SlideShare ist ein Scribd-Unternehmen logo

Intel Trusted eXecution Technology

Als PPT, PDF herunterladen
Bibhu Biswal
Bibhu Biswal

Intel TXT

TechnologieBusiness
1 von 24
Intel® TXT The Front Door of Trusted Computing.... © 2008 Intel Corporation
Outlines  Introduction to Intel® TXT Technology  Why it matters?  Bad & Good List  Architectural Enhancements  How it works?  Control Points  LCP Protection  Use Models  Benefits  Meeting the requirements  Conclusion  References Intel ® TXT 2 6 Mar 2012 Front Door of Trusted Computing …
Introduction  Intel® TXT(Trusted eXecution Technology) Code named as LaGrande.  Provides Hardware-based Security enhancing the level of security (more useful for Business PCs)  Integrates new security features and capabilities into the processor, chipset and other platform components Intel ® TXT 3 6 Mar 2012 Front Door of Trusted Computing …
Why it matters?  Mechanism of Malwares may vary but they all seek to: 1. Corrupt Systems 2. Disrupt Business 3. Steal Data 4. Seize control of Platforms  Traditional approaches by anti-viruses is to look for “known-bad” elements.  Intel® TXT provides “known good-focused” approach, that checks for malicious software before they are even launched. Intel ® TXT 4 6 Mar 2012 Front Door of Trusted Computing …
Move from bad list to good list VMM V20 VMM V4 VMM V8 Hacked_V1 VMM V4 VMM V1 VMM V3 Corrupted_V2 Hacked_V1 VMM V2 VMM V4OS3 Corrupted_V2 OS1 Hacked_V1 OS4 OS3 OS2 Corrupted_V2 OS4 OS3 OS4 Bad list Good list Reactive Proactive Intel ® TXT 5 6 Mar 2012 Front Door of Trusted Computing …
Good List Requirements Accurate Strict control Identity identity of enables switch to Check software good list Enforce the Control list policy Must provide ability to validate list integrity at time of policy Integrity enforcement Check Management of list must provide for multiple users and assurance of list integrity Intel ® TXT 6 6 Mar 2012 Front Door of Trusted Computing …
Architectural Enhancements A number of system components’ functionalities as well as architecture is enhanced:  Processor: Provides for simultaneous support of the standard partition & one or more protected partitions.  Chipset: Provides protected channels to graphics h/w and i/o devices on behalf of the protected partitions. Also provides interfaces to the TPM.  Keyboard & Mouse: Support encryption of keyboard and mouse input using a cryptographic key that is shared between the input device and the input manager for protected execution domain. (contd..) Intel ® TXT 7 6 Mar 2012 Front Door of Trusted Computing …
 Graphics: Provides protected pathway between an application or software agent and the output display context(such as window object)  TPM(Trusted Platform Module): Hardware-based mechanism that stores cryptographic keys and other data related to Intel® TXT within the platform, also provides hardware support for the attestation process to confirm the successful invocation of the Intel TXT environment. Intel ® TXT 8 6 Mar 2012 Front Door of Trusted Computing …
Internal Components of a TPM Intel ® TXT 9 6 Mar 2012 Front Door of Trusted Computing …
How does it works? Intel ® TXT 10 6 Mar 2012 Front Door of Trusted Computing …
How does it works? (contd..)  Creates a Measured Launch Environment(MLE) that enables accurate comparison of all critical elements of launch environment against known-good source.  Creates a cryptographically unique identifier for each approved launch-enabled component, and then provides hardware-based enforcement mechanisms to block the launch of code that does not match approved code.  Intel TXT provides: • Verified Launch (MLE) • Launch Control Policy (LCP) • Secret Protection • Attestation Intel ® TXT 11 6 Mar 2012 Front Door of Trusted Computing …
