• No results found

Index. BIOS rootkit, 119 Broad network access, 107

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Index. BIOS rootkit, 119 Broad network access, 107"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

A

„

„

„

„

„

„

„

„

„

Administrative components, 81, 83 Anti-malware, 125 ANY policy, 47 Asset tag, 114 Asymmetric encryption, 24 Attestation commercial market, 85 facts, 79 Intel TXT conceptual architecture, 85 models, 83 TPM, 84

trusted launch, pools and compliance, 83

local attestations, 80 meaning, 79

Mt. Wilson technology, 87 OpenAttestation, 86–87 platforms and use models, 79 remote attestations, 80 service components

capabilities, 82

endpoint, service and administrative components, 81

overview, 81 TCG defines, 79 transparent, 88

Attestation Identity Key (AIK), 23

Authenticated code module (ACM), 5, 18, 92 types, 18

verification and protection, 18 Autopromotion, 59

B

„

„

„

„

„

„

„

„

„

BIOS rootkit, 119

Broad network access, 107

C

„

„

„

„

„

„

„

„

„

Cloud computing, 7–8 cloud delivery models

hybrid cloud model, 107–108 Infrastructure as a Service model, 109 Platform as a Service model, 109 private model, 107–108

public model, 107–108

Software as a Service model, 109 cloud variants, 106

broad network access, 107 definition, 107 measured service, 107 on-demand self-service, 107 rapid elasticity, 107 resource pooling, 107 compliance dashboard, 117 description, 116 Intel TXT, 116 platform trust, 117 risk management, 118 security ISV ecosystem, 118 datacenter vs. cloud, 105 extended trusted pools

asset tag, 114

benefits of tags, 114–116

geolocation & asset descriptors, 114–115 geotag, 114

Intel TXT and attestation, 115 Intel TXT models, 110

trusted compute pools core components, 113 creation steps, 113 definition, 112

platform trust status, 112 success stories, 113 trusted launch model, 110

(2)

Common Event Format (CEF), 102 Compliance dashboard, 117 description, 116 Intel TXT, 116 platform trust, 117 risk management, 118 security ISV ecosystem, 118 Cryptographic hash functions, 24

checksums, 25 digital fingerprint, 25 digital signature, 25 message authentication, 25 properties, 25 Cryptography asymmetric encryption, 24 cryptographic hash functions, 24 decryption, 23 encryption, 23 symmetric encryption, 24

D

„

„

„

„

„

„

„

„

„

Data-at-rest, 2 Datacenter security

cloud delivery models

hybrid cloud model, 107–108 Infrastructure as a Service

model, 109

Platform as a Service model, 109 private model, 107–108

public model, 107–108

Software as a Service model, 109 cloud variants, 106

broad network access, 107 definition, 107 measured service, 107 on-demand self-service, 107 rapid elasticity, 107 resource pooling, 107 compliance dashboard, 117 description, 116 Intel TXT, 116 platform trust, 117 risk management, 118 security ISV ecosystem, 118 datacenter vs. cloud, 105 extended trusted pools

asset tag, 114

benefits of tags, 114–116

geolocation & asset descriptors, 114–115 geotag, 114

Intel TXT and attestation, 115

Intel TXT models, 110 trusted compute pools

core components, 113 creation steps, 113 definition, 112

platform trust status, 112 success stories, 113 trusted launch model, 110 Data-in-flight, 2 Data-in-use, 3 Dell PowerEdge R410, 39

E

„

„

„

„

„

„

„

„

„

Enablement. See also Management and policy tools layer; Operating system or hypervisor enablement basics BIOS and TPM, 92 components, 92 elements, 92 menu structure, 93

OEM platform requirements and opportunities, 92

platform default, 92 security setup screen, 93 extended

attestation services, 94 provisioning, 94

reporting and logging capability, 95 trusted computing, 94

updates, 94

layered pyramid model, 89 security applications layer

broad security missions, 102 integration, 101

Intel TXT–enabled platforms, 102 questions remain, 103

RSA, 102

SIEM and GRC management tools, 91 steps and requirements, 90

trusted launch and pools use model, 91 Endpoint component, 81

F

„

„

„

„

„

„

„

„

„

Firmware Interface Table (FIT), 92

G

„

„

„

„

„

„

„

„

„

Gathering platform, 81 Geotag, 114

Governance, risk, and compliance (GRC) tools, 90 Guest operating system, 6

(3)

