WEBCAST SCHEDULEToday’s event will run one hour long. Here are the expected times for each segment of the webcast:

:00 – :05: Moderator introduces the speaker and discusses the details of

the webcast.

:05- :25: Speaker delivers a PowerPoint presentation on the webcast topic. :25- :35: Moderator and speaker engage in a brief Q&A on the topic.

:35- :60: The speaker responds to questions submitted by the audience.

You can submit questions to the speaker at any time during the event. Just click on the “Ask a Question” button in the lower left corner of your screen.

TECHNICAL FAQsHere are answers to the most common technical problems users encounter during a webcast: Q: Why can’t I hear the audio part of the webcast?

A: Try increasing the volume on your computer.

Q: I just entered the webcast and do not see the slide that the speaker is referring to. What should I do?A: The slides are constantly being pushed to your screen. You should refresh (hit F5) to view the latest slide.

 Q: In what time zone do the webcasts take place?

A: The TechTarget webcasts all occur on Eastern Daylight Saving Time (UTC/GMT - 4 hours). After Oct. 27, 2002, the webcasts will occur on Eastern Standard Time (UTC/GMT – 5 hours).

If your question is still not answered, please click the “Ask a Question” button in the lower left corner of your screen and submit your problem. A technical support person will respond immediately.

You can also visit the Broadcast Help page for more information or to test your browser compatibility. Click here: http://help.yahoo.com/help/bcst/

 

Trick or Treat:What has Microsoft delivered in Trustworthy Computing?

Roberta Bragg

What do these words say to you?

Microsoft marketing Microsoft finally “gets it” Microsoft Moratorium – Writing secure code Palladium TCPA? (Trusted Computing Platform

Alliance) Trusted Computing Base Survivable Networks

How Microsoft defines Trustworthy Computing

“For computers to be taken for granted, they must always be available wherever and whenever people need them, they must reliably protect personal information from misuse and give people control over how their data is used, and they must be unfailing secure. We call this concept Trustworthy Computing.” Bill Gates, April 2002

“The Trustworthy Computing Initiative is a label for a whole range of advances that have to be made for people to be as comfortable using devices powered by computers and software as they are today using a device that is powered by electricity.” Craig Mundie, CTO, May 2002.

Let’s look at one of Bill Gates’

examples of a trustworthy system

The Public Telephone Network(I think we’re going to find that it’s less

“trustworthy” than we think.)

Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

A lesson – PTN/Internet(Schneider, Building Trustworthy Systems)

Similarities to Internet No entity owns or manages entirely, nor

can have complete picture of Large number of subsystems Complexity driven by

– interfaces at boundaries of subsystems– demand for advanced services

Complexity means operator errors

PTN vulnerabilities

Backhoe fading – solved by redundancy Cost pressures; competition vs. old monopoly means

less robustness New technology means fewer physical links

necessary for higher levels of traffic (failure of single link = higher repercussions)

Less backup capacity, as leased from others Designed for few companies, inherit trust in access to

switches; now many companies, non-trusted interconnections between switches

Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

Attacks on the PTN

Mostly, up till this time, toll fraud Threat growing More operations support systems (OSS)

and more interconnections of them Increased skill of attackers More Signaling System 7 (SS7)

interconnections to new phone companies (takes less to do so)

New types of PTN attacks

Routing attack– eaves dropping from interoffice trunks– view or alter route tables of switches– manual control possible

Database attacks– OSSs manage databases (toll-free numbers, call

forwarding, message delivery)– control = possible deception, abuse

• change speed dialing; re-route• subscribers choice of long-distance (slamming)

Let’s return to why a trustworthy “system” is a premium issue in computing.

Electronic banking Electronic stock

buying Electronic voting Online medical

databases E-mail Schedule

E-commerce Patient records Competitive

information Proprietary

information

And…

Technology PDAs Smart phones Wireless access

Different software models Mobile code Web services

Availability Wireless access points

at coffee shops Public kiosks

Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

Needed: A trustworthy computing infrastructure

It does what we want (and only what we want) when we want it to, regardless of attack or design flaw.

Trustworthiness – a holistic definition

Confidentiality Correctness/integrity Reliability: fault tolerance Availability Survivability Security Privacy Safety

An example – FAA 5 layers of protection

Personnel

Physical

Compartmentalization & information

systems security

Site-specific adaptation

Redundancy

A history lesson

The myth of the Trusted Computing Base– security meant confidentiality (keeping secrets)– accomplished via access control – LaPadula

model/Orange book– specialized equipment

Today – must use COTS Integrity, availability are equally important Common criteria addresses this, but … TCB = combination hardware and software

trusted to enforce security policies.

More of the myth

TCB is line drawn in sand sandbox.– once breached battle is lost– easily attacked by using an unforeseen method

How can you have a trusted computing base when computing is distributed?– machines, data storage, communications– plug-and-play – Who really knows what software is

running on a specific machine? And where: reliance on familiar systems decreases

learning curve for would-be attackers – the monoculture effect

Report card on the industry Affordable products – PKI, biometrics, smart

cards IBM ThinkPad's with onboard hardware storage

and generation of cryptographic keys & security subsystem

Smart phones limitations on downloadable software

Explosion in software security products Increased spending on security products Continued forecasts

Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

And still, software is poorly written – WHY? Why do we still

get bug reports? Market pressures Lack of discipline Brilliance! = perfection The need for “friendliness” Focus on features/function Public perception = reality It takes a long time to effect a change (There’s a lot of existing code…)

Why aren’t systems hardened, protected and patched?