How does it works? (contd..) Intel ® TXT 12 6 Mar 2012 Front Door of Trusted Computing …
Control Points  Load SINIT and MLE into memory    Invoke GETSEC [SENTER] Memory   Establish special environment MLE    Load SINIT into ACEA MLE  MLE   Validate SINIT digital signature  a a Store SINIT identity in TPM CPU a SINIT  SINIT measures MLE in memory ACM ACEA SINIT a Store MLE identity in TPM  ACM Intel ® TXT 13 6 Mar 2012 Front Door of Trusted Computing …
Control Points  Load SINIT and MLE into memory    Invoke GETSEC [SENTER] Memory   Establish special environment MLE    Load SINIT into ACEA MLE  MLE   Validate SINIT digital signature  a a Store SINIT identity in TPM CPU a SINIT  SINIT measures MLE in memory ACM ACEA SINIT a Store MLE identity in TPM  ACM  SINIT loads LCP  LCP  SINIT passes control to known MLE VMM1 VMM2 Intel ® TXT 14 6 Mar 2012 Front Door of Trusted Computing …
LCP Protection Intel ® TXT 15 6 Mar 2012 Front Door of Trusted Computing …
Intel ® TXT 16 6 Mar 2012 Front Door of Trusted Computing …
Ensures Safe Migration between Hosts through Trustable Pools Intel ® TXT 17 6 Mar 2012 Front Door of Trusted Computing …
Benefits of Intel® TXT  Increased user confidence in their computing environment  More protection from malicious software  Improved protection of corporate information assets  Better confidentiality and integrity of sensitive information Intel ® TXT 18 6 Mar 2012 Front Door of Trusted Computing …
Meeting The Requirements Software stack identity Identity provided by SENTER measurement Control of software stack provided by authenticated code Control enforcing a launch control policy set for the specific platform Integrity of the launch control Integrity policy guaranteed by hash and TPM controls Intel ® TXT 19 6 Mar 2012 Front Door of Trusted Computing …
Safer Computing with Intel technologies Future Technologies Protection Capabilities Intel® Trusted Execution Technology Intel® Virtualization Technology Intel® Active Management Technology Execute Disable TPM (Trusted Platform Module) Smart Card Software-Only Time Advancing Platform Protections Intel ® TXT 20 6 Mar 2012 Front Door of Trusted Computing …
Conclusion With Intel® TXT enabled solutions we can:  Address the increasing and evolving security threats across physical and virtual infrastructure.  Facilitate compliance with government and industry regulations and data protection standards.  Reduce malware-related support and remediation costs. Intel ® TXT 21 6 Mar 2012 Front Door of Trusted Computing …
References  Software Development Guide, Intel® TXT, pdf format, March 2011  White Paper, Intel® TXT Software, pdf format  Technology Overview, Intel® TXT, pdf format  http://en.wikipedia.org/wiki/Trusted_Execution_Technology  http://www.youtube.com/watch?v=LsjXjDksU  http://www.intel.com/content/www/us/en/data- security/security-overview-general-technology.html  http://www.intel.com/content/www/us/en/architecture-and- technology/trusted-execution-technology/trusted-execution- technology-overview.html  http://www.intel.com/content/www/us/en/architecture-and- technology/trusted-execution-technology/malware-reduction- general-technology.html Intel ® TXT 22 6 Mar 2012 Front Door of Trusted Computing …
23 16 Oct 2008 Front Door of Trusted Computing
Intel Trusted eXecution Technology

