intel trusted execution technology
DESCRIPTION
Intel TXTTRANSCRIPT
© 2008 Intel Corporation
Intel® TXT The Front Door of Trusted Computing....
Outlines Introduction to Intel® TXT TechnologyWhy it matters?Bad & Good ListArchitectural EnhancementsHow it works?Control PointsLCP Protection Use ModelsBenefitsMeeting the requirementsConclusion References
6 Mar 20122Intel ® TXT
Front Door of Trusted Computing …
Introduction
Intel® TXT(Trusted eXecution Technology) Code named as LaGrande.
Provides Hardware-based Security enhancing the level of security (more useful for Business PCs)
Integrates new security features and capabilities into the processor, chipset and other platform components
3 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
Why it matters?
Mechanism of Malwares may vary but they all seek to: 1. Corrupt Systems2. Disrupt Business3. Steal Data4. Seize control of Platforms
Traditional approaches by anti-viruses is to look for “known-bad” elements.
Intel® TXT provides “known good-focused” approach, that checks for malicious software before they are even launched.
4 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
5
Move from bad list to good list
VMM V20
VMM V4
Hacked_V1
Corrupted_V2
OS3
OS4
VMM V1
VMM V2
OS1
OS2
Bad list
Reactive
Good list
Proactive
VMM V8
VMM V4
Hacked_V1
Corrupted_V2
OS3
OS4
VMM V3
VMM V4
Hacked_V1
Corrupted_V2
OS3
OS4
6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
Strict control enables switch to
good list Identity Check
Accurate identity of software
Good List Requirements Good List Requirements
Integrity Check
Must provide ability to validate list integrity at time of policy
enforcement
Management of list must provide for multiple users and assurance of
list integrity
Control Enforce the list policy
6 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
A number of system components’ functionalities as well as architecture is enhanced:
Processor: Provides for simultaneous support of the standard partition & one or more protected partitions.
Chipset: Provides protected channels to graphics h/w and i/o devices on
behalf of the protected partitions. Also provides interfaces to the TPM.
Keyboard & Mouse:Support encryption of keyboard and mouse input using a cryptographic key that is shared between the input device and the input manager for protected execution domain.
(contd..)
7
Architectural Enhancements
6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
Graphics:Provides protected pathway between an application or software agent and the output display context(such as window object)
TPM(Trusted Platform Module):Hardware-based mechanism that stores cryptographic keys and other data related to Intel® TXT within the platform, also provides hardware support for the attestation process to confirm the successful invocation of the Intel TXT environment.
8 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
Internal Components of a TPM
9 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
How does it works?
10 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
Creates a Measured Launch Environment(MLE) that enables accurate comparison of all critical elements of launch environment against known-good source.
Creates a cryptographically unique identifier for each approved launch-enabled component, and then provides hardware-based enforcement mechanisms to block the launch of code that does not match approved code.
Intel TXT provides:• Verified Launch (MLE)• Launch Control Policy (LCP)• Secret Protection • Attestation
11
How does it works? (contd..)
6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
How does it works? (contd..)
12 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
13
Control Points
Memory
SINIT ACM
MLE
MLE
MLE
Establish special environment
Load SINIT and MLE into memory
Invoke GETSEC [SENTER]
Load SINIT into ACEA
Validate SINIT digital signature
a Store SINIT identity in TPM
SINIT measures MLE in memory
CPU
ACEA
SINIT ACM
SINIT ACM
a Store MLE identity in TPM
aa
6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
Control Points
Memory
SINIT ACM
MLE
MLE
MLE
Establish special environment
Load SINIT and MLE into memory
Invoke GETSEC [SENTER]
Load SINIT into ACEA
Validate SINIT digital signature
a Store SINIT identity in TPM
SINIT measures MLE in memory
CPU
ACEA
SINIT ACM
SINIT ACM
a Store MLE identity in TPM
aa
LCP
VMM1
VMM2
SINIT loads LCP
SINIT passes control to known MLE
14 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
LCP Protection LCP Protection
15 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
16 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
Ensures Safe Migration between Hosts through Trustable Pools
17 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
Benefits of Intel® TXT
Increased user confidence in their computing environment
More protection from malicious software
Improved protection of corporate information assets
Better confidentiality and integrity of sensitive information
18 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
Identity
Control
Integrity
Software stack identity provided by SENTER measurement
Control of software stack provided by authenticated code enforcing a launch control policy set for the specific platform
Integrity of the launch control policy guaranteed by hash and TPM controls
Meeting The RequirementsMeeting The Requirements
19 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
Safer Computing with Intel technologies
Pro
tecti
on
Cap
ab
ilit
ies
Time
Smart CardSmart Card
TPM (Trusted Platform Module)TPM (Trusted Platform Module)
Software-OnlySoftware-Only
Intel® Trusted Execution TechnologyIntel® Trusted Execution Technology
Execute DisableExecute Disable
Intel® Virtualization TechnologyIntel® Virtualization Technology
Future Technologies
Advancing Platform Protections
Intel® Active Management TechnologyIntel® Active Management Technology
20 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
Conclusion
With Intel® TXT enabled solutions we can:
Address the increasing and evolving security threats across physical and virtual infrastructure.
Facilitate compliance with government and industry regulations and data protection standards.
Reduce malware-related support and remediation costs.
21 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
References Software Development Guide, Intel® TXT, pdf format, March 2011 White Paper, Intel® TXT Software, pdf format Technology Overview, Intel® TXT, pdf format http://en.wikipedia.org/wiki/Trusted_Execution_Technology http://www.youtube.com/watch?v=LsjXjDksU http://www.intel.com/content/www/us/en/data-security/security-overview-
general-technology.html http://www.intel.com/content/www/us/en/architecture-and-technology/
trusted-execution-technology/trusted-execution-technology-overview.html
http://www.intel.com/content/www/us/en/architecture-and-technology/trusted-execution-technology/malware-reduction-general-technology.html
Intel ® TXT
Front Door of Trusted Computing …22 6 Mar 2012
16 Oct 2008 Front Door of Trusted Computing23