emb423 creating a trusted environment for windows ce 5.0
DESCRIPTION
EMB423 Creating A Trusted Environment For Windows CE 5.0. Nat Frampton President Real Time Development [email protected]. OEM/IHV Supplied. BSP (ARM, SH4, MIPS). OEM Hardware and Standard Drivers. Standard PC Hardware and Drivers. H ardware/ D rivers. Windows XP DDK. - PowerPoint PPT PresentationTRANSCRIPT
EMB423EMB423
Creating A Trusted Creating A Trusted Environment For Environment For Windows CE 5.0Windows CE 5.0
Nat FramptonNat FramptonPresidentPresidentReal Time DevelopmentReal Time [email protected]@realtimeonline.com
MManagementanagementTToolsools
CCommunicationsommunications& & MMessagingessaging
Device Update Agent
Software Update Services
Live Communications Server
Exchange Server
Internet Security and Acceleration Server
Speech Server
Image Update
LLocation ocation SServiceservices
MMultimediaultimedia
MapPoint
DirectX
Windows Media
Visual Studio 2005DDevelopment evelopment TToolsools
MFC 8.0, ATL 8.0
Win32NNativeative
MManagedanaged
SServer erver SSideide
LLightweightightweight
RRelationalelationalSQL Server 2005 Express EditionEDB
DDa
taata
PPro
gra
mm
ing
ro
gra
mm
ing
MM
od
el
od
el
DDevice evice BBuilding uilding TToolsools
HHardware/ardware/DDriversrivers
Windows XP DDK
Windows Embedded Studio
Platform Builder
OEM/IHV SuppliedBSP
(ARM, SH4, MIPS)OEM Hardware and Standard Drivers
Standard PC Hardware and Drivers
SQL Server 2005SQL Server 2005 Mobile Edition
ASP.NET Mobile Controls ASP.NET
.NET Compact Framework .NET Framework
Microsoft Operations Manager
Systems Management Server
OverviewOverview
Inside Loader AuthenticationInside Loader Authentication
Implementation ExampleImplementation Example
Implementation SceneriosImplementation Scenerios
ConclusionsConclusions
Locking Down App Execution Locking Down App Execution Trusted ModelTrusted Model
Application execution control via Application execution control via Trusted ModelTrusted Model
OEM option to assign trust levels to processesOEM option to assign trust levels to processes
ProtectionsProtectionsPrevents unauthorized modules from being loadedPrevents unauthorized modules from being loaded
Restricts access to certain system APIsRestricts access to certain system APIs
Prevent registry WRITE access to certain root and sub-keys:Prevent registry WRITE access to certain root and sub-keys:HKEY_LOCAL_MACHINE\Comm, Drivers, Hardware, Init, HKEY_LOCAL_MACHINE\Comm, Drivers, Hardware, Init, Services, SYSTEM, WDMDrivers Services, SYSTEM, WDMDrivers
Prevents WRITE access to files with SYSTEM attributePrevents WRITE access to files with SYSTEM attributeREAD access granted, by default. Can be changed via READ access granted, by default. Can be changed via [HKLM\System\ObjectStore]\“AllowSystemAccess”[HKLM\System\ObjectStore]\“AllowSystemAccess”
Locking Down App Execution Locking Down App Execution When do I implement the Trusted Model?When do I implement the Trusted Model?
1-tier (all code runs as Trusted)1-tier (all code runs as Trusted)Prevent unknown code from executing on devicePrevent unknown code from executing on device
Trust all code running on device (to same extent)Trust all code running on device (to same extent)
2-tier (code can run as Trusted or Untrusted)2-tier (code can run as Trusted or Untrusted)End users can run any code on deviceEnd users can run any code on device
Protect from malicious code, such as worms, Protect from malicious code, such as worms, viruses, trojan attacks, etc.viruses, trojan attacks, etc.
Restrict capabilities of certain processes Restrict capabilities of certain processes
Locking Dow… Execution Locking Dow… Execution Trusted Model Trusted Model
Load Library
Trusted Model?
