Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Vista And Windows Server Codename “Longhorn” Security Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Published byNeil Scott Modified over 10 years ago

Similar presentations

Presentation on theme: "Windows Vista And Windows Server Codename “Longhorn” Security Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation."— Presentation transcript:

1 Windows Vista And Windows Server Codename “Longhorn” Security Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation Chris Corio Program Manager

2 Agenda Windows Vista and Windows Server codenamed “Longhorn” Security Overview Isolated Desktop Kernel Mode Driver Signing Crypto Next Generation (a.k.a CNG) Base Smart Card CSP Architecture WinLogon Architecture User Account Control and You

3 Secure Operating System Windows Security Overview Access control Isolated DesktopSecure Startup End User Tools Access Control AuthenticationAuthorization AzMan Persistence RBAC Logon Protocol Identity 2 Factor AuthN AuditCredential Management Credential Roaming Lifecycle Management Certificate Server Smart Cards Common Criteria Logging Eventing FIPS Cryptography Services CAPICNG Policy exp. X.509 Processing Kernel Mode Code Signing

4 Services Session Windows XP behavior Session 0 Service A Service C Service B Application A Application B Application C Session 1 Application D Application E Application F Session 2 Application G Application H Application I Session 3 Application J Application K Application L Session 0 Service A Service B Service C Application B Application A Application C

5 Services Session Windows Vista behavior Session 0 Service A Service B Service C Session 1 Application A Application B Application C Session 2 Application D Application E Application F Session 3 Application G Application H Application I

6 Services Session Technology introduction Separation of Services from User Sessions Desktop is the security boundary for Windows user interfaces Interactive Services are vulnerable to compromise through Windows Messaging Currently users can not see or interact with interactive service UI from their session Interactive Services Detection Service is available in the interim

7 Services Session Implementation guidelines Services should never open a window on the interactive desktop Services which need user input can Use WTSSendMessage to pop up a simple message box on user’s desktop Inject process into the target session by using CreateProcessAsUser API Inject process into the target session by using CreateProcessAsUser API

8 Motivation For Kernel Mode Code Signing Trustworthy computing built on a trusted kernel Windows Vista has an identifiable kernel state Secure kernel loads only signed binaries Reduce platform vulnerability from unknown binaries Identifiable kernel enables new scenarios Access next generation premium content Address growing threat of malicious rootkit attacks Improve reliability by identifying and working with kernel mode software publishers

9 Code Integrity Verification Signature checks by OS loader and kernel On x64 64-bit platforms All kernel mode code must be signed in order to load Identity of all kernel mode binaries is verified System audit events for integrity check failures On x86 32-bit platforms Administrator prompted and accepts to install unsigned kernel mode code Load-time checks done on all kernel mode binaries, unsigned code allowed to load Next generation premium content may not be accessible, depending on content protection policy

10 Developer And Test Support For developers and testers Options to disable code verification policy Active kernel debugger attached and turn on debugging F8 key, Advanced Boot Option to disable driver signing enforcement for current boot Boot configuration option to not fail driver load if the integrity check fails (Beta2 only) For pre-release testing WHQL Test signing Bcdedit option to enable load of Test Signed drivers

11 Signing Boot Critical Drivers Boot critical drivers are loaded by OS Loader Start Type = 0, loaded by Winload Boot critical driver files must be embedded signed Signature contained in the binary file Avoids boot time degradation locating catalog file Embedded sign before submitting to WHQL Sign individual driver files, then submit package This is a new WHQL Logo requirement

12 Windows Security Overview Access control Cryptography Services CAPICNG X.509 Processing End User Tools Access Control AuthenticationAuthorization AzMan Persistence RBAC Logon Protocol Identity 2 Factor AuthN AuditCredential Management Credential Roaming Lifecycle Management Certificate Server Smart Cards Common Criteria Logging Eventing FIPS Policy exp. Secure Operating System Isolated DesktopSecure StartupKernel Mode Code Signing

13 Crypto Next Generation Technology overview New crypto infrastructure to replace existing Crypto API 1.0 Crypto API will still be available in Windows Vista but it will be deprecated in some future version Customers can plug a new crypto algorithm into Windows or replace the implementation of an existing algorithm New crypto algorithms can be plugged into OS protocols (e.g., SSL, S/MIME)

14 Crypto Next Generation Feature highlights Crypto agility Flexible configuration system that includes machine and enterprise level settings Simple and granular plug-in model that supports both kernel and user mode Support a super set of the algorithms in Crypto API, including elliptic curve crypto (ECDH, ECDSA) and “Suite-B” compliance Private key isolation for Common Criteria compliance Improved performance

15 Crypto Next Generation Three layers of plug-ins Protocol Providers Applications Key Storage Providers Primitive Providers Symmetric Crypto Router Hash Router Asymmetric Crypto Router Signature Router Key Exchange Router RNG Router Key Storage Router

