hosted by the promise of trustworthy computing and why most of corporate america will never benefit...
TRANSCRIPT
Hosted by
The Promise of Trustworthy Computing
And why most of corporate America will never benefit from it.
Roberta Bragg
Hosted by
“Trustworthy Computing is a 10-year project, sort of like (President) Kennedy sending people to the moon. We're (only) a year into it. We want to get to a point where the end user says, I trust this technology, my privacy is protected, and it is reliable."
-- Scott Charneychief security strategistMicrosoft
Hosted by
“Trusted computing proposes a computer
with security measures built into both
the hardware and software, without the
need or ability of the computer's user to
implement or disable it”
--Stephen J. Vaughan Nichols, DevChannel.org,
April 17, 2003
Hosted by
Trustworthy Computing Initiative
Microsoft's Next-Generation Secure Computing Base (NGSCB), formerly known as Palladium• Vaulted computer storage and CPU accessible only to TC
processes
• Data encrypted as it moves between computers and components
• Nexxus or manager of trusted code - kernel, no third-party code allowed
• Use special CPU
• 5 hardware parts must change CPU, chipset, Input device, video output, unique identification chip
Hosted by
TC Initiative
Trusted Computing Platform Alliance
(TCPA), an industry group (Compaq, HP,
IBM, Intel, and Microsoft, now over 190
member companies) • Special cryptographic chip.
• www.tcpa.org
• Version 1.97 , July 2002?
Hosted by
TC Initiative
Intel's LaGrande.
hardware-based foundation for security.
protected execution, protected memory, and protected
storage.
Forecast to be in the Prescott chip design, which will
succeed the Pentium 4 second half of 2003.
Shades of 1999 digital identification chip?
Hosted by
Good
IBM's ThinkPad T30 high-end laptop use
an Atmel processor based on some
aspects of the TCPA specification
Hosted by
Good
Intel’s TPM (Trusted Platform Module)
(for future Centrino chipsets) will
provide a digital certificate . This could
be used to authenticate the computer on
a network configured to do so. Think
secure wireless communications for
example, using 802.1x.
Hosted by
Bad
Intel’s Centrino chipset TPM : Could the
certificate be used to identify the
machine on the Internet to anyone who
can? Would you know at all times where
I am? (as long as I have my computer
with me?)
Hosted by
Good
Microsoft Work stoppage in 2002 to re-
write server 2003 code
And train programmers
Spent 100 million
Hosted by
Good
Employees also treat the company's security personnel differently (Jonathan Schwartz, software design engineer for Windows Security at Microsoft) security folks were seen as "the crazy voices from off in the woods."
"We understood what a buffer overflow was, and we would yell and scream until it got fixed," Schwartz said. Now the security team has the opposite problem: More people point out bugs, and many are relatively minor.
CNET january 16,2003
Hosted by
Good
Created the Security Business Unit: • Responsible for
securing Windows
spearheading company-wide security efforts
developing new security products for market.
Hosted by
Good
Revamped Microsoft Security Response
Center (MSRC)
Greater authority to coordinate
vulnerability investigations and develop
fixes.
Hosted by
Good
Incorporated severity ratings in security
advisories and patch releases.
Goal to give admins better ability to
judge patch/advisory criticality.
Hosted by
Good
Retrofitted XP and 2000 from knowledge
learned in debugging Server 2003.
(SP1 and SP3, respectively).
Incorporate security patches for scores
of known and publicly unknown
vulnerabilities.
Hosted by
Good
New quality control tools for the
Windows compiler
Checks code for buffer overflows
Compiler changed after first version of
Server 2003 released
Hosted by
Good
Software Update Services• Patch management service
• Automatically downloads patches from Microsoft to
a local server
• Enterprise customer can test, approve patches
before pushing them to endpoints.
• Can deploy patch servers for isolated systems
• Product available for free
Hosted by
Good
Released Microsoft Baseline Security
Analyzer, a free tool that checks
Windows systems for basic security
configurations.
Hosted by
Good
Achieved Common Criteria security
certification for Windows 2000, the first
operating system to meet the standard.
Hosted by
Good
Windows Server 2003!• By default multiple services turned off
• By default more secure security settings enabled,
restricted – hundreds of them
Hosted by
Bad
300 million windows users
100 million of them still on windows 95• Designed in 1993, release 1995
• Designed for 386, 10s of megahertz, 16 MB RAM.
