Tuesday, November 27, 12
Me!Tuesday, November 27, 12
Me!Tuesday, November 27, 12
Tuesday, November 27, 12
My                                  Friends                                  My Apps                           My         ...
My                                  Friends                                                   My	  Stuff!                  ...
My                                    Friends                                                     My	  Stuff!              ...
Tuesday, November 27, 12
Tuesday, November 27, 12
Tuesday, November 27, 12
p        C                                      ktoation   Pa onf                                    s              tc ig ...
p        C                                      ktoation   Pa onf                                    s              tc ig ...
Bromium ConfidentialTuesday, November 27, 12
v We have to enter domains of unfathomable trust   Bromium ConfidentialTuesday, November 27, 12
v We have to enter domains of unfathomable trust   v Our systems cannot protect us from unknown threats   Bromium Confid...
p        C                                      ktoation   Pa onf                                    s              tc ig ...
p        C                                      ktoation   Pa onf                                    s              tc ig ...
Tuesday, November 27, 12
Tuesday, November 27, 12
Protect the system                           core by isolating it                               completelyTuesday, Novembe...
Decouple execution        Protect the system  dependencies into mutually   core by isolating it       distrustful tasks   ...
Decouple execution         Protect the system  dependencies into mutually    core by isolating it       distrustful tasks ...
Decouple execution          Protect the system  dependencies into mutually     core by isolating it       distrustful task...
Decouple execution          Protect the system  dependencies into mutually     core by isolating it       distrustful task...
Tuesday, November 27, 12
p        C                                      ktoation   Pa onf                                    s              tc ig ...
10Tuesday, November 27, 12
Tiny code base for                               Bromium       maximum security        Microvisor   I/O MMU (VT-d)        ...
Bromium Micro-virtualization       Isolate vulnerable                             Lightweight, fast,    tasks within a sin...
Tuesday, November 27, 12
Windows	  and	  IT	         provisioned	  apps	            are	  trusted                                  Apps OS	  Libs K...
The	  Microvisor	  isolates	                                  vulnerable	  tasks	  from	                                 W...
Microvisor                                                                             Each	  vulnerable	  task	  is	     ...
Micro-­‐VMs	  have	       “least	  privilege”	                                 Microvisor      access	  to	  files,	     ne...
Micro-­‐VMs	  have	       “least	  privilege”	                                 Microvisor      access	  to	  files,	     ne...
Microvisor                           Apps OS	  Libs KernelTuesday, November 27, 12
Tuesday, November 27, 12
Upcoming SlideShare
Loading in …5
×

SECURE EVERYTHING from Structure 2012

554 views
485 views

Published on

Presentation by Simon Crosby, Bromium
#structureconf
More at http://event.gigaom.com/structure/

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
554
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SECURE EVERYTHING from Structure 2012

  1. 1. Tuesday, November 27, 12
  2. 2. Me!Tuesday, November 27, 12
  3. 3. Me!Tuesday, November 27, 12
  4. 4. Tuesday, November 27, 12
  5. 5. My Friends My Apps My My Life My Work StuffTuesday, November 27, 12
  6. 6. My Friends My  Stuff! My Apps My My Life My Work StuffTuesday, November 27, 12
  7. 7. My Friends My  Stuff! My Apps Threat My Life My My Work StuffTuesday, November 27, 12
  8. 8. Tuesday, November 27, 12
  9. 9. Tuesday, November 27, 12
  10. 10. Tuesday, November 27, 12
  11. 11. p C ktoation Pa onf s tc ig De aliz hi & tu ng Vir D ev t at en in y Pr a t Po rit Lo io ss n nd cu E e STuesday, November 27, 12
  12. 12. p C ktoation Pa onf s tc ig De aliz hi & tu ng Vir D ev t at en in y Pr a t Po rit Lo io ss n nd cu E e STuesday, November 27, 12
  13. 13. Bromium ConfidentialTuesday, November 27, 12
  14. 14. v We have to enter domains of unfathomable trust Bromium ConfidentialTuesday, November 27, 12
  15. 15. v We have to enter domains of unfathomable trust v Our systems cannot protect us from unknown threats Bromium ConfidentialTuesday, November 27, 12
  16. 16. p C ktoation Pa onf s tc ig De aliz hi & tu ng Vir D ev t at en in y Pr a t Po rit Lo io ss n nd cu E e STuesday, November 27, 12
  17. 17. p C ktoation Pa onf s tc ig De aliz hi & tu ng Vir D ev t at en in y Pr a t Po rit Lo io ss n nd cu E e STuesday, November 27, 12
  18. 18. Tuesday, November 27, 12
  19. 19. Tuesday, November 27, 12
  20. 20. Protect the system core by isolating it completelyTuesday, November 27, 12
  21. 21. Decouple execution Protect the system dependencies into mutually core by isolating it distrustful tasks completelyTuesday, November 27, 12
  22. 22. Decouple execution Protect the system dependencies into mutually core by isolating it distrustful tasks completely Control communication between all tasks and with the outside worldTuesday, November 27, 12
  23. 23. Decouple execution Protect the system dependencies into mutually core by isolating it distrustful tasks completely Control communication between all tasks and with the outside world Restrict each task’s access to data & resources, based on “least privilege”Tuesday, November 27, 12
  24. 24. Decouple execution Protect the system dependencies into mutually core by isolating it distrustful tasks completely Control communication between all tasks and with the outside world Restrict each task’s access Never trust to data & resources, based information from an on “least privilege” untrustworthy taskTuesday, November 27, 12
  25. 25. Tuesday, November 27, 12
  26. 26. p C ktoation Pa onf s tc ig De aliz hi & tu ng Vir D ev t at en in y Pr a t Po rit Lo io ss n nd cu E e STuesday, November 27, 12
  27. 27. 10Tuesday, November 27, 12
  28. 28. Tiny code base for Bromium maximum security Microvisor I/O MMU (VT-d) TXT & TPM based hardware root of trust Hardware Virtualization (VT-x) 10Tuesday, November 27, 12
  29. 29. Bromium Micro-virtualization Isolate vulnerable Lightweight, fast, tasks within a single hidden, with an Windows desktop unchanged native UX Tiny code base for Bromium maximum security Microvisor I/O MMU (VT-d) TXT & TPM based hardware root of trust Hardware Virtualization (VT-x) 10Tuesday, November 27, 12
  30. 30. Tuesday, November 27, 12
  31. 31. Windows  and  IT   provisioned  apps   are  trusted Apps OS  Libs KernelTuesday, November 27, 12
  32. 32. The  Microvisor  isolates   vulnerable  tasks  from   Windows,  each  other  &   key  system  resources Microvisor Apps OS  Libs KernelTuesday, November 27, 12
  33. 33. Microvisor Each  vulnerable  task  is   instantly  isolated  in  a   micro-­‐VM,  invisible  to   Hypercall  API Apps OS  Libs Kernel the  userTuesday, November 27, 12
  34. 34. Micro-­‐VMs  have   “least  privilege”   Microvisor access  to  files,   networks  &  devices,   and  execute  CoW Hypercall  API Apps OS  Libs KernelTuesday, November 27, 12
  35. 35. Micro-­‐VMs  have   “least  privilege”   Microvisor access  to  files,   networks  &  devices,   and  execute  CoW Hypercall  API Apps OS  Libs KernelTuesday, November 27, 12
  36. 36. Microvisor Apps OS  Libs KernelTuesday, November 27, 12
  37. 37. Tuesday, November 27, 12

×