16 Windows Security Overview Access control End User Tools Access Control AuthenticationAuthorization AzMan Persistence RBAC Logon Protocol Identity 2 Factor AuthN AuditCredential Management Credential Roaming Lifecycle Management Certificate Server Smart Cards Common Criteria Logging Eventing FIPS Policy exp. Secure Operating System Isolated DesktopSecure Startup Cryptography Services CAPICNG X.509 Processing Kernel Mode Code Signing

17 WinLogon Architecture Windows XP Session 0 WinLogon User GP LSA Shell Machine GP Profiles MSGINA SCM Other Sessions WinLogon User GP Shell MSGINA

18 WinLogon Architecture Windows Vista Session 0 WinInit RCM LSA Group Policy Profiles SCM Other Sessions WinLogon LogonUI Credential Provider 1 Credential Provider 2 Credential Provider 3

19 Credential Providers Technology introduction Credential Providers replace GINA Credential Providers “plug in” to Logon UI Logon UI can interact simultaneously with multiple credential providers Credential Providers can be user selected and/or event driven Inbox Credential Providers Password Smart Card What Credential Providers cannot do Replace the UI for the logon screen

20 Credential Providers Value proposition Easier to write a Credential Provider than it was to write a GINA LogonUI and CredUI provide all UI Winlogon handles LSALogonUser and Terminal Services support Credential providers simply define credentials and use LogonUI to gather the data Uses COM to interact with LogonUI and CredUI

21 Credential Providers Password example LSA WinLogon LogonUI Credential Provider Interfaces Credential Provider 2 7. Get credential for logon 1. Ctrl+Alt+Delete 2. Request Credential 9. LSALogonUser 5. Click on tile, type user name and password, click Go 4. Display UI Credential Provider 1 Credential Provider 3 8. Return Credential 6. Go received 3. Get credential information

22 Smart Card Subsystem Current Crypto Applications (IE, Outlook) CAPI Smart Card CSP #1 Smart Card CSP #2 Smart Card CSP #n Smart Card Resource Manager Non-Crypto Applications SCard API

23 Smart Card Subsystem Vista and beyond Crypto Applications (IE, Outlook) CAPI ECC Card Module RSA/ECC Card Module Smart Card Resource Manager Non-Crypto Applications SCard API Base CSP CNG Smart Card KSP RSA Card Module Smart Card CSP

24 Smart Card Subsystem Simplified Software Development Common crypto operations handled in the platform API for card manufacturers Enhanced User Experience Planned Certification and Testing Program for Smartcard middleware on Windows Update PnP support for Smart Cards Enhanced Smart Card Logon Scenarios Root certificates propagation Integrated Smart Card unblock

25 Service Hardening Motivation Services are attractive targets for malware Run without user interaction Number of critical vulnerabilities in services Large number of services run as “System” Worms target services Sasser, Blaster, CodeRed, Slammer, etc…

26 Service Hardening Developer guidance Move to a least privileged account Use “Local Service” or “Network Service” Grant Service Sid access via ACLs on service specific resources Use Service-SID, ACLs and “write- restricted token” to isolate services Supply network firewall rules

27 User Account Control Motivation Everybody runs as an administrator on XP There is tremendous security benefit to running as a “Standard User” Most software doesn’t need Administrator privileges to run

28 Windows Vista UAC goals All users run as Standard User by default Filtered token created during logon Only specially marked apps get the unfiltered token Explicit consent required for elevation Predictable shell elevation paths High application compatibility Data redirection Enabling legacy apps to run as standard user Installer Detection

29 UAC Architecture Standard User Rights Administrative Rights Admin logon “Standard User” Token Admin Token Abby

30 UAC Architecture Standard User Rights Administrative Rights User Process Change Time Zone Run IT Approved Applications Install Fonts Install Printers Run MSN Messenger Etc. Standard User Mode Standard User Privilege User

31 UAC Architecture Standard User Rights Administrative Rights User Process Change Time ZoneChange Time Zone Run IT Approved ApplicationsRun IT Approved Applications Install FontsInstall Fonts Install PrintersInstall Printers Run MSN MessengerRun MSN Messenger Etc.Etc. Admin Privileges Standard User Privilege User Admin Process Install Application Admin Process Configure IIS Admin Process Change Time Admin Privilege

32 Guidance For Application Developers Installation Best Practices Use MSI 3.1 for Install and Update Alternate to MSI3.1 – call Update.exe marked as admin to do the update Self Updating Code – Don’t Do It! This is our largest App Compat problem Home consumer user applications Examples of what not to do Do not assume the user is an administrator Run Custom Actions in right context! ClickOnce is a great deployment technology for Standard User apps

33 Guidance For Developers Application Data Best Practices Your apps per user setup is performed at first run Place per-user data into %LOCALAPPDATA% Roaming into %APPDATA% Place Per-Machine (Shared) data into %ALLUSERPROFILE% Examples of what not to do Do not perform admin configuration at first run Do your admin operations during setup Do not perform explicit Admin checks for Standard User applications UAC and Code Access Security (CAS) can be used together for defense in depth