• Things like strength of encryption keys are based on capabilities of machine
• “In practical terms the rate of evolution of the attack moves at the speed that the computer system evolves.” Craig Mundie, Microsoft Technology chief, idg.net, March 12, 2002
Hosted by
Is that good design?
“It's like saying in conventional warfare that I think I know what the bombs and bullets look like; I'll go and build a bunker. It'll have one-foot thick walls and be eight feet under the sand. Then along comes a guy with a bunker buster bomb and, boom, you're dead. Did the guy who designed the bunker do a bad job? Well, he only designed for the capability of the threat he knew.”
--Craig Mundie.
Hosted by
Good
Released free security guide for Windows Server 2003 now available; 200+ pages
• http://go.microsoft.com/fwlink/?LinkId=14845
Windows 2000 Security Operations Guide (and other prescriptive guidance documents)
• http://msdn.microsoft.com/practices/
Almost 300 page free document “Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP”
All accompanied by tools, templates and auxiliary
documents.
Hosted by
Good
Attentions of security researchers turned to other systems than Microsoft, found flaws and published them too
BSD
SSL
Sendmail
Cisco
More…
Hosted by
Bad
We learned that some vendors are not so
eager to fix flaw
Some companies acted as if the problem
was not there’s and have been less than
forthcoming
Hosted by
Good
More announcements of ‘security
awareness, security training’ positions
and programs in companies
Hosted by
Bad
This was posted to a public forum last month:
“I broke into a bank kiosk” • I changed the URI on the browser
• Firewall prompted for a password
• I clicked cancel
• It then connected me to the external location and let me browse
• I found a location of the corporate internal home page
Hosted by
Good
Cooperation between industry and government :
sharing info on vulnerabilities, risks, attacks so
that large scale attacks on infrastructure can
hopefully be avoided, or identified early and thus
the impact is minimal
• Infragaurd
• Information Sharing and Analysis Center (ISACs)
For example, one for public utilities
Hosted by
Good
InfraGard chapters - over 5000 members. I
the most extensive government-private sector partnership for infrastructure protection in the world
FBI provides to InfraGard members free of charge.
shares information about cyber intrusions and vulnerabilities through the formation of local InfraGard chapters and public WebSites, an alert and incident reporting network, local chapter activities, and a help desk.
secure electronic communications capability to all InfraGard members
Hosted by
Good
The NIPC initiated the establishment of an Information Sharing and Analysis Center (ISAC) Support and Development Unit, whose mission is to enhance private sector cooperation and trust, resulting in two-way sharing of information and increased security for the nation's critical infrastructures.
representing energy, telecommunications, information technology, banking and finance, emergency law enforcement, emergency fire services, water supply, food, and chemical sectors (and other)
Hosted by
Bad
If someone reveals a vulnerability, or
cooperates by providing info that is no
guarantee that anyone will fix it. Whose
responsible for the fallout?
Will you get sued?
Hosted by
Good
More companies are doing their own
security initiatives or at least talking
about security;• http://www.macromedia.com/devnet/security/article
s/mmsecurity.html
• http://www.cisco.com/security/
• dozens more
Hosted by
Bad
Some sites hard to find security contact
information
Some sites hard to find security
vulnerability information
Security lipservice != security
Hosted by
Good
Book on Secure programming• Michael Howard and David LeBlanc
• Writing Secure Code
Adaptation for college course• Leeds University first to offer
(sharing the lessons learned)
Hosted by
Bad
Using automatic update to media player
to add ‘adds’
I shouldn’t have to pay for being able to
correct flaws to your software
Hosted by
Fear
They’ll track me on the web• Security chip uniquely identifies computer
• Who can identify the chip?
I can’t run what I want
Its’ going to break my systems
Hosted by
Legacy systems
Can’t get rid of my thousands of
applications
Can’t get rid of old hardware
300 million windows users
100 million of them still on windows 95
Hosted by
Misunderstanding
Double negatives in Microsoft Security
options
Multiple security recommendations even
within Microsoft
Hosted by
Expense
To develop• New hardware must be developed
To implement• Attitudes of users , management, IT must change
• New hardware software much be purchased
• New skills must be learned
To maintain
Hosted by
Wrong Design Decision?
Shouldn’t put into hardware what we
don’t understand.
Building security into the processor? We
can’t deicide what security is?
Otherwise we are doomed to failure.
Very hard to change.
Hosted by
Confused with DCMA
Some see as a prescription from the Motion
Picture Association of America, record
companies and the like
Seen as safer for copyright holders, less so for
users and privacy