Post on 29-Dec-2015
Life in the Fast Lane orCreating a more trustworthy Internet
Doug CavitChief Security StrategistTrustworthy Computing
© 2008 Microsoft Corporation
Users must be empowered to make informed trust decisions (including accepting the risks of anonymity)Strong identity claims and reputation must be available to enhance security, privacy, and trustBetter accountability must be created to deter crime and facilitate responses
The Internet RevolutionBeneficial change
Social: Enabling a global village Economic: Easier, faster, cheaper commercePolitical: Freer exchange of ideas
Undesirable changeLoss of data subject control over informationRise in identity theftTargeted attacks against businesses & governmentsIncreases in other types of online and tech-facilitated crimes
Now required: End to End Trust
© 2008 Microsoft Corporation
Threat Trends
Hardware
O/S
Drivers
Applications
GUI
User
Physical
Examples• Spyware• Rootkits• Application
attacks• Phishing/Social
engineering
Attacks Getting More SophisticatedTraditional defenses are inadequate
National Interest
Personal Gain
Personal Fame
Curiosity
Amateur Expert Specialist
Largest area by volume
Largest area by $ lost
Script-Kiddy
Largest segment by
$ spent on defense
Fastest growing segment
AuthorVandal
Thief
Spy
Trespasser
Crime On The Rise
mainframe
client/server
Internet
mobility
B2E B2C
B2B
Pre-1980s
1980s 1990s 2000s
Nu
mb
er
of
Dig
ital
IDs
Exponential Growth of IDsIdentity and access management challenging
Trojan
Downl
oade
r/Dro
pper
Expl
oit
Wor
m
Keylog
gers
&c
Back
door
Viru
s
Root
kit
0
40,000
80,000
120,000
160,000
Increasingly Sophisticated MalwareAnti-malware alone is not sufficient
Number of variants from over 7,000 malware families (1H07)
Source: Microsoft Security Intelligence Report (January – June 2007)
© 2008 Microsoft Corporation
Security Privacy Reliability
BusinessPractices
Secure against attacksProtects confidentiality, integrity & availability of data & systemsManageable
Protects from unwanted communication Controls for informational privacyProducts, online services adhere to fair information principles
Dependable, AvailablePredictable, consistent responsive serviceMaintainable Resilient, works despite changesRecoverable, easily restoredProven, ready
Commitment to customer-centric InteroperabilityRecognized industry leader, world-class partner Open, transparent
Launched in January 2002A Microsoft company-wide mandate
Trustworthy Computing
Microsoft's Commitment to TwC
© 2008 Microsoft Corporation
Security Development Lifecycle Security Response Center Better Updates And Tools
Security Fundamentals
© 2008 Microsoft Corporation
Security And Privacy Progress
Microsoft Security Response Center (MSRC)
Microsoft Malware Protection Center (MMPC)
Windows Live OneCare and Forefront Client Security, powered by the Microsoft Malware Protection Center
SPAM (Sender ID, Phishing Filters)
Network Access Protection (NAP/NAC)
Security Development Lifecycle process
Engineered for security
Design threat modeling
SD3:
Secure by Design
Secure by Default
Secure In Deployment
Automated patching and update services
SDL and SD3
Malware Example
Consumer Education
Laws
Firewalls
Antivirus Products
Antispyware Products
Malicious Software Removal Tool
Memory Management (ASLR)
Law Enforcement
Defense in Depth ThreatMitigation
© 2008 Microsoft Corporation
Building a Trusted Stack
“I+4A”
Trusted Hardware
SecureFoundation
Core Security Components
Identity ClaimsAuthentication
AuthorizationAccess Control
MechanismsAudit
Trusted PeopleTrustedStack
Trusted Data
Trusted Software
INTEGRATED PROTECTION
SDL and SD3
Defensein Depth
ThreatMitigation
© 2008 Microsoft Corporation
Trust decisions …are not binary
may change as circumstances change
are auditable
may be rolled back if bad
Effective trust decisions must Be based on a trusted stack
Balance privacy, security & risk
Be easy and informed
Made automatically where possible
Can people protect themselves and their family as they can in the physical world?