34 User Account Control In Windows Vista Chris Corio Program Manager Windows Security

35 Call To Action Ensure that your device and driver work on ALL 64-bit enable Windows operating systems Test your applications soon; understand the difference that UAC will make

36 Additional Resources CNG API documentation – currently only available with signed NDA and EULA Smart Card Subsystem Base CSP and Card Module specifications have been published to over 20 card vendors – ask if your card vendor has a card module Card module developer kit including card module spec, Base CSP binary, test suite, etc. is currently only available with signed NDA and EULA Card module developer information will be made public via MSDN in the coming months A whitepaper on the new smart card infrastructure will be released at the same time as the Base CSP Windows Service Hardening Email: User Account Control Getting Started with UAC: http://www.microsoft.com/technet/windowsvista/ evaluate/feat/uaprot.mspx http://www.microsoft.com/technet/windowsvista/ evaluate/feat/uaprot.mspxhttp://www.microsoft.com/technet/windowsvista/ evaluate/feat/uaprot.mspx UAC Developer Guidelines: http://msdn.microsoft.com/library/default.asp?url=/ library/en-us/dnlong/html/AccProtVista.asp UAC Developer Guidelines: http://msdn.microsoft.com/library/default.asp?url=/ library/en-us/dnlong/html/AccProtVista.asp http://msdn.microsoft.com/library/default.asp?url=/ library/en-us/dnlong/html/AccProtVista.asphttp://msdn.microsoft.com/library/default.asp?url=/ library/en-us/dnlong/html/AccProtVista.asp UAC Blog: http://blogs.msdn.com/uac http://blogs.msdn.com/uac wsh @ microsoft.com

37 Additional Resources Kernel Mode Code Signing White paper titled “Digital Signatures for Kernel Modules on x64-based Systems Running Windows Vista” http://www.microsoft.com/whdc/system/ platform/64bit/kmsigning.mspx http://www.microsoft.com/whdc/system/ platform/64bit/kmsigning.mspx http://www.microsoft.com/whdc/system/ platform/64bit/kmsigning.mspx 64-bit and kernel mode http://www.microsoft.com/whdc/ driver/kernel/64bit_chklist.mspx http://www.microsoft.com/whdc/ driver/kernel/64bit_chklist.mspx http://www.microsoft.com/whdc/ driver/kernel/64bit_chklist.mspx Vista Logo requirements http://www.microsoft.com/whdc/ winlogo/hwrequirements.mspx http://www.microsoft.com/whdc/ winlogo/hwrequirements.mspx http://www.microsoft.com/whdc/ winlogo/hwrequirements.mspx

38 © 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

39

Download ppt "Windows Vista And Windows Server Codename “Longhorn” Security Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation."

Similar presentations

Windows Vista Security Tidbits

Windows Vista Security Tidbits
Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
Optimizing Device Drivers For Terminal Servers Plug And Play Device Redirection Framework Gaurav Daga Program Manager Windows Terminal Server Microsoft.

Optimizing Device Drivers For Terminal Servers Plug And Play Device Redirection Framework Gaurav Daga Program Manager Windows Terminal Server Microsoft.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation

©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation
Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.

Windows Vista And Longhorn Server PKI Enhancements Avi Ben-Menahem Lead Program Manager Windows Security Microsoft Corporation.
©2006 Microsoft Corporation. All rights reserved. Application Compatibility in Windows Vista and the Application Compatibility Toolkit Micheal Sciacqua.

©2006 Microsoft Corporation. All rights reserved. Application Compatibility in Windows Vista and the Application Compatibility Toolkit Micheal Sciacqua.
Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,

Sony White House Anthem Lockheed Aramco Bushehr nuclear reactor NSA Hacked Facebook Hacked Apple,Google,Microsoft,
1 Windows Vista and “Longhorn” Server: Understanding, Enhancing and Extending Security End-to-end FUN210 Avi Ben-Menahem Lead Program Manager Microsoft.

1 Windows Vista and “Longhorn” Server: Understanding, Enhancing and Extending Security End-to-end FUN210 Avi Ben-Menahem Lead Program Manager Microsoft.
Windows 7 Training. Windows ® 7 Compatibility Installer Detection.

Windows 7 Training. Windows ® 7 Compatibility Installer Detection.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Rob Williams Program Manager Microsoft Corporation.

Rob Williams Program Manager Microsoft Corporation.
Understanding Active Directory

Understanding Active Directory
Rob Hwacinski Sr. Program Manager Lead Microsoft Corporation WEM206 Ashwin Kulkarni Sr. Product Manager Microsoft Corporation.

Rob Hwacinski Sr. Program Manager Lead Microsoft Corporation WEM206 Ashwin Kulkarni Sr. Product Manager Microsoft Corporation.
Windows Forms in Visual Studio 2005: An Overview Saurabh Pant Program Manager Microsoft Corporation.

Windows Forms in Visual Studio 2005: An Overview Saurabh Pant Program Manager Microsoft Corporation.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.

Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
Week #7 Objectives: Secure Windows 7 Desktop

Week #7 Objectives: Secure Windows 7 Desktop

Similar presentations

Ads by Google