intel’s security vision for xen rc4 short · *third party marks and brands are the property of...
TRANSCRIPT
IntelIntel’’s Security s Security Vision for XenVision for Xen
Carlos RozasCarlos RozasIntel CorporationIntel Corporation
Xen SummitXen SummitApril 7April 7--8, 20058, 2005
2*Third party marks and brands are the property of their respective owners
INFORMATION IN THIS DOCUMENT IS PROVIDED IN INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTELCONNECTION WITH INTEL®® PRODUCTS.PRODUCTS. EXCEPT AS PROVIDED EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY RELATING TO SALE AND/OR USE OF INTEL PRODUCTS, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS, INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT, OR OTHER INFRINGEMENT OF ANY PATENT, COPYRIGHT, OR OTHER INTELLECTUAL PROPERTY RIGHT.INTELLECTUAL PROPERTY RIGHT.
Intel may make changes to specifications, product descriptions, Intel may make changes to specifications, product descriptions, and plans at any time, without notice.and plans at any time, without notice.
All dates provided are subject to change without notice.All dates provided are subject to change without notice.
3*Third party marks and brands are the property of their respective owners
AgendaAgenda
Intel’s Security Vision for Xen
Security Enhanced Xen
Intel and Security Enhanced Xen
Usage Models
4*Third party marks and brands are the property of their respective owners
IntelIntel’’s Security Vision for Xens Security Vision for Xen
Scalable Trust ArchitectureScalable Trust Architecture––Uses Intel platform technologies to enhance Uses Intel platform technologies to enhance
security solutions in Xensecurity solutions in Xen––Small, Assurable Trusted Computing BaseSmall, Assurable Trusted Computing Base
–– Keep Hypervisor SmallKeep Hypervisor Small–– Mandatory Access ControlMandatory Access Control–– Domain0 decompositionDomain0 decomposition
––Secure By DefaultSecure By Default––Desktops, Mobiles, and ServersDesktops, Mobiles, and Servers
5*Third party marks and brands are the property of their respective owners
AgendaAgenda
IntelIntel’’s Security Vision for Xen s Security Vision for Xen
Security Enhanced XenSecurity Enhanced Xen
Intel and Security Enhanced XenIntel and Security Enhanced Xen
Usage Models
6*Third party marks and brands are the property of their respective owners
Security Enhanced XenSecurity Enhanced Xen
Key Functional EnhancementsKey Functional EnhancementsMandatory Access Control (MAC)Mandatory Access Control (MAC)TPM SupportTPM Support–– Measurement, Attestation, and SealingMeasurement, Attestation, and Sealing
Resource ControlResource ControlTrusted PathTrusted Path
Key Assurance EnhancementsKey Assurance EnhancementsDecomposing Domain0 to support Least Decomposing Domain0 to support Least Privilege and MeasurementPrivilege and Measurement
7*Third party marks and brands are the property of their respective owners
AgendaAgenda
Intel’s Security Vision for Xen
Security Enhanced Xen
Intel and Security Enhanced Xen
Usage Models
8*Third party marks and brands are the property of their respective owners
Intel and Security Enhanced XenIntel and Security Enhanced Xen
Platform TechnologiesPlatform Technologies––Execute Disable Bit Execute Disable Bit –– Intel Virtualization TechnologyIntel Virtualization Technology––LaGrande TechnologyLaGrande Technology
Software TechnologySoftware Technology––Virtual TPM FrameworkVirtual TPM Framework
Usage ModelUsage Model––ManageabilityManageability
9*Third party marks and brands are the property of their respective owners
RAMRAM
LaGrande Technology (LT)LaGrande Technology (LT)LT = CPU + Chipset + TPM + Protected I/OLT = CPU + Chipset + TPM + Protected I/O
= LT specific enhancement
ICH
LPCLPC
USBUSB
Protected Keyboard/Mouse*
Trusted channel between Keyboard/Mouse and
trusted software
Intel CPU
Intel(G)MCH
CPU ExtensionsProtected launchEnables domain separation
Protected Memory MgmtEnforces access policy to
protected memory
Protected GraphicsTrusted channel between graphics & trusted SW
(integrated or third party discrete graphics)
TPM
Trusted Platform Module v1.2Protects keys, digital certificates &
attestation credentialsProvides platform authentication
*Trusted Keyboard Controller*Trusted Keyboard Controllerfor Mobilefor Mobile
10*Third party marks and brands are the property of their respective owners
LT Benefits for XenLT Benefits for Xen
Increased Assurance and IsolationIncreased Assurance and Isolation––Protected memory allows for better isolation Protected memory allows for better isolation
and enhances Xen I/O spacesand enhances Xen I/O spaces––Protected launch anchors Xen startProtected launch anchors Xen start--up in up in
hardware and reduces the number of hardware and reduces the number of elements in the trust chainelements in the trust chain
