IntelIntel’’s Security s Security Vision for XenVision for Xen

Carlos RozasCarlos RozasIntel CorporationIntel Corporation

Xen SummitXen SummitApril 7April 7--8, 20058, 2005

2*Third party marks and brands are the property of their respective owners

INFORMATION IN THIS DOCUMENT IS PROVIDED IN INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTELCONNECTION WITH INTEL®® PRODUCTS.PRODUCTS. EXCEPT AS PROVIDED EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY RELATING TO SALE AND/OR USE OF INTEL PRODUCTS, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS, INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT, OR OTHER INFRINGEMENT OF ANY PATENT, COPYRIGHT, OR OTHER INTELLECTUAL PROPERTY RIGHT.INTELLECTUAL PROPERTY RIGHT.

Intel may make changes to specifications, product descriptions, Intel may make changes to specifications, product descriptions, and plans at any time, without notice.and plans at any time, without notice.

All dates provided are subject to change without notice.All dates provided are subject to change without notice.

3*Third party marks and brands are the property of their respective owners

AgendaAgenda

Intel’s Security Vision for Xen

Security Enhanced Xen

Intel and Security Enhanced Xen

Usage Models

4*Third party marks and brands are the property of their respective owners

IntelIntel’’s Security Vision for Xens Security Vision for Xen

Scalable Trust ArchitectureScalable Trust Architecture––Uses Intel platform technologies to enhance Uses Intel platform technologies to enhance

security solutions in Xensecurity solutions in Xen––Small, Assurable Trusted Computing BaseSmall, Assurable Trusted Computing Base

–– Keep Hypervisor SmallKeep Hypervisor Small–– Mandatory Access ControlMandatory Access Control–– Domain0 decompositionDomain0 decomposition

––Secure By DefaultSecure By Default––Desktops, Mobiles, and ServersDesktops, Mobiles, and Servers

5*Third party marks and brands are the property of their respective owners

AgendaAgenda

IntelIntel’’s Security Vision for Xen s Security Vision for Xen

Security Enhanced XenSecurity Enhanced Xen

Intel and Security Enhanced XenIntel and Security Enhanced Xen

Usage Models

6*Third party marks and brands are the property of their respective owners

Security Enhanced XenSecurity Enhanced Xen

Key Functional EnhancementsKey Functional EnhancementsMandatory Access Control (MAC)Mandatory Access Control (MAC)TPM SupportTPM Support–– Measurement, Attestation, and SealingMeasurement, Attestation, and Sealing

Resource ControlResource ControlTrusted PathTrusted Path

Key Assurance EnhancementsKey Assurance EnhancementsDecomposing Domain0 to support Least Decomposing Domain0 to support Least Privilege and MeasurementPrivilege and Measurement

7*Third party marks and brands are the property of their respective owners

AgendaAgenda

Intel’s Security Vision for Xen

Security Enhanced Xen

Intel and Security Enhanced Xen

Usage Models

8*Third party marks and brands are the property of their respective owners

Intel and Security Enhanced XenIntel and Security Enhanced Xen

Platform TechnologiesPlatform Technologies––Execute Disable Bit Execute Disable Bit –– Intel Virtualization TechnologyIntel Virtualization Technology––LaGrande TechnologyLaGrande Technology

Software TechnologySoftware Technology––Virtual TPM FrameworkVirtual TPM Framework

Usage ModelUsage Model––ManageabilityManageability

9*Third party marks and brands are the property of their respective owners

RAMRAM

LaGrande Technology (LT)LaGrande Technology (LT)LT = CPU + Chipset + TPM + Protected I/OLT = CPU + Chipset + TPM + Protected I/O

= LT specific enhancement

ICH

LPCLPC

USBUSB

Protected Keyboard/Mouse*

Trusted channel between Keyboard/Mouse and

trusted software

Intel CPU

Intel(G)MCH

CPU ExtensionsProtected launchEnables domain separation

Protected Memory MgmtEnforces access policy to

protected memory

Protected GraphicsTrusted channel between graphics & trusted SW

(integrated or third party discrete graphics)

TPM

Trusted Platform Module v1.2Protects keys, digital certificates &

attestation credentialsProvides platform authentication

*Trusted Keyboard Controller*Trusted Keyboard Controllerfor Mobilefor Mobile

10*Third party marks and brands are the property of their respective owners

LT Benefits for XenLT Benefits for Xen

Increased Assurance and IsolationIncreased Assurance and Isolation––Protected memory allows for better isolation Protected memory allows for better isolation

and enhances Xen I/O spacesand enhances Xen I/O spaces––Protected launch anchors Xen startProtected launch anchors Xen start--up in up in

hardware and reduces the number of hardware and reduces the number of elements in the trust chainelements in the trust chain

––Protected graphics, keyboard, and mouse Protected graphics, keyboard, and mouse provides building blocks for enhanced provides building blocks for enhanced trusted pathtrusted path

