SlideShare une entreprise Scribd logo

Intel Trusted eXecution Technology

Télécharger en tant que PPT, PDF
Bibhu Biswal
Bibhu Biswal

Intel TXT

TechnologieBusiness
1  sur  24
Intel® TXT The Front Door of Trusted Computing.... © 2008 Intel Corporation
Outlines  Introduction to Intel® TXT Technology  Why it matters?  Bad & Good List  Architectural Enhancements  How it works?  Control Points  LCP Protection  Use Models  Benefits  Meeting the requirements  Conclusion  References Intel ® TXT 2 6 Mar 2012 Front Door of Trusted Computing …
Introduction  Intel® TXT(Trusted eXecution Technology) Code named as LaGrande.  Provides Hardware-based Security enhancing the level of security (more useful for Business PCs)  Integrates new security features and capabilities into the processor, chipset and other platform components Intel ® TXT 3 6 Mar 2012 Front Door of Trusted Computing …
Why it matters?  Mechanism of Malwares may vary but they all seek to: 1. Corrupt Systems 2. Disrupt Business 3. Steal Data 4. Seize control of Platforms  Traditional approaches by anti-viruses is to look for “known-bad” elements.  Intel® TXT provides “known good-focused” approach, that checks for malicious software before they are even launched. Intel ® TXT 4 6 Mar 2012 Front Door of Trusted Computing …
Move from bad list to good list VMM V20 VMM V4 VMM V8 Hacked_V1 VMM V4 VMM V1 VMM V3 Corrupted_V2 Hacked_V1 VMM V2 VMM V4OS3 Corrupted_V2 OS1 Hacked_V1 OS4 OS3 OS2 Corrupted_V2 OS4 OS3 OS4 Bad list Good list Reactive Proactive Intel ® TXT 5 6 Mar 2012 Front Door of Trusted Computing …
Good List Requirements Accurate Strict control Identity identity of enables switch to Check software good list Enforce the Control list policy Must provide ability to validate list integrity at time of policy Integrity enforcement Check Management of list must provide for multiple users and assurance of list integrity Intel ® TXT 6 6 Mar 2012 Front Door of Trusted Computing …
Architectural Enhancements A number of system components’ functionalities as well as architecture is enhanced:  Processor: Provides for simultaneous support of the standard partition & one or more protected partitions.  Chipset: Provides protected channels to graphics h/w and i/o devices on behalf of the protected partitions. Also provides interfaces to the TPM.  Keyboard & Mouse: Support encryption of keyboard and mouse input using a cryptographic key that is shared between the input device and the input manager for protected execution domain. (contd..) Intel ® TXT 7 6 Mar 2012 Front Door of Trusted Computing …
 Graphics: Provides protected pathway between an application or software agent and the output display context(such as window object)  TPM(Trusted Platform Module): Hardware-based mechanism that stores cryptographic keys and other data related to Intel® TXT within the platform, also provides hardware support for the attestation process to confirm the successful invocation of the Intel TXT environment. Intel ® TXT 8 6 Mar 2012 Front Door of Trusted Computing …
Internal Components of a TPM Intel ® TXT 9 6 Mar 2012 Front Door of Trusted Computing …
How does it works? Intel ® TXT 10 6 Mar 2012 Front Door of Trusted Computing …
How does it works? (contd..)  Creates a Measured Launch Environment(MLE) that enables accurate comparison of all critical elements of launch environment against known-good source.  Creates a cryptographically unique identifier for each approved launch-enabled component, and then provides hardware-based enforcement mechanisms to block the launch of code that does not match approved code.  Intel TXT provides: • Verified Launch (MLE) • Launch Control Policy (LCP) • Secret Protection • Attestation Intel ® TXT 11 6 Mar 2012 Front Door of Trusted Computing …
How does it works? (contd..) Intel ® TXT 12 6 Mar 2012 Front Door of Trusted Computing …
Control Points  Load SINIT and MLE into memory    Invoke GETSEC [SENTER] Memory   Establish special environment MLE    Load SINIT into ACEA MLE  MLE   Validate SINIT digital signature  a a Store SINIT identity in TPM CPU a SINIT  SINIT measures MLE in memory ACM ACEA SINIT a Store MLE identity in TPM  ACM Intel ® TXT 13 6 Mar 2012 Front Door of Trusted Computing …
Control Points  Load SINIT and MLE into memory    Invoke GETSEC [SENTER] Memory   Establish special environment MLE    Load SINIT into ACEA MLE  MLE   Validate SINIT digital signature  a a Store SINIT identity in TPM CPU a SINIT  SINIT measures MLE in memory ACM ACEA SINIT a Store MLE identity in TPM  ACM  SINIT loads LCP  LCP  SINIT passes control to known MLE VMM1 VMM2 Intel ® TXT 14 6 Mar 2012 Front Door of Trusted Computing …
LCP Protection Intel ® TXT 15 6 Mar 2012 Front Door of Trusted Computing …
Intel ® TXT 16 6 Mar 2012 Front Door of Trusted Computing …
Ensures Safe Migration between Hosts through Trustable Pools Intel ® TXT 17 6 Mar 2012 Front Door of Trusted Computing …
Benefits of Intel® TXT  Increased user confidence in their computing environment  More protection from malicious software  Improved protection of corporate information assets  Better confidentiality and integrity of sensitive information Intel ® TXT 18 6 Mar 2012 Front Door of Trusted Computing …
Meeting The Requirements Software stack identity Identity provided by SENTER measurement Control of software stack provided by authenticated code Control enforcing a launch control policy set for the specific platform Integrity of the launch control Integrity policy guaranteed by hash and TPM controls Intel ® TXT 19 6 Mar 2012 Front Door of Trusted Computing …
Safer Computing with Intel technologies Future Technologies Protection Capabilities Intel® Trusted Execution Technology Intel® Virtualization Technology Intel® Active Management Technology Execute Disable TPM (Trusted Platform Module) Smart Card Software-Only Time Advancing Platform Protections Intel ® TXT 20 6 Mar 2012 Front Door of Trusted Computing …
Conclusion With Intel® TXT enabled solutions we can:  Address the increasing and evolving security threats across physical and virtual infrastructure.  Facilitate compliance with government and industry regulations and data protection standards.  Reduce malware-related support and remediation costs. Intel ® TXT 21 6 Mar 2012 Front Door of Trusted Computing …
References  Software Development Guide, Intel® TXT, pdf format, March 2011  White Paper, Intel® TXT Software, pdf format  Technology Overview, Intel® TXT, pdf format  http://en.wikipedia.org/wiki/Trusted_Execution_Technology  http://www.youtube.com/watch?v=LsjXjDksU  http://www.intel.com/content/www/us/en/data- security/security-overview-general-technology.html  http://www.intel.com/content/www/us/en/architecture-and- technology/trusted-execution-technology/trusted-execution- technology-overview.html  http://www.intel.com/content/www/us/en/architecture-and- technology/trusted-execution-technology/malware-reduction- general-technology.html Intel ® TXT 22 6 Mar 2012 Front Door of Trusted Computing …
23 16 Oct 2008 Front Door of Trusted Computing
Intel Trusted eXecution Technology

