Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Putting Trust into the Network: Securing.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Putting Trust into the Network: Securing."— Presentation transcript:

1 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Putting Trust into the Network: Securing Your Network through Trusted Access Control Ned Smith Intel NCAC April 27 th, 2005

2 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #2 Agenda TCG Model for Trusted Computing Establishing Endpoint Integrity / Identity Access Control Decisions Based on TPM Relating XACML with TCG Integrity Schema

3 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #3 Challenges of Trusted Computing Assurance of safe computing environments –Viruses, Worms, Rootkits, Spyware, Adware etc… –Identifying the endpoint is ambiguous The endpoint has a distinct boundary –Controllers, busses, networks and peripherals associated with a platform Authentication protocols presume authorization tokens are bound to the endpoint Control of resources in foreign environments –Infosec policy associated with data as it moves through different computing environments –The environment must follow the policy

4 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #4 TCG Model of a Trusted Computing Platform Layer Resources Measurement Engine Layer Services Provided Services Storage Engine Verification Engine Reporting Engine Enforcement Engine Policies Protection Domain Metrics Dependent Services Trusted Engine

5 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #5 Examples Secure Boot –A secure boot service implements Measurement and Reporting engines integrated with a Verification engine –The Verification engine evaluates measurements according to a policy to determine proper boot sequence –If the sequence is in error, an Enforcement engine is employed to terminate the boot process Trusted Boot –Trusted boot service implements Measurement and Storage engines following the boot sequence –A Verification engine on a remote node (network server) evaluates the boot sequence at a later time

6 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #6 PEP Domain PDP Domain Decomposition for Network Access Control Access Requestor Domain Measurement Engine Measurement Attestation Storage Engine Verification Engine Reporting Engine Policies Metrics Access Request 1 2 6 4 7 Network Connect 5 Enforcement Engine Apply Access 3 Access Control

7 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #7 How to Define the Endpoint? Authentication tokens –Keys, pass-phrases, certificates etc… Boot sequence Device enumeration Software install / load Running processes / threads Manufacturer intrinsic attributes –Model, version, quality metrics

8 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #8 Three Vectors of Endpoint Integrity / Identity Measurement –Hash of software/firmware captures platform state Controllers and processors are enumerated and measured Executing code may be scanned to determine its present state Cryptographic Identity –Authentication keys Reporting Engines use cryptographic keys to authenticate the reporting engine that by extension identifies the platform. Origin Identity –MMV Each component (device, platform, software package) can be identified by its Manufacturer, Model and Version (MMV) Credentials issued by manufacturers contain MMV intrinsic assertions –Reference Measurements Manufacturer provided signatures

9 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #9 Log of Extended Values Example: Pre-Boot Integrity Measurement Collection TPM TPM Hash of Extended Values Measure = Hash of code or data Execute = Code is loaded into CPU

10 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #10 Platform Configuration Registers (PCRs) Stores cumulative configuration Update is an Extend operation: –[PCR] = SHA-1 {[PCR] + Extend value} –Value: It is infeasible to calculate the value A such that: –PCRdesiredValue = Extend (A) PCRs re-initialized at system reset –TPM_Init Measurement Log contains

11 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #11 Collecting Measurements After System Boot A Platform Trust Service (PTS) can be used to Measure Applications –Files Read files from disk; compute a measurement –Processes Ring 3 - DLL injection to read another processes memory Ring 0 – Access pages in memory / DMA accesses

12 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #12 Example Platform Trust Service Integrity of the PTS is established –Pre-boot by measuring PTS drivers included in OS image –Post-boot by measuring PTS process memory pages PTS may measure processes and files –Determined by policy – e.g. protect integrity reporting infrastructure –Triggered by request – e.g. measure before connecting to the network Pre-boot

13 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #13 Policy Decision PointAccess Requestor TCG Model for Exchanging Integrity Data IF-IMC & IF-IMV exchange messages containing posture information –Messages are batched for delivery by TNCC / TNCS –Either side may start a batched exchange –IMCs and IMVs may subscribe to multiple message types –Follow-on exchanges may continue indefinitely But may be gated by the underlying transport TNC Client TNC Server Tunnel Batch Anti-Virus Collector Firewall Collector Patch Mgmt Collector TNC Integrity Collector Anti-Virus Verifier Firewall Verifier Patch Mgmt Verifier TNC Integrity Verifier Status OK !OK OK !OK OK OK OK The TNC Server Makes the Final Decision

14 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #14 Evaluation of Integrity Reports Integrity Reports ought to be shadowed by a Reference Value –Reference values “Normal” boot sequence will have repeatable PCR values Versioning “freezes” code changes so hash values don’t change –Authentication keys have trust anchors –Watchdogs have a schedule of expected events Reference Values Should Come from an Authoritative Source –Manufacturer – to detect modification due to stolen source –Evaluation labs – who make assertions of quality and conformance –Platform Owner – the entity taking the risk!

