WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each...
-
Upload
estrella-pew -
Category
Documents
-
view
213 -
download
0
Transcript of WEBCAST SCHEDULE Today’s event will run one hour long. Here are the expected times for each...
WEBCAST SCHEDULEToday’s event will run one hour long. Here are the expected times for each segment of the webcast:
:00 – :05: Moderator introduces the speaker and discusses the details of
the webcast.
:05- :25: Speaker delivers a PowerPoint presentation on the webcast topic. :25- :35: Moderator and speaker engage in a brief Q&A on the topic.
:35- :60: The speaker responds to questions submitted by the audience.
You can submit questions to the speaker at any time during the event. Just click on the “Ask a Question” button in the lower left corner of your screen.
TECHNICAL FAQsHere are answers to the most common technical problems users encounter during a webcast: Q: Why can’t I hear the audio part of the webcast?
A: Try increasing the volume on your computer.
Q: I just entered the webcast and do not see the slide that the speaker is referring to. What should I do?A: The slides are constantly being pushed to your screen. You should refresh (hit F5) to view the latest slide.
Q: In what time zone do the webcasts take place?
A: The TechTarget webcasts all occur on Eastern Daylight Saving Time (UTC/GMT - 4 hours). After Oct. 27, 2002, the webcasts will occur on Eastern Standard Time (UTC/GMT – 5 hours).
If your question is still not answered, please click the “Ask a Question” button in the lower left corner of your screen and submit your problem. A technical support person will respond immediately.
You can also visit the Broadcast Help page for more information or to test your browser compatibility. Click here: http://help.yahoo.com/help/bcst/
Trick or Treat:What has Microsoft delivered in Trustworthy Computing?
Roberta Bragg
What do these words say to you?
Microsoft marketing Microsoft finally “gets it” Microsoft Moratorium – Writing secure code Palladium TCPA? (Trusted Computing Platform
Alliance) Trusted Computing Base Survivable Networks
How Microsoft defines Trustworthy Computing
“For computers to be taken for granted, they must always be available wherever and whenever people need them, they must reliably protect personal information from misuse and give people control over how their data is used, and they must be unfailing secure. We call this concept Trustworthy Computing.” Bill Gates, April 2002
“The Trustworthy Computing Initiative is a label for a whole range of advances that have to be made for people to be as comfortable using devices powered by computers and software as they are today using a device that is powered by electricity.” Craig Mundie, CTO, May 2002.
Let’s look at one of Bill Gates’
examples of a trustworthy system
The Public Telephone Network(I think we’re going to find that it’s less
“trustworthy” than we think.)
Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
A lesson – PTN/Internet(Schneider, Building Trustworthy Systems)
Similarities to Internet No entity owns or manages entirely, nor
can have complete picture of Large number of subsystems Complexity driven by
– interfaces at boundaries of subsystems– demand for advanced services
Complexity means operator errors
PTN vulnerabilities
Backhoe fading – solved by redundancy Cost pressures; competition vs. old monopoly means
less robustness New technology means fewer physical links
necessary for higher levels of traffic (failure of single link = higher repercussions)
Less backup capacity, as leased from others Designed for few companies, inherit trust in access to
switches; now many companies, non-trusted interconnections between switches
Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
Attacks on the PTN
Mostly, up till this time, toll fraud Threat growing More operations support systems (OSS)
and more interconnections of them Increased skill of attackers More Signaling System 7 (SS7)
interconnections to new phone companies (takes less to do so)
New types of PTN attacks
Routing attack– eaves dropping from interoffice trunks– view or alter route tables of switches– manual control possible
Database attacks– OSSs manage databases (toll-free numbers, call
forwarding, message delivery)– control = possible deception, abuse
• change speed dialing; re-route• subscribers choice of long-distance (slamming)
Let’s return to why a trustworthy “system” is a premium issue in computing.
Electronic banking Electronic stock
buying Electronic voting Online medical
databases E-mail Schedule
E-commerce Patient records Competitive
information Proprietary
information
And…
Technology PDAs Smart phones Wireless access
Different software models Mobile code Web services
Availability Wireless access points
at coffee shops Public kiosks
Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
Needed: A trustworthy computing infrastructure
It does what we want (and only what we want) when we want it to, regardless of attack or design flaw.
Trustworthiness – a holistic definition
Confidentiality Correctness/integrity Reliability: fault tolerance Availability Survivability Security Privacy Safety
An example – FAA 5 layers of protection
Personnel
Physical
Compartmentalization & information
systems security
Site-specific adaptation
Redundancy
A history lesson
The myth of the Trusted Computing Base– security meant confidentiality (keeping secrets)– accomplished via access control – LaPadula
model/Orange book– specialized equipment
Today – must use COTS Integrity, availability are equally important Common criteria addresses this, but … TCB = combination hardware and software
trusted to enforce security policies.
More of the myth
TCB is line drawn in sand sandbox.– once breached battle is lost– easily attacked by using an unforeseen method
How can you have a trusted computing base when computing is distributed?– machines, data storage, communications– plug-and-play – Who really knows what software is
running on a specific machine? And where: reliance on familiar systems decreases
learning curve for would-be attackers – the monoculture effect
Report card on the industry Affordable products – PKI, biometrics, smart
cards IBM ThinkPad's with onboard hardware storage
and generation of cryptographic keys & security subsystem
Smart phones limitations on downloadable software
Explosion in software security products Increased spending on security products Continued forecasts
Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
And still, software is poorly written – WHY? Why do we still
get bug reports? Market pressures Lack of discipline Brilliance! = perfection The need for “friendliness” Focus on features/function Public perception = reality It takes a long time to effect a change (There’s a lot of existing code…)
Why aren’t systems hardened, protected and patched?