Recommandé

Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
Hamisi Kibonde
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics Implementation
Network Intelligence India
 
French acreditation process homologation 2010-01-19
French acreditation process homologation 2010-01-19French acreditation process homologation 2010-01-19
French acreditation process homologation 2010-01-19
Laurent Pingault
 
Ebios
EbiosEbios
Ebios
kilojolid
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recovery
Sameeu Imad
 
Virtualization security and threat
Virtualization security and threatVirtualization security and threat
Virtualization security and threat
Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
Cyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDICyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDI
David Sweigert
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
Sagar Joshi
 

Recommandé

Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
Hamisi Kibonde
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics Implementation
Network Intelligence India
 
French acreditation process homologation 2010-01-19
French acreditation process homologation 2010-01-19French acreditation process homologation 2010-01-19
French acreditation process homologation 2010-01-19
Laurent Pingault
 
Ebios
EbiosEbios
Ebios
kilojolid
 
Disaster recovery
Disaster recoveryDisaster recovery
Disaster recovery
Sameeu Imad
 
Virtualization security and threat
Virtualization security and threatVirtualization security and threat
Virtualization security and threat
Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
Cyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDICyber Threat Intelligence Integration Center -- ONDI
Cyber Threat Intelligence Integration Center -- ONDI
David Sweigert
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
Sagar Joshi
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty
 