––Protected graphics, keyboard, and mouse Protected graphics, keyboard, and mouse provides building blocks for enhanced provides building blocks for enhanced trusted pathtrusted path
11*Third party marks and brands are the property of their respective owners
Generalized Virtual TPM (GVTPM)Generalized Virtual TPM (GVTPM)FrameworkFramework
GVTPM Device Models (DM):GVTPM Device Models (DM):–– Provides TPM functionality Provides TPM functionality –– May meet different security profilesMay meet different security profiles
GVTPM Manager SuiteGVTPM Manager Suite–– Presented to TCG for considerationPresented to TCG for consideration–– Create TCG Credentials for GVTPM Create TCG Credentials for GVTPM
Device Models that implement TPMDevice Models that implement TPM 1.2 interfaces 1.2 interfaces
–– Roots the GVTPM Device ModelRoots the GVTPM Device Model’’s s trust in the hardware TPM trust in the hardware TPM
–– Provides management of the TPM Provides management of the TPM and its resourcesand its resources
Proof of concept validated by a Proof of concept validated by a prototypeprototype
GVTPM Device Model
GVTPM Manager
TPM Driver
Virtual Machine Monitor
GVTPM Protected Persistent Storage
GVTPM Manufacture
Authority
Trusted Platform Module
GVTPM Device Model
GVTPM Device Model
Operating System VM/
Partition
Operating System VM/
Partition
Operating System VM/
Partition
Key & Session Manager
12*Third party marks and brands are the property of their respective owners
Generalized Virtual TPM Framework Generalized Virtual TPM Framework Benefits for XenBenefits for Xen
Flexibility in providing TPM functionality to Flexibility in providing TPM functionality to Virtual Machines rooted in TPM hardwareVirtual Machines rooted in TPM hardware–– Transparent TPM functionality to Guest OS and Transparent TPM functionality to Guest OS and
applicationsapplications–– Support multiple TPM families simultaneously Support multiple TPM families simultaneously –– Support for different security and performance Support for different security and performance
profiles and vendors for each Guest OSprofiles and vendors for each Guest OS
13*Third party marks and brands are the property of their respective owners
AgendaAgenda
Intel’s Security Vision for Xen
Security Enhanced Xen
Intel and Security Enhanced Xen
Usage Models
14*Third party marks and brands are the property of their respective owners
•• Embedded Embedded PC HealthPC Health
•• Client Client Isolation & Isolation & RecoveryRecovery
SeamlessSeamlessCollaborationCollaboration
Embedded ITEmbedded IT
InformationInformationAssistanceAssistance
PervasivePervasiveConnectivityConnectivity
Usage ModelsUsage ModelsBased on NeedsBased on Needs
Digital Office Usage ModelsDigital Office Usage Models
•• Office on Office on the gothe go
•• Small party Small party conferencingconferencing
•• Integrated Integrated experienceexperience
•• Simplified Simplified WLAN WLAN connectionsconnections
•• One logical One logical devicedevice
•• One bill One bill roamingroaming
•• WWANWWAN
•• Find & Find & analyze analyze informationinformation
Enabling realEnabling real--time business time business -- anytime, anywhereanytime, anywhere
15*Third party marks and brands are the property of their respective owners
VT/LT Enabled XenVT/LT Enabled XenVT/LT Enabled Xen
Manageability Manageability AgentsAgents
IT ServicesIT ServicesOperating
SystemOperatingOperating
SystemSystem
Intel AMTIntel AMTIntel AMTIntel VT/LTPlatform
Intel VT/LTIntel VT/LTPlatformPlatform
Usage Model: Embedded ITUsage Model: Embedded IT
ManagementManagementPartitionPartition
Use Model Use Model –– Rich filter and quarantine Rich filter and quarantine
operationsoperations–– Software Upgradeable / RepairableSoftware Upgradeable / Repairable–– Protect agents from malicious SW Protect agents from malicious SW
or end user decision to disable or end user decision to disable –– Rich OOB channel for SW repair Rich OOB channel for SW repair
and informationand information
Active Management Active Management Technology (AMT)Technology (AMT)
–– Tamper ResistantTamper Resistant–– Platform power state independentPlatform power state independent–– Replace damaged media image Replace damaged media image
(IDE(IDE--R)R)–– Asset managementAsset management–– Persistent storagePersistent storage
TPM 1.2TPM 1.2TPM 1.2
16*Third party marks and brands are the property of their respective owners
SummarySummary
Intel is committed to working with Intel is committed to working with community as we did with VT to provide community as we did with VT to provide a more robust and trustworthy Xen a more robust and trustworthy Xen platform platform ––TPM Support TPM Support ––GVTPM Virtualization FrameworkGVTPM Virtualization Framework––LaGrande TechnologyLaGrande Technology
Call to ActionCall to Action––Establish milestones, deliverables, and Establish milestones, deliverables, and
schedules for Security Enhanced Xenschedules for Security Enhanced Xen