded Studio Platform Builder OEM/IHV Supplied BSP (ARM, SH4, MIPS) OEM Hardware and Standard Drivers Standard PC Hardware and Drivers SQL Server 2005SQL Server 2005 Mobile Edition ASP.NET Mobile ControlsASP.NET.NET Compact Framework.NET Framework Microsoft Operations Manager Systems Management Server

4 Introduction Microsoft committed to helping you meet your security goals Secure Devices Secure Applications Demonstrate rich set of security features Share best practices, processes, tools

5 Code Execution Security Questions Control over code execution Control over code rights Answer Windows CE Trust Model Every exe/dll assigned trust level Trust level 0 – Don’t run 1 – Run normal (restricted rights) 2 – Run trusted

6 Code Execution Security Normal mode (restricted rights) Protected registry keys (write) Protected system files Protected API’s You can extend trusted boundary How does OS determine trust level? It does not; You do Implement secure loader Trust based on signatures

7 Code Execution Security

8

9 Secrets Storing secrets in software is DIFFICULT It’s best to not store the secret itself Think of key hierarchies Leverage secure storage in hardware Whom are you protecting the secret from ? ‘Normal’ processes on same device Theft of offline storage (CF card) Communication network User

10 Data Protection API (DPAPI) APICryptProtectDataCryptUnProtectData Easy to use Don’t have to create or manage keys Highly leveraged by OS components Does not deal with storage System flag support Restrict access to trusted code Can provide additional entropy (application specific information)

11 Data Protection API (DPAPI)

12 Data Protection API

13 Local Authentication – LASS Local Authentication Sub-System / Device Lock Applications can request user verification using configured device locking mechanism Ability to set simple policies via registry Prompt if 5 minutes has expired since last successful authentication Modular Device Lock mechanism with support for plug-ins Password / PIN plug-in Smart Card plug-in Fingerprint plug-in

14 Local Authentication LASS

15 Local Authentication

16 Writing Secure Code General best practices E.g.: Buffer overflow Good reference Writing Secure Code, Second Edition Michael Howard, David LeBlanc Windows CE specific best practices E.g.: Check trust level of caller Platform Builder Docs – Security Best practices section for each feature Defect detection tool PREFast Detect errors by static analysis

17 PREFast

18 Network Authentication

19 Credential Management Credential Manager (Credman) Higher level abstraction Simplified management Improved security Better user experience thro sharing Credential Characteristics Type Domain, Plaintext, Certificate, Custom Target WebSiteA, WebSiteB, FileShareC UserPasswordFlags Sensitive (prompt user before read) Trusted (only trusted callers can read) Persist in registry / memory

20 Credential Manager

21 Credman + SSPI integration

22 Credman + SSPI Integration

23 Features We Looked At Secure Loader (Trust model) DPAPI (Secret protection) LASS (Local Authentication) Tools (PREFast) SSPI (Network Authentication) Credential Manager (User credentials)

24 More Features Cryptography - CAPI1.0 3DES,AES,SHA,MD5,RSA PKI - CAPI2.0 CertificatesSmartcards 2 Factor authentication Secure Hardware Network security IPSECVPNWireless Component security Web Server, Bluetooth etc

25 Summary Windows CE platform has a rich set of security features Microsoft committed to helping you Build Secure Devices Develop Secure Applications Talk to us. We love to hear from you. Speaker cabana – Next 3 hours Can setup informal meetings. If interested mention in session feedback.

26 Related sessions EMB423 – Creating a trusted environment for windows CE 5.0 EMB320 – Windows CE 5.0 Boot Loader Security CLI320 – Security and device configuration for developers in windows mobile ENT313 – Panel discussion : Inside windows mobile security ENT312 – Mobile security – Its not an oxymoron ENT315 – Windows mobile platform security drilldown for the enterprise

27 While At MEDC 2005… Fill out an evaluation for this session Randomly selected instant WIN prizes! Randomly selected instant WIN prizes! Use real technology in a lab Instructor led Reef E/F & Breakers L Self-paced Reef B/C Self-paced Reef B/C Visit the Microsoft Product Pavilion in the Exhibit Hall Shorelines B in the Exhibit Hall Shorelines B

28 After The Conference… Develop Build InstallBuildJoin Install Enter Enter Join Full-featured trial versions of Windows CE and/or Windows XP Embedded Cool stuff & tell us about it: msdn.microsoft.com/embedded/community msdn.microsoft.com/embedded/community Windows Embedded Partner Program: www.mswep.com www.mswep.com Windows Mobile 5.0 Eval Kit including Visual Studio 2005 Beta 2 Mobile2Market Contest and win up to $25000: mobile2marketcontest.com mobile2marketcontest.com Microsoft Solutions Partner Program: partner.microsoft.com partner.microsoft.com