Virtualization in cloud
Virtualization in cloudVirtualization in cloud
Virtualization in cloud
Ashok Kumar
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptx
RSAArcher
 
Durcissement Windows.pdf
Durcissement Windows.pdfDurcissement Windows.pdf
Durcissement Windows.pdf
AGnet2016
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
Gestión de Incidentes de Seguridad de la Información - CERT / CSIRT
Gestión de Incidentes de Seguridad de la Información - CERT / CSIRTGestión de Incidentes de Seguridad de la Información - CERT / CSIRT
Gestión de Incidentes de Seguridad de la Información - CERT / CSIRT
Daniel Sasia
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
Information Security Committee Presentation Sample
Information Security Committee Presentation SampleInformation Security Committee Presentation Sample
Information Security Committee Presentation Sample
oaes2006
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)
Donald E. Hester
 
Incident Response Swimlanes
Incident Response SwimlanesIncident Response Swimlanes
Incident Response Swimlanes
Daniel P Wallace
 
L’hyperconvergence au cœur du Software-defined data center
L’hyperconvergence au cœur du Software-defined data centerL’hyperconvergence au cœur du Software-defined data center
L’hyperconvergence au cœur du Software-defined data center
ColloqueRISQ
 
Wallix - Audit & traçabilité des comptes à privilèges
Wallix - Audit & traçabilité des comptes à privilègesWallix - Audit & traçabilité des comptes à privilèges
Wallix - Audit & traçabilité des comptes à privilèges
UNIDEES Algérie
 
Introduction to Virtualization
Introduction to VirtualizationIntroduction to Virtualization
Introduction to Virtualization
Rahul Hada
 
SIEM POC Assessment.pdf
SIEM POC Assessment.pdfSIEM POC Assessment.pdf
SIEM POC Assessment.pdf
ReZa AdineH
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Katie Nickels
 
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
Sirris
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
nazeer325
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
PECB
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
Attacking intel txt paper
Attacking intel txt paperAttacking intel txt paper
Attacking intel txt paper
maojunjie
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 

Contenu connexe

Tendances

Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
PECB
 

Tendances (20)

CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
Virtualization in cloud
Virtualization in cloudVirtualization in cloud
Virtualization in cloud
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptx
 
Durcissement Windows.pdf
Durcissement Windows.pdfDurcissement Windows.pdf
Durcissement Windows.pdf
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
Gestión de Incidentes de Seguridad de la Información - CERT / CSIRT
Gestión de Incidentes de Seguridad de la Información - CERT / CSIRTGestión de Incidentes de Seguridad de la Información - CERT / CSIRT
Gestión de Incidentes de Seguridad de la Información - CERT / CSIRT
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
Information Security Committee Presentation Sample
Information Security Committee Presentation SampleInformation Security Committee Presentation Sample
Information Security Committee Presentation Sample
 
Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)Introduction to NIST’s Risk Management Framework (RMF)
Introduction to NIST’s Risk Management Framework (RMF)
 
Incident Response Swimlanes
Incident Response SwimlanesIncident Response Swimlanes
Incident Response Swimlanes
 
L’hyperconvergence au cœur du Software-defined data center
L’hyperconvergence au cœur du Software-defined data centerL’hyperconvergence au cœur du Software-defined data center
L’hyperconvergence au cœur du Software-defined data center
 
Wallix - Audit & traçabilité des comptes à privilèges
Wallix - Audit & traçabilité des comptes à privilègesWallix - Audit & traçabilité des comptes à privilèges
Wallix - Audit & traçabilité des comptes à privilèges
 
Introduction to Virtualization
Introduction to VirtualizationIntroduction to Virtualization
Introduction to Virtualization
 
SIEM POC Assessment.pdf
SIEM POC Assessment.pdfSIEM POC Assessment.pdf
SIEM POC Assessment.pdf
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
 
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overview
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 

Similaire à Intel Trusted eXecution Technology

BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Michelle Holley
 
Breaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisors
Priyanka Aash
 
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
HostedbyConfluent
 
DYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGESDYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGES
ijsptm
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
The Linux Foundation
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Linaro
 

Similaire à Intel Trusted eXecution Technology (20)

Attacking intel txt paper
Attacking intel txt paperAttacking intel txt paper
Attacking intel txt paper
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 
Serie dei nuovi processori Xeon Scalabili - Yashi Italia
Serie dei nuovi processori Xeon Scalabili - Yashi ItaliaSerie dei nuovi processori Xeon Scalabili - Yashi Italia
Serie dei nuovi processori Xeon Scalabili - Yashi Italia
 
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
 
Why TPM in Automotive?
Why TPM in Automotive?Why TPM in Automotive?
Why TPM in Automotive?
 