Market pressures Lack of discipline Brilliance! = perfection/security Lack of sharing (changing now) Focus on features/function/technology Public perception = reality Ignorance of impact on bottom line Security features! = security

Trustworthy computing future Central policy that’s deployed without significant work by

administrators Computers that can self-diagnose and heal themselves Computers that can administer other computers Programming tools that reduce complexity and increase

flexibility Increased accountability of Internet users/providers Increased knowledge, study of the interaction between

sociology and technology More reliable systems with longer time between hardware failure Increased reliance on crypto to encrypt files, protection

communications and authenticate access Higher importance to security over features – security becomes

the features that sell

What is happening NOW

IndustryMicrosoftYou

Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

What Microsoft has done/will do

Training for secure coding Use of outsiders Internal/external programs for security Publication of results New products Framework for trustworthy computing

Writing secure code initiative Work stoppage and code review

– Training for all– Code hygiene – 76 days, 8000 programmers– Then SQL, Exchange, SMS– $10 million!!!

Changes in .NET– Turn off & lower privileges of 30 services by default– IIS not loaded by default, when it is static Web server

Other products– Outlook in Office 2002 default settings, improvements– XP SP1

Use of outsiders

Threat modeling, threat analysis Increased access to source codePromise to publish nexxus of

Palladium

Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

Programs for security

Strategic Technology Protection Program (STPP) – get secure, stay secure

Security liaison for each product group (responsible for security of code)

Architect security into products at design Security clinics – training for administrators SMS value pack Microsoft Security Response Center Secure Windows Initiative 866-PC SAFETY – virus hotline Security operations guides

Publication of results

Uncovering “bugs” in code and releasing security bulletins and patches

Security operations guides Baseline security analyzer New tools and improved tools Work with industry groups on Web

services security issues

New products/sample code

SUS Base Line Security Analyzer Improved tools

– URLScan– IISLock

SMS feature pack XML filter example code (install on ISA –

secure Web services; protects XML Web services from unauthorized access and DOS attacks) – inspect incoming SOAP and XML data

Palladium

Run only trusted code that is physically isolated, protected and inaccessible to rest of system (curtained memory) (sealed storage)

Attestation – code that digitally signs data PC Files encrypted with code specific to each PC

(useless if stolen or copied) Users can operate in “realms” vaults – keep

private and public info separate New chip and design changes to CPU,

chipsets and peripherals Not a part of boot process

Palladium Will not require DRM Stores keys in hardware Trusted operating root or nexxus – will publish

source code for examination; the kernel of Palladium; the software for the Palladium hardware

Security Support Component (SSC) – hardware module does cryptographic operations and stores cryptographic keys; at least one RSA private key and AES symmetric key are never exported from the chip

Machine owners (organizations, single owners) are in charge of what runs and is monitored

Redefinition – framework for trustworthy computing

Secure by design Secure by default Secure in deployment

– patching– recovery– intrusion detection– automatic corrective action 1

Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

What others are doing

TCPA – Trusted Computing Platform Alliance – a specification

Le Grande – technology for Prescott chip; anti-piracy features; protection from hacks, DRM?

IBM’s onboard cryptographic chip and security suite

New Phoenix BIOS – secure version, designed to prevent intruders from signing on to computer or accessing remotely

Carnegie Mellon University – Sustainable Computing Consortium

Your report card

More security researchers Awareness is high Buying security products

– purchase of encryption products up 86% over last three years

– projection for security spending is up

Still not patching Still not using provided tools Still not supporting employees with advanced

security training

Trustworthy people?

The factor that secure software and hardware-based security subsystems cannot entirely deal with

Policy and people are as important as product

Trustworthiness is holistic

Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

What you can do

Insist on secure software– purchase products that follow sound

principles in product development and are responsive to vulnerability reports

Insist on integrated hardware devices that do not preclude “our” control

Put your own house in order Support initiatives

Resources Building trustworthy systems: An FAA perspective –

www.dacs.dtic.mil/awareness/newsletters/stn4-3/trustworthy.html

Is the trusted computing base concept fundamentally flawed? – John McLean, Center for High Assurance Computer Systems, Naval Research Laboratory

Building trustworthy systems: Lessons from the PTN and Internet – Schneider, Bellovin, Inouye, IEEE Internet Computing, 1999

Trust in cyberspace – www.nap.edu/readingroom/books/trust

Get on the mailing list for Palladium info – pdinfo@microsoft.com with “subscribe” in the subject line

TCPA spec www.trustedcomputing.org

Questions?

Click on the Ask a Question link in the lower left corner of your screen to ask Roberta Bragg a question about this webcast.

You can also e-mail Roberta at Freouwebbe@msn.com or find her on SearchWin2000.com’s security experts page.

Feedback

Thank you for your participation.

Did you like this webcast topic?

Would you like us to host other events similar to this one? Send your

feedback on this event and ideas for other topics to

editor@searchWin2000.com.