Empfohlen

Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
WAJAHAT IQBAL
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologies
genetics
 
Modernization of NTUC income
Modernization of NTUC incomeModernization of NTUC income
Modernization of NTUC income
Ariful Islam
 
Txt Introduction
Txt IntroductionTxt Introduction
Txt Introduction
Logic Solutions, Inc.
 
Attacking intel txt paper
Attacking intel txt paperAttacking intel txt paper
Attacking intel txt paper
maojunjie
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 
Serie dei nuovi processori Xeon Scalabili - Yashi Italia
Serie dei nuovi processori Xeon Scalabili - Yashi ItaliaSerie dei nuovi processori Xeon Scalabili - Yashi Italia
Serie dei nuovi processori Xeon Scalabili - Yashi Italia
Yashi Italia
 
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Michelle Holley
 

Empfohlen

Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
WAJAHAT IQBAL
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologies
genetics
 
Modernization of NTUC income
Modernization of NTUC incomeModernization of NTUC income
Modernization of NTUC income
Ariful Islam
 
Txt Introduction
Txt IntroductionTxt Introduction
Txt Introduction
Logic Solutions, Inc.
 
Attacking intel txt paper
Attacking intel txt paperAttacking intel txt paper
Attacking intel txt paper
maojunjie
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 
Serie dei nuovi processori Xeon Scalabili - Yashi Italia
Serie dei nuovi processori Xeon Scalabili - Yashi ItaliaSerie dei nuovi processori Xeon Scalabili - Yashi Italia
Serie dei nuovi processori Xeon Scalabili - Yashi Italia
Yashi Italia
 
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Intel® QuickAssist Technology Introduction, Applications, and Lab, Including ...
Michelle Holley
 
Why TPM in Automotive?
Why TPM in Automotive?Why TPM in Automotive?
Why TPM in Automotive?
Alan Tatourian
 
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T Systems
Linaro
 
EMC Symmetrix Data at Rest Encryption - Detailed Review
EMC Symmetrix Data at Rest Encryption - Detailed Review EMC Symmetrix Data at Rest Encryption - Detailed Review
EMC Symmetrix Data at Rest Encryption - Detailed Review
EMC
 
Breaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisors
Priyanka Aash
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmware
RISC-V International
 
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
HostedbyConfluent
 
Edge Computing and 5G - SDN/NFV London meetup
Edge Computing and 5G - SDN/NFV London meetupEdge Computing and 5G - SDN/NFV London meetup
Edge Computing and 5G - SDN/NFV London meetup
Haidee McMahon
 
Trusted Computing Base
Trusted Computing BaseTrusted Computing Base
Trusted Computing Base
Vasily Sartakov
 
DYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGESDYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGES
ijsptm
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
Harris Andrea
 
No[1][1]
No[1][1]No[1][1]
No[1][1]
51 lecture
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiu
Arm
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
The Linux Foundation
 
eXtremeDB FE
eXtremeDB FEeXtremeDB FE
eXtremeDB FE
hyeongchae lee
 
Secure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-VSecure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-V
RISC-V International
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Linaro
 
Abbie Barbir Tcg Final
Abbie Barbir Tcg FinalAbbie Barbir Tcg Final
Abbie Barbir Tcg Final
Abbie Barbir
 
Introduction of Trusted Network Connect (TNC)
Introduction of Trusted Network Connect (TNC)Introduction of Trusted Network Connect (TNC)
Introduction of Trusted Network Connect (TNC)
Houcheng Lee
 
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Julien Vermillard
 
Clear Linux OS - Introduction
Clear Linux OS - IntroductionClear Linux OS - Introduction
Clear Linux OS - Introduction
Open Source Technology Center MeetUps
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
Zilliz
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
 

Weitere ähnliche Inhalte

Ähnlich wie Intel Trusted eXecution Technology

Breaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisors
Priyanka Aash
 
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
HostedbyConfluent
 
DYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGESDYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGES
ijsptm
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
The Linux Foundation
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Linaro
 

Ähnlich wie Intel Trusted eXecution Technology (20)

Why TPM in Automotive?
Why TPM in Automotive?Why TPM in Automotive?
Why TPM in Automotive?
 
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T Systems
 
EMC Symmetrix Data at Rest Encryption - Detailed Review
EMC Symmetrix Data at Rest Encryption - Detailed Review EMC Symmetrix Data at Rest Encryption - Detailed Review
EMC Symmetrix Data at Rest Encryption - Detailed Review
 
Breaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisorsBreaking hardware enforced security with hypervisors
Breaking hardware enforced security with hypervisors
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmware
 
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
Building a Modern, Scalable Cyber Intelligence Platform with Apache Kafka | J...
 