Making Effective Trust Decisions
Trusted People
Trusted Software
Trusted Hardware
Trusted Data
privacy security
© 2008 Microsoft Corporation
Building AlignmentSuccessful end-to-end trust needs solutions aligned with
Societal valuesMarket forcesRegulatory environment
These ideas, raised by many before, have not been implemented, in part because of misalignmentWe must come together to change the status quo, and find ways to address international barriers to implementation
© 2008 Microsoft Corporation
BenefitsReduce types and severity of threats (e.g., de-value PII and reduce ID Theft)
Create accountability for online crime
Enable greater, safer personal Internet usage
Enter new markets, expand Internet presence, and collaborate with partners and customers while reducing costs and risks
Improve public safety and national security efforts, including disaster response (e.g., priority routing)
© 2008 Microsoft Corporation
TwC – a good foundation
Vulnerabilities greatly reduced but will never be zero
Defense in Depth limits damage but cannot eliminate successful attacks
Disabled features only protects against misuse of unused features
For-profit crime is driving increasingly sophisticated attacks
Enterprises can secure intranets,
Internet not yet safe
TwC for the Internet
People would do more online if they felt safer
TwC for the Internet
Users need to be able to assess risks
connecting to sitesusing softwareinteracting with people
Users need assurance of security & privacy
Identity claims when required need to be provable
Users need to be able to choose to be anonymous
Too hard to know if a computer should be trusted
Not possible to prove claims of identity beyond the intranet
Porous enterprise boundaries make suspicious activity harder to detect
Users need informed control of their computing experience
Users need a simple way to make trust decisions on sites, software & data
Bad actors like online criminals should be held accountable for their actions, which harm security and privacy
Requires broad industry, government and citizen collaboration
© 2008 Microsoft Corporation
Establishing End to End Trust
Core Security Components
Trust Founded on “Identity Claims,” not
Identity
Trusted Stack Protecting Privacy
Needed for a trusted stack
HW, SW, people & data validationRobust trust modelInformed decisions based on integrity & reputation
Scalable across all user scenarios
Identity Claims
Authentication
Authorization Policies
Access Control Mechanisms
Audit
Authenticate users on certified attributes
In-person proofing
Protects identity, reveals only data required to be
AuthenticatedAuthorized for Access
Actions auditable, and privacy protected
Stolen identity claim insufficient to cause data breach or ID loss
Users should be able to control their PII
Anonymity should be protected in appropriate contexts as a key social value, and clear to all parties
People
SoftwareHardwar
e
Data
© 2008 Microsoft Corporation
End To End TrustEconomic Forces
SocialRequirementsPolitical/
Legislative
Core Security
Components
Trusted Stack
Secure Foundation SDL and
SD3Defensein Depth
ThreatMitigatio
n
“I+4A”
Identity ClaimsAuthentication
AuthorizationAccess Control Mechanisms
Audit
Trusted Data
Trusted People
Trusted Software
Trusted Hardware
Integrated Protection
© 2008 Microsoft Corporation
Imagine If We Had…Safe electronic playgrounds for children
Secure and easy electronic commerce with minimal identity theft
Trustworthy systems and connections with user control
Far less need to disclose personally identifiable information
A more secure infrastructure able to respond in real-time to developing threats
© 2008 Microsoft Corporation
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the
date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
© 2008 Microsoft Corporation
Appendix
Unused Slides for Scott’s standard keynote
© 2008 Microsoft Corporation
Next Steps
We need a broad dialogue on
Technology Innovations Economic Forces Political Standards Social Change
www.microsoft.com/endtoendtrust
© 2008 Microsoft Corporation
Return to Some Scenarios
Safe electronic playgrounds for children
Secure and easy electronic commerce with minimal identity theft
Trustworthy systems and connections with user control
Far less need to disclose personally identifiable information
A more secure infrastructure able to respond in real-time to developing threats