29 Tools & Resources msdn.microsoft.com/ embedded microsoft.public. windowsxp.embedded windowsce.platbuilder windowsce.platbuilder windowsce.embedded.vc windowsce.embedded.vc blogs.msdn.com/ mikehall Windows CE 5.0 Eval Kit Windows XP Embedded Eval Kit msdn.microsoft.com/ mobility microsoft.public. pocketpc.developer smartphone.developer dotnet.framework.compactframework blogs.msdn.com/ windowsmobile vsdteam netcfteam Windows Mobile 5.0 Eval Kit Websites Newsgroups Blogs Tools Build Develop

30 Questions? Ganapathy Raman graman@microsoft.com

31 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Download ppt "EMB304 Building Trustworthy Windows CE Embedded Devices and Applications Ganapathy Raman Program Manager Windows CE Security Team Microsoft Corporation."

Similar presentations

4/6/ :35 AM © 2004 Microsoft Corporation. All rights reserved.

4/6/ :35 AM © 2004 Microsoft Corporation. All rights reserved.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
EMB306 Building Windows CE Devices With DX Support John L. Marcantonio Program Manager Windows CE Multimedia Microsoft Corporation.

EMB306 Building Windows CE Devices With DX Support John L. Marcantonio Program Manager Windows CE Multimedia Microsoft Corporation.
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
Start Mobile Developer Nuggets David Goon 27 October 2005.

Start Mobile Developer Nuggets David Goon 27 October 2005.
Amit Chopra APP209 Introducing “Orcas” Huh ? What’s “Orcas”?

Amit Chopra APP209 Introducing “Orcas” Huh ? What’s “Orcas”?
What’s new for Rich Clients? Martin Parry Developer & Platform Group Microsoft Ltd

What’s new for Rich Clients? Martin Parry Developer & Platform Group Microsoft Ltd
Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.

Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.
WebCCTV 1 Contents Introduction Getting Started Connecting the WebCCTV NVR to a local network Connecting the WebCCTV NVR to the Internet Restoring the.

WebCCTV 1 Contents Introduction Getting Started Connecting the WebCCTV NVR to a local network Connecting the WebCCTV NVR to the Internet Restoring the.
EMB321 How To Write A Windows CE SDIO Client

EMB321 How To Write A Windows CE SDIO Client
Johan Arwidmark Chief Technical Architect TrueSec WEM303.

Johan Arwidmark Chief Technical Architect TrueSec WEM303.
Rob Hwacinski Sr. Program Manager Lead Microsoft Corporation WEM206 Ashwin Kulkarni Sr. Product Manager Microsoft Corporation.

Rob Hwacinski Sr. Program Manager Lead Microsoft Corporation WEM206 Ashwin Kulkarni Sr. Product Manager Microsoft Corporation.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.
EMB313 Increasing Developer Productivity With Windows CE 5.0 Matt Young Windows Mobile Joint Development Program (JDP) Microsoft.

EMB313 Increasing Developer Productivity With Windows CE 5.0 Matt Young Windows Mobile Joint Development Program (JDP) Microsoft.
CLI339 Building Bluetooth Applications On The Windows CE 5.0 And Windows Mobile Platforms Anil Dhawan Program Manager Windows Mobile.

CLI339 Building Bluetooth Applications On The Windows CE 5.0 And Windows Mobile Platforms Anil Dhawan Program Manager Windows Mobile.
Using The WDK For Windows Logo And Signature Testing Craig Rowland Program Manager Windows Driver Kits Microsoft Corporation.

Using The WDK For Windows Logo And Signature Testing Craig Rowland Program Manager Windows Driver Kits Microsoft Corporation.
What is Windows Embedded all about? Don Kerr Embedded Strategy Manager Microsoft Australia Andrew McGrath PrincipalBluBits SOL215.

What is Windows Embedded all about? Don Kerr Embedded Strategy Manager Microsoft Australia Andrew McGrath PrincipalBluBits SOL215.
EMB425 Using Advanced Platform Builder Debugger Features James Stulz Program Manager Windows CE Core Tools Microsoft Corporation.

EMB425 Using Advanced Platform Builder Debugger Features James Stulz Program Manager Windows CE Core Tools Microsoft Corporation.
EMB313 Increasing Developer Productivity With Windows CE 5.0

EMB313 Increasing Developer Productivity With Windows CE 5.0
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Similar presentations

Ads by Google