Edge Computing and 5G - SDN/NFV London meetup
Edge Computing and 5G - SDN/NFV London meetupEdge Computing and 5G - SDN/NFV London meetup
Edge Computing and 5G - SDN/NFV London meetup
 
Trusted Computing Base
Trusted Computing BaseTrusted Computing Base
Trusted Computing Base
 
DYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGESDYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGES
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
 
No[1][1]
No[1][1]No[1][1]
No[1][1]
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiu
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
eXtremeDB FE
eXtremeDB FEeXtremeDB FE
eXtremeDB FE
 
Secure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-VSecure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-V
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
 
Abbie Barbir Tcg Final
Abbie Barbir Tcg FinalAbbie Barbir Tcg Final
Abbie Barbir Tcg Final
 
Introduction of Trusted Network Connect (TNC)
Introduction of Trusted Network Connect (TNC)Introduction of Trusted Network Connect (TNC)
Introduction of Trusted Network Connect (TNC)
 
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
Iot Conference Berlin M2M,IoT, device management: one protocol to rule them all?
 
Clear Linux OS - Introduction
Clear Linux OS - IntroductionClear Linux OS - Introduction
Clear Linux OS - Introduction
 

Kürzlich hochgeladen

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Kürzlich hochgeladen (20)

A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

Intel Trusted eXecution Technology

  • 1. Intel® TXT The Front Door of Trusted Computing.... © 2008 Intel Corporation
  • 2. Outlines  Introduction to Intel® TXT Technology  Why it matters?  Bad & Good List  Architectural Enhancements  How it works?  Control Points  LCP Protection  Use Models  Benefits  Meeting the requirements  Conclusion  References Intel ® TXT 2 6 Mar 2012 Front Door of Trusted Computing …
  • 3. Introduction  Intel® TXT(Trusted eXecution Technology) Code named as LaGrande.  Provides Hardware-based Security enhancing the level of security (more useful for Business PCs)  Integrates new security features and capabilities into the processor, chipset and other platform components Intel ® TXT 3 6 Mar 2012 Front Door of Trusted Computing …
  • 4. Why it matters?  Mechanism of Malwares may vary but they all seek to: 1. Corrupt Systems 2. Disrupt Business 3. Steal Data 4. Seize control of Platforms  Traditional approaches by anti-viruses is to look for “known-bad” elements.  Intel® TXT provides “known good-focused” approach, that checks for malicious software before they are even launched. Intel ® TXT 4 6 Mar 2012 Front Door of Trusted Computing …
  • 5. Move from bad list to good list VMM V20 VMM V4 VMM V8 Hacked_V1 VMM V4 VMM V1 VMM V3 Corrupted_V2 Hacked_V1 VMM V2 VMM V4OS3 Corrupted_V2 OS1 Hacked_V1 OS4 OS3 OS2 Corrupted_V2 OS4 OS3 OS4 Bad list Good list Reactive Proactive Intel ® TXT 5 6 Mar 2012 Front Door of Trusted Computing …
  • 6. Good List Requirements Accurate Strict control Identity identity of enables switch to Check software good list Enforce the Control list policy Must provide ability to validate list integrity at time of policy Integrity enforcement Check Management of list must provide for multiple users and assurance of list integrity Intel ® TXT 6 6 Mar 2012 Front Door of Trusted Computing …
  • 7. Architectural Enhancements A number of system components’ functionalities as well as architecture is enhanced:  Processor: Provides for simultaneous support of the standard partition & one or more protected partitions.  Chipset: Provides protected channels to graphics h/w and i/o devices on behalf of the protected partitions. Also provides interfaces to the TPM.  Keyboard & Mouse: Support encryption of keyboard and mouse input using a cryptographic key that is shared between the input device and the input manager for protected execution domain. (contd..) Intel ® TXT 7 6 Mar 2012 Front Door of Trusted Computing …
  • 8. Graphics: Provides protected pathway between an application or software agent and the output display context(such as window object)  TPM(Trusted Platform Module): Hardware-based mechanism that stores cryptographic keys and other data related to Intel® TXT within the platform, also provides hardware support for the attestation process to confirm the successful invocation of the Intel TXT environment. Intel ® TXT 8 6 Mar 2012 Front Door of Trusted Computing …