15 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #15 Integrity Measurement Harvesters Integrity Signature Database Value-Added Provider Reference Integrity Measurements Harvesting Mechanism Submission Mechanism = Anticipated TCG specification Integrity Harvesting Model Harvesting gathers Assertions and Values from a trustworthy source TCG Integrity Schema defined structure TCG Certificates Evaluation Mechanism Policies / Rules Verifier (PDP) Policy Authoring Mechanism TCG Integrity Schema Policy Authors

16 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #16 TCG Integrity Schema Consists of a tree of Assertions and hash Values –Reference measurements –Quality assertions –Development / Manufacturing processes –Trust related operations E.g. Creation of platform endorsement key Associated with a Target “Component” – Composite attributes form its “Identity” Manufacture name / vendor ID Model number / name Version information –Patch level –Component Identity is unique with respect to a release Not necessarily a particular copy or instance

17 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #17 Integrity Schema and XACML Evaluation correlates reference and actual values with appropriate consequences –A policy structure such as XACML may be helpful An XACML Policy is a tree of –PolicySet Contains multiple Policies and policy references –Policy Contains multiple Rules –Rule Contains decision logic expressed in terms of Conditions and Effect TCG Assertions may be mapped to XACML as Condition Attributes

18 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #18 A Conceptual Model Reference Integrity Measurements TCG Certificates XACML Context PDP Policy Authoring Mechanism Policy Authors PEPAR Policy Database Policy Sources Integrity Signature Database Attribute Sources XACML Response XACML Request XACML Policy or Attribute References

19 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #19 XACML Condition Attribute Integrity Signature Database Attribute Sources

20 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #20 Summary TCG model for Trusted Computing is centered around collection and verification of trust attributes Trust attributes can be applied to network access control The TCG is developing infrastructure for collecting reference trust attributes XACML may be a viable framework for making access decisions involving TCG trust attributes

21 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #21 Questions? Contact Information –The Trusted Computing Group www.trustedcomputinggroup.org admin@trustedcomputinggroup.org –Infrastructure Working Group Co-Chairs Ned Smith / Intel –ned.smith@intel.comned.smith@intel.com Thomas Hardjono / Verisign –thomas.hardjono@verisign.comthomas.hardjono@verisign.com

22 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #22 Backup

23 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #23 Steps of a Trusted Network Connection Find out the condition of the platform Communicate platform state when connecting Decide what level of access is acceptable Restrict the environment in accordance with access rights Remediation may be required to reconcile denied access Collection Enforcement Decision Making Reporting Remediation

24 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #24 TCG Trusted Network Connect Architecture ARPEP IF-IMCIF-IMV Network Access Requestor Policy Enforcement Point Network Access Authority TNC Server IF-TNCCS PDP Supplicant/ VPN Client, etc. Switch/ Firewall/ VPN Gateway IF-Transport RTM / TPM Platform Trust Service TNC Client Verifiers Collector Integrity Measurement Collectors Integrity Measurement Verifiers IF-V Remediation Layer Integrity Measurement Layer Integrity Evaluation Layer Network Access Layer Verifiers Collector Remediation Applications Remediation Resources Integrity Log IF-PTS IF-PEP PTS protects the integrity of TNC components RTM protects PTS TPM protects measurements and keys Enforcement mechanisms Control of network boundary Reporting and transfer of integrity information Access decision making Collection of integrity information Authoring of rules Automated response and provisioning Trust Layer

25 Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #25 TNC with 802.1X at Link Layer RequestorSwitch / Access Point EAP Peer 802.1x Access Agent 802.1x PAE RADIUS Client RADIUS Server EAP Peer Verifier 802.1x RADIUS* AR PDP PEP Verifier & Collector exchange posture information over EAP tunnel using EAP inner methods, AVPs or TLVs AR – Access Requester AVP – Attribute Value Pair EAP – Extensible Authentication Protocol PAE – Port Access Entity PDP – Policy Decision Point PEP – Policy Enforcement Point NAC – Network Access Control TLV – Tag Length Value CollectorVerifier NAC Extensions EAP Network Boundary 802.1X TNC

Download ppt "Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Putting Trust into the Network: Securing."

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Vpn-info.com.

Vpn-info.com.
Operating-System Structures

Operating-System Structures
Access Control Methodologies

Access Control Methodologies
TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.

TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.

Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Enforcement of Security Policy Compliance in Virtual Private Networks Prof. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh

Enforcement of Security Policy Compliance in Virtual Private Networks Prof. José Carlos Brustoloni Dept. Computer Science University of Pittsburgh
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Network Connect: Open.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Network Connect: Open.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

Similar presentations

Ads by Google