Intel Trusted eXecution Technology
Upcoming SlideShare
Loading in...5
×
 

Intel Trusted eXecution Technology

on

  • 1,829 views

Intel TXT

Intel TXT

Statistics

Views

Total Views
1,829
Views on SlideShare
1,829
Embed Views
0

Actions

Likes
3
Downloads
48
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Intel Trusted eXecution Technology Intel Trusted eXecution Technology Presentation Transcript

  • Intel® TXT The Front Door of Trusted Computing....© 2008 Intel Corporation
  • Outlines  Introduction to Intel® TXT Technology  Why it matters?  Bad & Good List  Architectural Enhancements  How it works?  Control Points  LCP Protection  Use Models  Benefits  Meeting the requirements  Conclusion  References Intel ® TXT2 6 Mar 2012 Front Door of Trusted Computing …
  • Introduction  Intel® TXT(Trusted eXecution Technology) Code named as LaGrande.  Provides Hardware-based Security enhancing the level of security (more useful for Business PCs)  Integrates new security features and capabilities into the processor, chipset and other platform components Intel ® TXT3 6 Mar 2012 Front Door of Trusted Computing …
  • Why it matters?  Mechanism of Malwares may vary but they all seek to: 1. Corrupt Systems 2. Disrupt Business 3. Steal Data 4. Seize control of Platforms  Traditional approaches by anti-viruses is to look for “known-bad” elements.  Intel® TXT provides “known good-focused” approach, that checks for malicious software before they are even launched. Intel ® TXT4 6 Mar 2012 Front Door of Trusted Computing …
  • Move from bad list to good list VMM V20 VMM V4 VMM V8 Hacked_V1 VMM V4 VMM V1 VMM V3 Corrupted_V2 Hacked_V1 VMM V2 VMM V4OS3 Corrupted_V2 OS1 Hacked_V1 OS4 OS3 OS2Corrupted_V2 OS4 OS3 OS4 Bad list Good list Reactive Proactive Intel ® TXT5 6 Mar 2012 Front Door of Trusted Computing …
  • Good List Requirements Accurate Strict controlIdentity identity of enables switch to Check software good list Enforce the Control list policy Must provide ability to validate list integrity at time of policy Integrity enforcement Check Management of list must provide for multiple users and assurance of list integrity Intel ® TXT6 6 Mar 2012 Front Door of Trusted Computing …
  • Architectural Enhancements A number of system components’ functionalities as well as architecture is enhanced:  Processor: Provides for simultaneous support of the standard partition & one or more protected partitions.  Chipset: Provides protected channels to graphics h/w and i/o devices on behalf of the protected partitions. Also provides interfaces to the TPM.  Keyboard & Mouse: Support encryption of keyboard and mouse input using a cryptographic key that is shared between the input device and the input manager for protected execution domain. (contd..) Intel ® TXT7 6 Mar 2012 Front Door of Trusted Computing …
  •  Graphics: Provides protected pathway between an application or software agent and the output display context(such as window object)  TPM(Trusted Platform Module): Hardware-based mechanism that stores cryptographic keys and other data related to Intel® TXT within the platform, also provides hardware support for the attestation process to confirm the successful invocation of the Intel TXT environment. Intel ® TXT8 6 Mar 2012 Front Door of Trusted Computing …
  • Internal Components of a TPM Intel ® TXT9 6 Mar 2012 Front Door of Trusted Computing …
  • How does it works? Intel ® TXT10 6 Mar 2012 Front Door of Trusted Computing …
  • How does it works? (contd..)  Creates a Measured Launch Environment(MLE) that enables accurate comparison of all critical elements of launch environment against known-good source.  Creates a cryptographically unique identifier for each approved launch-enabled component, and then provides hardware-based enforcement mechanisms to block the launch of code that does not match approved code.  Intel TXT provides: • Verified Launch (MLE) • Launch Control Policy (LCP) • Secret Protection • Attestation Intel ® TXT11 6 Mar 2012 Front Door of Trusted Computing …
  • How does it works? (contd..) Intel ® TXT12 6 Mar 2012 Front Door of Trusted Computing …
  • Control Points  Load SINIT and MLE into memory    Invoke GETSEC [SENTER]Memory   Establish special environment MLE    Load SINIT into ACEA MLE  MLE   Validate SINIT digital signature  a a Store SINIT identity in TPM CPU a SINIT  SINIT measures MLE in memory ACM ACEA SINIT a Store MLE identity in TPM  ACM Intel ® TXT13 6 Mar 2012 Front Door of Trusted Computing …
  • Control Points  Load SINIT and MLE into memory    Invoke GETSEC [SENTER]Memory   Establish special environment MLE    Load SINIT into ACEA MLE  MLE   Validate SINIT digital signature  a a Store SINIT identity in TPM CPU a SINIT  SINIT measures MLE in memory ACM ACEA SINIT a Store MLE identity in TPM  ACM  SINIT loads LCP  LCP  SINIT passes control to known MLE VMM1 VMM2 Intel ® TXT14 6 Mar 2012 Front Door of Trusted Computing …
  • LCP Protection Intel ® TXT15 6 Mar 2012 Front Door of Trusted Computing …
  • Intel ® TXT16 6 Mar 2012 Front Door of Trusted Computing …
  • Ensures Safe Migration between Hosts through Trustable Pools Intel ® TXT17 6 Mar 2012 Front Door of Trusted Computing …
  • Benefits of Intel® TXT  Increased user confidence in their computing environment  More protection from malicious software  Improved protection of corporate information assets  Better confidentiality and integrity of sensitive information Intel ® TXT18 6 Mar 2012 Front Door of Trusted Computing …
  • Meeting The Requirements Software stack identity Identity provided by SENTER measurement Control of software stack provided by authenticated code Control enforcing a launch control policy set for the specific platform Integrity of the launch control Integrity policy guaranteed by hash and TPM controls Intel ® TXT19 6 Mar 2012 Front Door of Trusted Computing …
  • Safer Computing with Intel technologies Future Technologies Protection Capabilities Intel® Trusted Execution Technology Intel® Virtualization Technology Intel® Active Management Technology Execute Disable TPM (Trusted Platform Module) Smart Card Software-Only Time Advancing Platform Protections Intel ® TXT20 6 Mar 2012 Front Door of Trusted Computing …
  • Conclusion With Intel® TXT enabled solutions we can:  Address the increasing and evolving security threats across physical and virtual infrastructure.  Facilitate compliance with government and industry regulations and data protection standards.  Reduce malware-related support and remediation costs. Intel ® TXT21 6 Mar 2012 Front Door of Trusted Computing …
  • References  Software Development Guide, Intel® TXT, pdf format, March 2011  White Paper, Intel® TXT Software, pdf format  Technology Overview, Intel® TXT, pdf format  http://en.wikipedia.org/wiki/Trusted_Execution_Technology  http://www.youtube.com/watch?v=LsjXjDksU  http://www.intel.com/content/www/us/en/data- security/security-overview-general-technology.html  http://www.intel.com/content/www/us/en/architecture-and- technology/trusted-execution-technology/trusted-execution- technology-overview.html  http://www.intel.com/content/www/us/en/architecture-and- technology/trusted-execution-technology/malware-reduction- general-technology.html Intel ® TXT22 6 Mar 2012 Front Door of Trusted Computing …
  • 23 16 Oct 2008 Front Door of Trusted Computing