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T Systems
 
EMC Symmetrix Data at Rest Encryption - Detailed Review
EMC Symmetrix Data at Rest Encryption - Detailed Review EMC Symmetrix Data at Rest Encryption - Detailed Review
EMC Symmetrix Data at Rest Encryption - Detailed Review
 
Breaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisors
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmware
 
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
 
Edge Computing and 5G - SDN/NFV London meetup
Edge Computing and 5G - SDN/NFV London meetupEdge Computing and 5G - SDN/NFV London meetup
Edge Computing and 5G - SDN/NFV London meetup
 
Trusted Computing Base
Trusted Computing BaseTrusted Computing Base
Trusted Computing Base
 
DYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGESDYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGES
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
 
No[1][1]
No[1][1]No[1][1]
No[1][1]
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiu
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
eXtremeDB FE
eXtremeDB FEeXtremeDB FE
eXtremeDB FE
 
Secure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-VSecure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-V
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
 

Dernier

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Dernier (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

Intel Trusted eXecution Technology

  • 1. Intel® TXT The Front Door of Trusted Computing.... © 2008 Intel Corporation
  • 2. Outlines  Introduction to Intel® TXT Technology  Why it matters?  Bad & Good List  Architectural Enhancements  How it works?  Control Points  LCP Protection  Use Models  Benefits  Meeting the requirements  Conclusion  References Intel ® TXT 2 6 Mar 2012 Front Door of Trusted Computing …
  • 3. Introduction  Intel® TXT(Trusted eXecution Technology) Code named as LaGrande.  Provides Hardware-based Security enhancing the level of security (more useful for Business PCs)  Integrates new security features and capabilities into the processor, chipset and other platform components Intel ® TXT 3 6 Mar 2012 Front Door of Trusted Computing …
  • 4. Why it matters?  Mechanism of Malwares may vary but they all seek to: 1. Corrupt Systems 2. Disrupt Business 3. Steal Data 4. Seize control of Platforms  Traditional approaches by anti-viruses is to look for “known-bad” elements.  Intel® TXT provides “known good-focused” approach, that checks for malicious software before they are even launched. Intel ® TXT 4 6 Mar 2012 Front Door of Trusted Computing …
  • 5. Move from bad list to good list VMM V20 VMM V4 VMM V8 Hacked_V1 VMM V4 VMM V1 VMM V3 Corrupted_V2 Hacked_V1 VMM V2 VMM V4OS3 Corrupted_V2 OS1 Hacked_V1 OS4 OS3 OS2 Corrupted_V2 OS4 OS3 OS4 Bad list Good list Reactive Proactive Intel ® TXT 5 6 Mar 2012 Front Door of Trusted Computing …
  • 6. Good List Requirements Accurate Strict control Identity identity of enables switch to Check software good list Enforce the Control list policy Must provide ability to validate list integrity at time of policy Integrity enforcement Check Management of list must provide for multiple users and assurance of list integrity Intel ® TXT 6 6 Mar 2012 Front Door of Trusted Computing …
  • 7. Architectural Enhancements A number of system components’ functionalities as well as architecture is enhanced:  Processor: Provides for simultaneous support of the standard partition & one or more protected partitions.  Chipset: Provides protected channels to graphics h/w and i/o devices on behalf of the protected partitions. Also provides interfaces to the TPM.  Keyboard & Mouse: Support encryption of keyboard and mouse input using a cryptographic key that is shared between the input device and the input manager for protected execution domain. (contd..) Intel ® TXT 7 6 Mar 2012 Front Door of Trusted Computing …
  • 8. Graphics: Provides protected pathway between an application or software agent and the output display context(such as window object)  TPM(Trusted Platform Module): Hardware-based mechanism that stores cryptographic keys and other data related to Intel® TXT within the platform, also provides hardware support for the attestation process to confirm the successful invocation of the Intel TXT environment. Intel ® TXT 8 6 Mar 2012 Front Door of Trusted Computing …