YN
YN
Load FailFail
Pass OEM Verification
Assign TrustLevel
TR
F
Lo
ad
Load
Locking Down App Execution Locking Down App Execution Trusted ModelTrusted Model
Implement Trusted Environment with two functionsImplement Trusted Environment with two functionsOEMCertifyModuleInitOEMCertifyModuleInit
Loader notifies OAL (OEM Adaptation Layer) code when Loader notifies OAL (OEM Adaptation Layer) code when launching new module launching new module
OEMCertifyModuleOEMCertifyModuleLoader passes module to OAL code for verificationLoader passes module to OAL code for verificationReturns one of three trust levels:Returns one of three trust levels:
OEM_CERTIFY_TRUST, OEM_CERTIFY_TRUST, OEM_CERTIFY_RUN, OEM_CERTIFY_RUN, OEM_CERTIFY_FALSEOEM_CERTIFY_FALSE
Samples available Samples available loadauth.lib – Sample implementation of loadauth.lib – Sample implementation of OEMCertifyModuleOEMCertifyModule and and OEMCertifyModuleInitOEMCertifyModuleInitsignfile.exe – Desktop application that signs CE binariessignfile.exe – Desktop application that signs CE binaries
OEM CertificationOEM CertificationFunction Description Return value
OEMCertifyModuleInit Enables the OS loader to notify the OEM that a new module is being loaded. Allows the OEM to decide whether to verify the module for safety.
TRUE or FALSE
OEMCertifyModule Allows the OS loader to pass the module code (for example, DLL, EXE, and OCX) to the OEM for verification that it is safe to run on the system.
OEM_CERTIFY_TRUST OEM_CERTIFY_RUN OEM_CERTIFY_FALSE
DLL And EXE Trust LevelsDLL And EXE Trust Levels
EXE trust DLL trust Final DLL trust
OEM_CERTIFY_RUN OEM_CERTIFY_RUN OEM_CERTIFY_RUN
OEM_CERTIFY_RUN OEM_CERTIFY_TRUST OEM_CERTIFY_RUN
OEM_CERTIFY_TRUST OEM_CERTIFY_RUN DLL fails to load
OEM_CERTIFY_TRUST OEM_CERTIFY_TRUST OEM_CERTIFY_TRUST
Loader LocationLoader Location
Appears in…Appears in…\WINCE500\Private\WINCEOS\COREOS\\WINCE500\Private\WINCEOS\COREOS\NK\KERNEL\Loader.cNK\KERNEL\Loader.c
Function VerifyBinaryFunction VerifyBinary
Define the following in OEMInit… Define the following in OEMInit… pOEMLoadInit = OEMCertifyModuleInitpOEMLoadInit = OEMCertifyModuleInit
pOEMLoadModule = OEMCertifyModulepOEMLoadModule = OEMCertifyModule
Implementation ExampleImplementation Example
Lockdown ArchitectureLockdown Architecture
Win32Win32
KernelKernel
OALOAL
Load Library
OEMCertify….
