1 / 35

Preparing for security in Windows 8

SYS-009T. Preparing for security in Windows 8. Nishanth Lingamneni Program Manager Microsoft Corporation. Securing our mutual customers. Malware can compromise core operating system components which adversely impacts business and personal data.

tate
Download Presentation

Preparing for security in Windows 8

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SYS-009T Preparing for security in Windows 8 Nishanth Lingamneni Program Manager Microsoft Corporation

  2. Securing our mutual customers Malware can compromise core operating system components which adversely impacts business and personal data IT needs to protect data in an environment with a porousnetworkperimeter, requiring data protection by location, device and access method IT needs to address a broad segment of mobileworkers who travel, work from home, work from their phones, and use hotspots around the globe

  3. Windows 8 security investments What did our focus groups say? • "This is the end of boot sector viruses as we know them" • "Encryption is typically an afterthought, [but] this makes [encryption] part of the build process" • “[This] makes it easier for users to get what they want to get to but without giving up safety"

  4. Security & hardware

  5. Why UEFI? • Key security benefits • Secure boot • eDrive support for BitLocker • Network unlock support for BitLocker • WDS multicast • A Windows Certification requirement • Other benefits • SOC support (including ARM and Intel) • UX value prop from F5 day one: • Fast boot, OEM Certification, no back flash, etc. • Support for > 2.2 TB system disks • Seamless boot (UEFI Graphics) • Boot Next support (UEFI Variable Services)

  6. Trusted Platform Module • Value proposition • Enables commercial-grade security via physical and virtual key isolation from OS • TPM 1.2 spec: mature standard, years of deployment and hardening • Improvements in TPM provisioning lowers deployment barriers • TCG standard evolution: TPM 2.0* • Algorithm extensibility allows for implementation and deployment in additional countries • Security scenarios are compatible with TPM 1.2 or 2.0 • Windows 8: TPM 2.0 support enables implementation choice • Discrete TPM • Firmware-based (Intel Security Engine,ARM TrustZone®) • Windows Certification requirement for Connected Standby** platforms only * Microsoft refers to the TCG TPM.Next as “TPM 2.0”; For remainder of presentation, “TPM” refers to either discrete TPM or firmware-based secure execution environment. ** Connected Standby: New terminology that replaces what Microsoft called ‘Connected Standby capable’.

  7. TPM 2.0 details • Windows goals • Windows TPM features, new APIs work uniformly with TPM 1.2 or TPM 2.0 • Enable smooth ecosystem migration from TPM 1.2 to TPM 2.0 • Value proposition in Windows 8 • Improvements in TPM provisioning lowers deployment barriers • Simplified design for software applications requiring TPM • Security scenarios are compatible with TPM 1.2 or 2.0 • Allows OEMs to preserve existing TPM investments in migrating to TPM 2.0 at their own pace with Windows 8

  8. Hardware requirements and feature usage

  9. Pervasive encryption

  10. Protects data from exposure or theft when device is lost, stolen, or inappropriately decommissioned Broad device support Challenges • Windows volume encryption can be difficult to manage • Volume encryption imposes additional expenses for end users and partners Windows 8 solution • Broad support for devices and hardware: • Slates, clustered server; leverages eDrives functionality • Support for online recovery for nondomain-joined scenarios • Frictionless user experience • Improved performance, standard user support, seamless integration • Reduces time to provision in mass deployment scenarios • Encrypt data-only option • Simplified TPM provisioning 11

  11. Competitive encryption experience requires… Strongly recommend TPM for all systems Windows 8 supports TPM 1.2 or TPM 2.0* • TCG Physical Presence Interface 1.2 • TPM is required for Connected Standby platforms • Intel Security Engine (Based on HW based security engine embedded in Intel SOCs) • Connected Standby capable systems are likely to use TPM 2.0 • ARM systems will implement TPM 2.0 features using TrustZoneTM • TPM 2.0 features for other platform classes to emerge Ship with eDrive-enabled storage Windows 8 System Certification requirements • UEFI 2.3.1, Class II no CSM/Class III

  12. eDrives • Minimize encryption impact to system performance and deployment time without introducing infrastructure changes • Challenges • Software encryption imposes performance overhead • During initial encryption, run time, and common scenarios like startup, sleep, hibernate • Exacerbated if software encryption is run on slate or low-power PCs • Self-encrypting drives require a key management solution • Windows 8 solution—eDrives • Offloads encryption processing to hardware; mitigates impact to system performance • Windows manages eDrives; no need for another key management solution to deploy eDrives • Value proposition • Initial encryption time eliminated. Run-time performance significantly improved • eDrive-enabled systems have improved CPU utilization, battery life • Systems without eDrives will use software-based encryption 13

  13. Hardware requirements: eDrives • Hardware requirements • eDrive strongly recommended for performance • When present, must support • IEEE 1667-TCG silo • TCG-OPAL, OPAL v2 + fixed ACL + additional data store • Preceding are Windows 8 System Certification requirements • UEFI 2.3.1, Class II no CSM/Class III • eDrive provisioned for Windows-based volume encryption • eDrives on tablets: • eDrive-capable eMMC and mSATA parts to be available by 2012-2013; Working with top five IHVs • Looking to enforce certification requirement after Windows 8 GA, per ecosystem status 14