H

„

„

„

„

„

„

„

„

„

Hash Method of Authentication (HMAC) value, 20, 25 Host operating system, 6

Hypervisor

enablement (see Operating system and hypervisor enablement)

rootkit, 119

I, J, K

„

„

„

„

„

„

„

„

„

Infrastructure as a Service (IaaS) model, 109 Intel

®

Trusted Execution Technology (Intel

®

TXT)

attack types, 2 attestation, 9 benefits, 9

cloud computing, 7

cloud service provider/service client, 10 configuration, 4

description, 4 disadvantage, 11 dynamic chain of trust, 5 flexibility, 4

goal, 1, 4

measured launch environment, 6–7 measurement process, 4

roles and responsibilities host operating system, 13 OEM, 12 TPM ownership, 12 sealed storage, 1 security level, 2 server enhancement BIOS inclusion, 11

client and server platforms, 12 processor-based CRTM, 11 RAS features, 11

server architecture complexity, 12 System Management Module code, 12 static chain of trust, 5

third-party software, 13 TPM chip, 4

trusted compute pool, 10 trusted servers, 4 virtualization, 6 Intel

®

TXT attestation, 35 boot sequence, 29 concepts, 26 conceptual architecture, 85 cryptography asymmetric encryption, 24 cryptographic hash functions, 24 decryption, 23

encryption, 23

symmetric encryption, 24

dynamic measurements, 28 launch control policy, 33

MLE element, 34 NV policy data, 35 PCONF, 34

platform supplier and owner policy, 34 protection, 35

measured launch process, 31 measurements, 26

models, 83, 110 operating system, 28 platform configuration, 28 reset attack protection, 33 sealing, 35

secure measurements, 27 static measurements, 27 TPM

Attestation Identity Key, 23 interface, 19

nonvolatile random access memory, 22 ownership and access enforcement, 23 platform configuration registers, 21 public and private key, 21

random number generator, 20 RSA asymmetric algorithm, 21 security functions, 18–19 SHA-1, 21

trusted launch, pools and compliance, 83 Intel

®

TXT–capable platform

components

authenticated code module, 18 BIOS, 17

chipsets, 17 processor, 16

Trusted Platform Module, 17 definition, 16

Intel

®

Virtualization Technology (Intel

®

VT), 38

L

„

„

„

„

„

„

„

„

„

Launch control policy (LCP), 61, 80 ACM, 48

ANY, 47

ANY policy specification, 53 autopromotion requirement, 64 considerations, 59

decision matrix, 77 establish trusted pools, 56 flow, 49

generator, 49

host operating systems

MLE policy creation tools, 71 OS/VMM vendor, 71 impact of

BIOS updates, 73 OS/VMM updates, 73

(4)

platform configuration changes, 73 SINIT updates, 72

insights, 47 management

multiple lists for version control, 74 signed list usage, 74

simplest policy, 75

single policy for server groups, 73 vendor-signed policies, 74 measured launch process, 47 MLE element specification, 52 NV Policy Data, 48

overview, 62

PCONF element specification, 51 PCONF policy, 64–65 challenges, 70 PcrDump, 69 PCRInfo, 70 remote attestation, 64 specification, 65 policy data structure, 48

prevent interference by platform supplier policy, 56 reduce need for remote attestation, 58

remote attestation, 63 reset attack protection, 59, 64 revoke platform default policy, 54 signed lists, 50 strategies available tools, 76 confidence, 75 PCRs, 76 remote attestation, 76 reset protections, 76 risk, 76 training, 75 trusted pools, 76 TPM access restriction, 64 TPM password, 77

trusted ACM specification, 53 LIST policy, 49

Local attestations, 80

M

„

„

„

„

„

„

„

„

„

Management and policy tools layer attestation services, 100 evolutionary enhancement, 99 HyTrust appliance, 99 provisioning, 100

reporting and logging functions, 100 roles, 99

server trust status, 101 trusted compute pools, 97 updates, 100

McAfee ePolicy Orchestrator (ePO), 102 Measured launch environment, 6–7

code, 6–7, 48, 52 policy, 61 Measured service, 107 Mt. Wilson technology, 87–88

N

„

„

„

„

„

„

„

„

„

Nonvolatile random access memory, 22 NV Policy Data, 48

O

„

„

„

„

„

„

„

„

„

OEM platform enablement requirements and opportunities, 92

On-demand self-service, 107

One-party encryption. See Symmetric encryption OpenAttestation, 86

Open-source project, 86

Operating system and hypervisor enablement basic enablement, 96

ISV, 96

key trusted platforms, 96 SINIT module, 96 TCB and LCP, 96 TPM, 96

trust-based reporting and logging capabilities, 97

trusted computing stack, 95

P, Q

„

„

„

„

„

„

„

„

„

Physical presence interface, 40

Platform as a Service (PaaS) model, 109 Platform Configuration (PCONF) policy, 61, 64

challenges, 70 PcrDump, 69 PCRInfo, 70 specification, 65

Platform configuration registers (PCRs), 5, 21 Platform default (PD) policy, 54

Platform trust, 117 Provisioning

BIOS setup

automating BIOS provisioning, 40 enable and activate TPM, 38 enable Intel

®

TXT, 39

enable supporting technology, 38 summary of, 39

create owner’s launch control policy (see Launch control policy (LCP))

establish TPM ownership (see Trusted Platform Module (TPM))

steps to provision new platform, 37 Launch control policy (LCP) (cont.)