AllowableAllowableFilesFilesListList
KernelIOControl
AllowableAllowableFilesFiles
DatabaseDatabase
File Changes \WINCE500…File Changes \WINCE500…
\PLATFORM\COMMON\SRC\X86\COMMON\\PLATFORM\COMMON\SRC\X86\COMMON\STARTUP\OEMINIT.CSTARTUP\OEMINIT.C
Actual OEMCertification ModulesActual OEMCertification Modules
\PUBLIC\COMMON\OAK\INC\PkFuncs.h\PUBLIC\COMMON\OAK\INC\PkFuncs.hDefine IOCTL Codes into the KernelIOControlDefine IOCTL Codes into the KernelIOControl
\PLATFORM\COMMON\SRC\X86\INC\ioctl_tab.h\PLATFORM\COMMON\SRC\X86\INC\ioctl_tab.hAssociate our IOCTL Call handler with IOCTLsAssociate our IOCTL Call handler with IOCTLs
\PLATFORM\COMMON\SRC\X86\INC\x86ioctl.h\PLATFORM\COMMON\SRC\X86\INC\x86ioctl.hDeclare our interface to our IOCTL Call HandlerDeclare our interface to our IOCTL Call Handler
Implementation ScenariosImplementation Scenarios
OEM is free to choose trust levelOEM is free to choose trust level
Digital Certificates represent highest Digital Certificates represent highest trust leveltrust level
Digital Certificates require extra Digital Certificates require extra footprintfootprint
OEM can implement dynamic trustOEM can implement dynamic trustAllows for the device to change Allows for the device to change personalitypersonality
OEM can implement Name/ChecksumOEM can implement Name/Checksum
ConclusionsConclusions
Windows CE 5.0 Provides a robust Windows CE 5.0 Provides a robust Security ArchitectureSecurity ArchitectureLoader Certification provides a Loader Certification provides a mechanism tomechanism to
Create a Trusted EnvironmentCreate a Trusted EnvironmentDynamically define the devices personalityDynamically define the devices personality
Follow Best Practices at multiple levels Follow Best Practices at multiple levels for best defensefor best defense““Trusted Security is best achieved by having Trusted Security is best achieved by having a thorough understanding of the Windows CE a thorough understanding of the Windows CE 5.0’s Security Architecture and Trust Model!”5.0’s Security Architecture and Trust Model!”
While At MEDC 2005…While At MEDC 2005…Fill outFill out an evaluation for this session an evaluation for this session
Randomly selected instant Randomly selected instant WINWIN prizes! prizes!
Use Use real technology in a labreal technology in a lab Instructor led Instructor led Reef E/FReef E/F & & Breakers LBreakers L
Self-paced Self-paced Reef B/CReef B/C
VisitVisit the Microsoft Product Pavilion the Microsoft Product Pavilion
in the Exhibit Hall in the Exhibit Hall Shorelines BShorelines B
After The Conference…After The Conference…
DevelopDevelop
BuildBuild
InstallInstall
BuildBuild
JoinJoin
InstallInstall
EnterEnter
JoinJoin
Full-featured trial versions of Windows CE Full-featured trial versions of Windows CE and/or Windows XP Embeddedand/or Windows XP Embedded
Cool stuff & tell us about it: Cool stuff & tell us about it: msdn.microsoft.com/embedded/community
Windows Embedded Partner Program:Windows Embedded Partner Program:www.mswep.com
Windows Mobile 5.0 Eval Kit including Windows Mobile 5.0 Eval Kit including Visual Studio 2005 Beta 2Visual Studio 2005 Beta 2
Mobile2Market Contest and win up to $25000: Mobile2Market Contest and win up to $25000: mobile2marketcontest.com
Microsoft Solutions Partner Program:Microsoft Solutions Partner Program:partner.microsoft.com
Tools & ResourcesTools & Resources
msdn.microsoft.com/msdn.microsoft.com/ embeddedembedded
microsoft.public.microsoft.public. windowsxp.embeddedwindowsxp.embedded windowsce.platbuilderwindowsce.platbuilder windowsce.embedded.vcwindowsce.embedded.vc
blogs.msdn.com/blogs.msdn.com/ mikehallmikehall
Windows CE 5.0 Eval KitWindows CE 5.0 Eval KitWindows XP Embedded Eval KitWindows XP Embedded Eval Kit
msdn.microsoft.com/msdn.microsoft.com/ mobilitymobility
microsoft.public.microsoft.public. pocketpc.developer pocketpc.developer smartphone.developer smartphone.developer dotnet.framework.compactframeworkdotnet.framework.compactframework
blogs.msdn.com/blogs.msdn.com/ windowsmobilewindowsmobile vsdteamvsdteam netcfteamnetcfteam
Windows Mobile 5.0 Eval KitWindows Mobile 5.0 Eval Kit
WebsitesWebsites
NewsgroupsNewsgroups
BlogsBlogs
ToolsTools
BuildBuild DevelopDevelop