11*Third party marks and brands are the property of their respective owners

Generalized Virtual TPM (GVTPM)Generalized Virtual TPM (GVTPM)FrameworkFramework

GVTPM Device Models (DM):GVTPM Device Models (DM):–– Provides TPM functionality Provides TPM functionality –– May meet different security profilesMay meet different security profiles

GVTPM Manager SuiteGVTPM Manager Suite–– Presented to TCG for considerationPresented to TCG for consideration–– Create TCG Credentials for GVTPM Create TCG Credentials for GVTPM

Device Models that implement TPMDevice Models that implement TPM 1.2 interfaces 1.2 interfaces

–– Roots the GVTPM Device ModelRoots the GVTPM Device Model’’s s trust in the hardware TPM trust in the hardware TPM

–– Provides management of the TPM Provides management of the TPM and its resourcesand its resources

Proof of concept validated by a Proof of concept validated by a prototypeprototype

GVTPM Device Model

GVTPM Manager

TPM Driver

Virtual Machine Monitor

GVTPM Protected Persistent Storage

GVTPM Manufacture

Authority

Trusted Platform Module

GVTPM Device Model

GVTPM Device Model

Operating System VM/

Partition

Operating System VM/

Partition

Operating System VM/

Partition

Key & Session Manager

12*Third party marks and brands are the property of their respective owners

Generalized Virtual TPM Framework Generalized Virtual TPM Framework Benefits for XenBenefits for Xen

Flexibility in providing TPM functionality to Flexibility in providing TPM functionality to Virtual Machines rooted in TPM hardwareVirtual Machines rooted in TPM hardware–– Transparent TPM functionality to Guest OS and Transparent TPM functionality to Guest OS and

applicationsapplications–– Support multiple TPM families simultaneously Support multiple TPM families simultaneously –– Support for different security and performance Support for different security and performance

profiles and vendors for each Guest OSprofiles and vendors for each Guest OS

13*Third party marks and brands are the property of their respective owners

AgendaAgenda

Intel’s Security Vision for Xen

Security Enhanced Xen

Intel and Security Enhanced Xen

Usage Models

14*Third party marks and brands are the property of their respective owners

•• Embedded Embedded PC HealthPC Health

•• Client Client Isolation & Isolation & RecoveryRecovery

SeamlessSeamlessCollaborationCollaboration

Embedded ITEmbedded IT

InformationInformationAssistanceAssistance

PervasivePervasiveConnectivityConnectivity

Usage ModelsUsage ModelsBased on NeedsBased on Needs

Digital Office Usage ModelsDigital Office Usage Models

•• Office on Office on the gothe go

•• Small party Small party conferencingconferencing

•• Integrated Integrated experienceexperience

•• Simplified Simplified WLAN WLAN connectionsconnections

•• One logical One logical devicedevice

•• One bill One bill roamingroaming

•• WWANWWAN

•• Find & Find & analyze analyze informationinformation

Enabling realEnabling real--time business time business -- anytime, anywhereanytime, anywhere

15*Third party marks and brands are the property of their respective owners

VT/LT Enabled XenVT/LT Enabled XenVT/LT Enabled Xen

Manageability Manageability AgentsAgents

IT ServicesIT ServicesOperating

SystemOperatingOperating

SystemSystem

Intel AMTIntel AMTIntel AMTIntel VT/LTPlatform

Intel VT/LTIntel VT/LTPlatformPlatform

Usage Model: Embedded ITUsage Model: Embedded IT

ManagementManagementPartitionPartition

Use Model Use Model –– Rich filter and quarantine Rich filter and quarantine

operationsoperations–– Software Upgradeable / RepairableSoftware Upgradeable / Repairable–– Protect agents from malicious SW Protect agents from malicious SW

or end user decision to disable or end user decision to disable –– Rich OOB channel for SW repair Rich OOB channel for SW repair

and informationand information

Active Management Active Management Technology (AMT)Technology (AMT)

–– Tamper ResistantTamper Resistant–– Platform power state independentPlatform power state independent–– Replace damaged media image Replace damaged media image

(IDE(IDE--R)R)–– Asset managementAsset management–– Persistent storagePersistent storage

TPM 1.2TPM 1.2TPM 1.2

16*Third party marks and brands are the property of their respective owners

SummarySummary

Intel is committed to working with Intel is committed to working with community as we did with VT to provide community as we did with VT to provide a more robust and trustworthy Xen a more robust and trustworthy Xen platform platform ––TPM Support TPM Support ––GVTPM Virtualization FrameworkGVTPM Virtualization Framework––LaGrande TechnologyLaGrande Technology

Call to ActionCall to Action––Establish milestones, deliverables, and Establish milestones, deliverables, and

schedules for Security Enhanced Xenschedules for Security Enhanced Xen