Market pressures Lack of discipline Brilliance! = perfection/security Lack of sharing (changing now) Focus on features/function/technology Public perception = reality Ignorance of impact on bottom line Security features! = security
Trustworthy computing future Central policy that’s deployed without significant work by
administrators Computers that can self-diagnose and heal themselves Computers that can administer other computers Programming tools that reduce complexity and increase
flexibility Increased accountability of Internet users/providers Increased knowledge, study of the interaction between
sociology and technology More reliable systems with longer time between hardware failure Increased reliance on crypto to encrypt files, protection
communications and authenticate access Higher importance to security over features – security becomes
the features that sell
What is happening NOW
IndustryMicrosoftYou
Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
What Microsoft has done/will do
Training for secure coding Use of outsiders Internal/external programs for security Publication of results New products Framework for trustworthy computing
Writing secure code initiative Work stoppage and code review
– Training for all– Code hygiene – 76 days, 8000 programmers– Then SQL, Exchange, SMS– $10 million!!!
Changes in .NET– Turn off & lower privileges of 30 services by default– IIS not loaded by default, when it is static Web server
Other products– Outlook in Office 2002 default settings, improvements– XP SP1
Use of outsiders
Threat modeling, threat analysis Increased access to source codePromise to publish nexxus of
Palladium
Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
Programs for security
Strategic Technology Protection Program (STPP) – get secure, stay secure
Security liaison for each product group (responsible for security of code)
Architect security into products at design Security clinics – training for administrators SMS value pack Microsoft Security Response Center Secure Windows Initiative 866-PC SAFETY – virus hotline Security operations guides
Publication of results
Uncovering “bugs” in code and releasing security bulletins and patches
Security operations guides Baseline security analyzer New tools and improved tools Work with industry groups on Web
services security issues
New products/sample code
SUS Base Line Security Analyzer Improved tools
– URLScan– IISLock
SMS feature pack XML filter example code (install on ISA –
secure Web services; protects XML Web services from unauthorized access and DOS attacks) – inspect incoming SOAP and XML data
Palladium
Run only trusted code that is physically isolated, protected and inaccessible to rest of system (curtained memory) (sealed storage)
Attestation – code that digitally signs data PC Files encrypted with code specific to each PC
(useless if stolen or copied) Users can operate in “realms” vaults – keep
private and public info separate New chip and design changes to CPU,
chipsets and peripherals Not a part of boot process
Palladium Will not require DRM Stores keys in hardware Trusted operating root or nexxus – will publish
source code for examination; the kernel of Palladium; the software for the Palladium hardware
Security Support Component (SSC) – hardware module does cryptographic operations and stores cryptographic keys; at least one RSA private key and AES symmetric key are never exported from the chip
Machine owners (organizations, single owners) are in charge of what runs and is monitored
Redefinition – framework for trustworthy computing
Secure by design Secure by default Secure in deployment
– patching– recovery– intrusion detection– automatic corrective action 1
Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
What others are doing
TCPA – Trusted Computing Platform Alliance – a specification
Le Grande – technology for Prescott chip; anti-piracy features; protection from hacks, DRM?
IBM’s onboard cryptographic chip and security suite
New Phoenix BIOS – secure version, designed to prevent intruders from signing on to computer or accessing remotely
Carnegie Mellon University – Sustainable Computing Consortium
Your report card
More security researchers Awareness is high Buying security products
– purchase of encryption products up 86% over last three years
– projection for security spending is up
Still not patching Still not using provided tools Still not supporting employees with advanced
security training
Trustworthy people?
The factor that secure software and hardware-based security subsystems cannot entirely deal with
Policy and people are as important as product
Trustworthiness is holistic
Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
What you can do
Insist on secure software– purchase products that follow sound
principles in product development and are responsive to vulnerability reports
Insist on integrated hardware devices that do not preclude “our” control
Put your own house in order Support initiatives
Resources Building trustworthy systems: An FAA perspective –
www.dacs.dtic.mil/awareness/newsletters/stn4-3/trustworthy.html
Is the trusted computing base concept fundamentally flawed? – John McLean, Center for High Assurance Computer Systems, Naval Research Laboratory
Building trustworthy systems: Lessons from the PTN and Internet – Schneider, Bellovin, Inouye, IEEE Internet Computing, 1999
Trust in cyberspace – www.nap.edu/readingroom/books/trust
Get on the mailing list for Palladium info – [email protected] with “subscribe” in the subject line
TCPA spec www.trustedcomputing.org
Questions?
Click on the Ask a Question link in the lower left corner of your screen to ask Roberta Bragg a question about this webcast.
You can also e-mail Roberta at [email protected] or find her on SearchWin2000.com’s security experts page.
Feedback
Thank you for your participation.
Did you like this webcast topic?
Would you like us to host other events similar to this one? Send your
feedback on this event and ideas for other topics to