  • 9. Internal Components of a TPM Intel ® TXT 9 6 Mar 2012 Front Door of Trusted Computing …
  • 10. How does it works? Intel ® TXT 10 6 Mar 2012 Front Door of Trusted Computing …
  • 11. How does it works? (contd..)  Creates a Measured Launch Environment(MLE) that enables accurate comparison of all critical elements of launch environment against known-good source.  Creates a cryptographically unique identifier for each approved launch-enabled component, and then provides hardware-based enforcement mechanisms to block the launch of code that does not match approved code.  Intel TXT provides: • Verified Launch (MLE) • Launch Control Policy (LCP) • Secret Protection • Attestation Intel ® TXT 11 6 Mar 2012 Front Door of Trusted Computing …
  • 12. How does it works? (contd..) Intel ® TXT 12 6 Mar 2012 Front Door of Trusted Computing …
  • 13. Control Points  Load SINIT and MLE into memory    Invoke GETSEC [SENTER] Memory   Establish special environment MLE    Load SINIT into ACEA MLE  MLE   Validate SINIT digital signature  a a Store SINIT identity in TPM CPU a SINIT  SINIT measures MLE in memory ACM ACEA SINIT a Store MLE identity in TPM  ACM Intel ® TXT 13 6 Mar 2012 Front Door of Trusted Computing …
  • 14. Control Points  Load SINIT and MLE into memory    Invoke GETSEC [SENTER] Memory   Establish special environment MLE    Load SINIT into ACEA MLE  MLE   Validate SINIT digital signature  a a Store SINIT identity in TPM CPU a SINIT  SINIT measures MLE in memory ACM ACEA SINIT a Store MLE identity in TPM  ACM  SINIT loads LCP  LCP  SINIT passes control to known MLE VMM1 VMM2 Intel ® TXT 14 6 Mar 2012 Front Door of Trusted Computing …
  • 15. LCP Protection Intel ® TXT 15 6 Mar 2012 Front Door of Trusted Computing …
  • 16. Intel ® TXT 16 6 Mar 2012 Front Door of Trusted Computing …
  • 17. Ensures Safe Migration between Hosts through Trustable Pools Intel ® TXT 17 6 Mar 2012 Front Door of Trusted Computing …
  • 18. Benefits of Intel® TXT  Increased user confidence in their computing environment  More protection from malicious software  Improved protection of corporate information assets  Better confidentiality and integrity of sensitive information Intel ® TXT 18 6 Mar 2012 Front Door of Trusted Computing …
  • 19. Meeting The Requirements Software stack identity Identity provided by SENTER measurement Control of software stack provided by authenticated code Control enforcing a launch control policy set for the specific platform Integrity of the launch control Integrity policy guaranteed by hash and TPM controls Intel ® TXT 19 6 Mar 2012 Front Door of Trusted Computing …
  • 20. Safer Computing with Intel technologies Future Technologies Protection Capabilities Intel® Trusted Execution Technology Intel® Virtualization Technology Intel® Active Management Technology Execute Disable TPM (Trusted Platform Module) Smart Card Software-Only Time Advancing Platform Protections Intel ® TXT 20 6 Mar 2012 Front Door of Trusted Computing …
  • 21. Conclusion With Intel® TXT enabled solutions we can:  Address the increasing and evolving security threats across physical and virtual infrastructure.  Facilitate compliance with government and industry regulations and data protection standards.  Reduce malware-related support and remediation costs. Intel ® TXT 21 6 Mar 2012 Front Door of Trusted Computing …
  • 22. References  Software Development Guide, Intel® TXT, pdf format, March 2011  White Paper, Intel® TXT Software, pdf format  Technology Overview, Intel® TXT, pdf format  http://en.wikipedia.org/wiki/Trusted_Execution_Technology  http://www.youtube.com/watch?v=LsjXjDksU  http://www.intel.com/content/www/us/en/data- security/security-overview-general-technology.html  http://www.intel.com/content/www/us/en/architecture-and- technology/trusted-execution-technology/trusted-execution- technology-overview.html  http://www.intel.com/content/www/us/en/architecture-and- technology/trusted-execution-technology/malware-reduction- general-technology.html Intel ® TXT 22 6 Mar 2012 Front Door of Trusted Computing …
  • 23. 23 16 Oct 2008 Front Door of Trusted Computing