  • 9. Internal Components of a TPM Intel ® TXT 9 6 Mar 2012 Front Door of Trusted Computing …
  • 10. How does it works? Intel ® TXT 10 6 Mar 2012 Front Door of Trusted Computing …
  • 11. How does it works? (contd..)  Creates a Measured Launch Environment(MLE) that enables accurate comparison of all critical elements of launch environment against known-good source.  Creates a cryptographically unique identifier for each approved launch-enabled component, and then provides hardware-based enforcement mechanisms to block the launch of code that does not match approved code.  Intel TXT provides: • Verified Launch (MLE) • Launch Control Policy (LCP) • Secret Protection • Attestation Intel ® TXT 11 6 Mar 2012 Front Door of Trusted Computing …
  • 12. How does it works? (contd..) Intel ® TXT 12 6 Mar 2012 Front Door of Trusted Computing …
  • 13. Control Points  Load SINIT and MLE into memory    Invoke GETSEC [SENTER] Memory   Establish special environment MLE    Load SINIT into ACEA MLE  MLE   Validate SINIT digital signature  a a Store SINIT identity in TPM CPU a SINIT  SINIT measures MLE in memory ACM ACEA SINIT a Store MLE identity in TPM  ACM Intel ® TXT 13 6 Mar 2012 Front Door of Trusted Computing …
  • 14. Control Points  Load SINIT and MLE into memory    Invoke GETSEC [SENTER] Memory   Establish special environment MLE    Load SINIT into ACEA MLE  MLE   Validate SINIT digital signature  a a Store SINIT identity in TPM CPU a SINIT  SINIT measures MLE in memory ACM ACEA SINIT a Store MLE identity in TPM  ACM  SINIT loads LCP  LCP  SINIT passes control to known MLE VMM1 VMM2 Intel ® TXT 14 6 Mar 2012 Front Door of Trusted Computing …
  • 15. LCP Protection Intel ® TXT 15 6 Mar 2012 Front Door of Trusted Computing …
  • 16. Intel ® TXT 16 6 Mar 2012 Front Door of Trusted Computing …
  • 17. Ensures Safe Migration between Hosts through Trustable Pools Intel ® TXT 17 6 Mar 2012 Front Door of Trusted Computing …
  • 18. Benefits of Intel® TXT  Increased user confidence in their computing environment  More protection from malicious software  Improved protection of corporate information assets  Better confidentiality and integrity of sensitive information Intel ® TXT 18 6 Mar 2012 Front Door of Trusted Computing …
  • 19. Meeting The Requirements Software stack identity Identity provided by SENTER measurement Control of software stack provided by authenticated code Control enforcing a launch control policy set for the specific platform Integrity of the launch control Integrity policy guaranteed by hash and TPM controls Intel ® TXT 19 6 Mar 2012 Front Door of Trusted Computing …
  • 20. Safer Computing with Intel technologies Future Technologies Protection Capabilities Intel® Trusted Execution Technology Intel® Virtualization Technology Intel® Active Management Technology Execute Disable TPM (Trusted Platform Module) Smart Card Software-Only Time Advancing Platform Protections Intel ® TXT 20 6 Mar 2012 Front Door of Trusted Computing …
  • 21. Conclusion With Intel® TXT enabled solutions we can:  Address the increasing and evolving security threats across physical and virtual infrastructure.  Facilitate compliance with government and industry regulations and data protection standards.  Reduce malware-related support and remediation costs. Intel ® TXT 21 6 Mar 2012 Front Door of Trusted Computing …
  • 22. References  Software Development Guide, Intel® TXT, pdf format, March 2011  White Paper, Intel® TXT Software, pdf format  Technology Overview, Intel® TXT, pdf format  http://en.wikipedia.org/wiki/Trusted_Execution_Technology  http://www.youtube.com/watch?v=LsjXjDksU  http://www.intel.com/content/www/us/en/data- security/security-overview-general-technology.html  http://www.intel.com/content/www/us/en/architecture-and- technology/trusted-execution-technology/trusted-execution- technology-overview.html  http://www.intel.com/content/www/us/en/architecture-and- technology/trusted-execution-technology/malware-reduction- general-technology.html Intel ® TXT 22 6 Mar 2012 Front Door of Trusted Computing …
  • 23. 23 16 Oct 2008 Front Door of Trusted Computing