  14. Network Unlock • Enable IT to deploy stronger encryption protection without disrupting software patching process • Challenges • TPM + PIN is often not practical for desktops and servers protected by encryption • When IT deploys a patch that requires Windows restart, desktops and servers end up waiting for PIN at boot • Windows 8 solution • Network Unlock and TPM + PIN are deployed to desktops and servers • Windows 8 machines connect to Windows 8 WDS server, which authenticates protector • PCs wired to corporate network successfully restart without waiting for PIN at boot • When a PC is disconnected from, or not wired to, corporate network, PIN is required at boot 15

  15. Hardware requirements: network unlock • Hardware requirements • TPM • Windows 8 System Certification requirements • UEFI 2.3.1 (supports DHCPv4, DHPCPv6) 16

  16. Malware resistance

  17. Goal: Anti-malware more effective in Windows 8 Platform integrity investments make Windows 8 the trusted platform for consumers, businesses, financial institutions, and data centers New tools, APIs, and capabilities for anti-malware products Sophisticated malware, e.g., rootkits, can be reliably detected and removed Radically reduce systems compromised by malware “[Anti-fraud security tips] do not address or provide protection against the main method used by cyber criminals to collect account credentials – malware.” Turiss, Cyber Crime Trend Report, August 2010

  18. Prevent malicious tampering and changes to the hardware, operating system, and to the anti-malware software Malware resistance Challenges • Growing class of pervasive malware that targets the boot path • Should Windows be compromised by this type of attack, often the only plausible method to fix the problem is to reinstall the operating system Windows 8 solution • Secured Boot and remediation hardens the boot process against malware from the moment of power on through the initialization of anti-malware software • Measured Boot performs a comprehensive chain of measurements during the boot process that can be used to further validate the boot process beyond Secure Boot. • Early Launch Anti-Malware (ELAM) can start from a known good state, as determined by Secure Boot, and continue vigilant watch over the user’s PC from that point on

  19. Malware resistance: Secured and Measured Boot Secured Boot End-to-end boot process protection: Windows operating system loader; Windows system files and drivers Anti-malware software Ensures and prevents: A compromised operating system from starting; Software from starting before Windows Third-party software from starting before anti-malware Automatic remediation/self-healing, if compromised • Measured Boot • Creates comprehensive of measurements of boot execution • Can offer measurements to a remote service for analysis

  20. Secured Boot: legacy vs. modern Legacy boot • BIOS starts any OS Loader, even malware • Malware may start before Windows Modern boot • The firmware enforces policy, only starts signed OS loaders • OS loader enforces signature verification of Windows components • Result—malware unable to change boot and OS components

  21. Secured Boot: Early Launch Anti-Malware Malware is able to start before Windows and Anti-malware • Malware able to hide and remain undetected • Systems can be completely compromised Windows 7 Windows 8 Secured Boot starts Anti-malware early in the boot process • Early Launch Anti-Malware (ELAM) driver is specially signed by Microsoft • Windows starts ELAM software before any third-party boot drivers • Malware can no longer bypass Anti-Malware inspection

  22. Effects of Early Launch Anti-Malware We have moved the attack surface • Malware will move to attack the early boot components • This is where Measured Boot comes in…

  23. Measured Boot with attestation Windows measures all components to AM software start in the Trusted Platform Module (TPM) AM software can invalidate attestation if it stops enforcing policy Enables attestation service to remotely evaluate client state using TPM measurements Windows 7 Windows 8 Anti-malware Policy Enforcement

  24. Malware resistance: architecture Measurements of components including Anti-malware software are stored in the TPM UEFI Boot Boot policy Secure Boot prevents malicious OS loader TPM 1 AM policy Windows OS loader 3 Client retrieves TPM measurements of client state on demand Windows kernel and drivers AM software 4 2 3rd party software Anti-malware software is started before all 3rd party software Windows logon Client Attestation service Client Health Claim

  25. Modern access control

  26. Users can use their PCs to securely authenticate with websites without having to purchase additional devices Modern access control Challenges • Cost of issuing tokens • Complexity of deploying a public key infrastructure (PKI) • Usability and user support Windows 8 solution • Windows Smart Card Framework has been extended to support – This allows crypto-capable devices to present themselves and act just like Smart Cards • Windows 8 exposes hardware-based security components, such as a TPM or virtual smartcard-capable device as a smart card

  27. TPM-based authentication Enterprise Consumer Need Banks must “know” their customers, using commercially available determination methods to meet FFIEC multi-authentication requirement Key scenarios User certificate bound to the TPM Stronger user authentication without the need for complex passwords or external second factor • Need • Machine and user ID using hardware protected certificates without requiring separate devices • Key scenarios • User authentication for remote access • Document/email signing • Strong machine network authentication

  28. TPM that functions as a smart card CorpNet

  29. Summary

  30. Summary: security investments Pervasive encryption Modern access control Malware resistance Windows 8 security investments 31

  31. Call to action • Invest in technologies • Source, build, ship: UEFI, TPM, eDrives • Roadmap discussions with component/firmware/ vendors, OEMs, and other partners

  32. Further reading and documentation Event Site: • http://channel9.msdn.com/Events Resources: • Trusted Boot: • http://msdn.microsoft.com/en-us/library/windows/hardware/br259097.aspx • http://msdn.microsoft.com/en-us/windows/hardware/br259096 • eDrive device guide: • http://msdn.microsoft.com/en-us/library/windows/hardware/br259095.aspx

  33. Thank You! For questions, please visit me in the Speakers Connection area following this session.

  34. © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related