(5)

trusted host operating system OS/VMM installation, 45 Ubuntu, 45 VMware ESXi, 45

R

„

„

„

„

„

„

„

„

„

Random number generator (RNG), 20 Rapid elasticity, 107

Remote attestations, 80

Reporting and logging capability, 95 Resource pooling, 107 Risk management, 118 Root kits, 3

S

„

„

„

„

„

„

„

„

„

SDK architecture overview, 87 Security applications layer

broad security missions, 102 integration, 101

Intel TXT–enabled platforms, 102 questions remain, 103

RSA, 102

Security incident management and analysis tools (SIEM), 90

Service components capabilities, 82

conceptual architecture, 81

endpoint, service and administrative components, 81

overview, 81 SHA-1, 21

Signed BIOS policy, 59 SINIT policy, 61

Software as a Service (SaaS) model, 109 Software development kit (SDK), 86 Symmetric encryption, 24

T, U, V

„

„

„

„

„

„

„

„

„

Trusted Boot (TBOOT) module, 31, 45 Trusted Compute Base (TCB), 96 Trusted compute pools (TCP)

core components, 113 creation steps, 113 definition, 112

platform trust status, 112 success stories, 113 Trusted computing anti-malware, 125 BIOS rootkit, 119 End-to-End Trust, 124 evolution, 123 guest images, 124 Hypervisor rootkit, 119 IT security toolbox, 119

launch time measurement, 122–123 private and public cloud computing, 120 protections and assurance

cryptographic measurement techniques, 121 ecosystem, 121 GRC, 122 hardware, 120 hypervisor integrity, 121 requirements, 121 virtualized/cloud models, 122 stack integrity

asset and location control aspect, 126 datacenter and security, 127

digital certificates, 126 host integrity, 126 McAfee, 125

McAfee MOVE Antivirus, 127 McAfee SiteAdvisor, 126 threats, 122

whitelist approach, 123

Trusted Computing Group (TCG), 3, 79 Trusted launch and pools use model, 91 Trusted launch model, 110

Trusted operating system, 6

Trusted Platform Module (TPM), 17–18, 92 Attestation Identity Key, 23

chip, 4

enable and activate, 38 interface, 19

control protocol, 20 localities, 19

nonvolatile random access memory, 22 ownership

and access enforcement, 23 authorization values, 43 definition, 40

establish ownership, 40

local pass-through TPM model, 41 management server model, 42 remote pass-through TPM model, 41 Platform Configuration Registers, 21 public and private key, 21

random number generator, 20 RSA asymmetric algorithm, 21 security functions, 18–19 SHA-1, 21

W, X, Y, Z

„

„

„

„

„

„

„

„

„

Whitelisting, 36

References

Download now ( PDF - 5 Page - 64.94 KB )

Related documents

Self-concept of indigenous and non-indigenous Australian students. Competence and affect components and relations to achievement

These findings supported the generalizability of the self- concept structure including the separation between competence and affect components for academic (math, verbal, school)

Overexpression of a cysteine proteinase inhibitor gene from Jatropha curcas confers enhanced tolerance to salinity stress

Recently, PhyCys have been found to be involved in responses to abiotic stresses as evidenced by their high expression in harsh conditions such as cold, heat, drought, salinity,

Upgrading Students’ Writing Performance through Contextual Teaching and Learning Approach

This is a pre-experimental research using one group pre-test and pos-test design, which aims at finding out the effects of Contextual Teaching and Learning approach

Perfectionism and recovery from work as predictors of subjective and job-related affective well-being with employees in IT sector

Višu subjektivnu dobrobit doživljavati će osobe višeg obrazovanja, osobe više na dimenziji pozitivnog perfekcionizma, osobe niže na dimenziji negativnog perfekcionizma, te

TRANSPARENT PRIVACY IN CORPORATE FILINGS

While personal and business security may seem like trivial concerns to the proponents of federal corporate transparency legislation, as US citizens, business owners enjoy all the

1 ST GRADE CURRICULUM. E.E.K! Project for Sustainable Development 10/15/2006 Sustainable Futures Group 2006

Project for Sustainable Development 10/15/2006–Sustainable Futures Group 2006– [email protected] Item Potential Acts Energy Conversion Energy Potential.. Rope Use as

Adjustment problems faced by international students in South Africa

south Africans and it’s very hard for foreigners to get grant, like for instance, there are cases were a foreigner is more qualified than the south African but they can’t access it.”

TABLE OF CONTENTS. Foreword by KIMEP University President Dr. Chan Young Bang...3

This volume became possible through the fruitful collaboration with Office of the President; Office of the Vice President of Academic Affairs; Bang College of Business;