Download - Intel Trusted eXecution Technology
![Page 1: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/1.jpg)
© 2008 Intel Corporation
Intel® TXT The Front Door of Trusted Computing....
![Page 2: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/2.jpg)
Outlines Introduction to Intel® TXT TechnologyWhy it matters?Bad & Good ListArchitectural EnhancementsHow it works?Control PointsLCP Protection Use ModelsBenefitsMeeting the requirementsConclusion References
6 Mar 20122Intel ® TXT
Front Door of Trusted Computing …
![Page 3: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/3.jpg)
Introduction
Intel® TXT(Trusted eXecution Technology) Code named as LaGrande.
Provides Hardware-based Security enhancing the level of security (more useful for Business PCs)
Integrates new security features and capabilities into the processor, chipset and other platform components
3 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 4: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/4.jpg)
Why it matters?
Mechanism of Malwares may vary but they all seek to: 1. Corrupt Systems2. Disrupt Business3. Steal Data4. Seize control of Platforms
Traditional approaches by anti-viruses is to look for “known-bad” elements.
Intel® TXT provides “known good-focused” approach, that checks for malicious software before they are even launched.
4 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 5: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/5.jpg)
5
Move from bad list to good list
VMM V20
VMM V4
Hacked_V1
Corrupted_V2
OS3
OS4
VMM V1
VMM V2
OS1
OS2
Bad list
Reactive
Good list
Proactive
VMM V8
VMM V4
Hacked_V1
Corrupted_V2
OS3
OS4
VMM V3
VMM V4
Hacked_V1
Corrupted_V2
OS3
OS4
6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 6: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/6.jpg)
Strict control enables switch to
good list Identity Check
Accurate identity of software
Good List Requirements Good List Requirements
Integrity Check
Must provide ability to validate list integrity at time of policy
enforcement
Management of list must provide for multiple users and assurance of
list integrity
Control Enforce the list policy
6 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 7: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/7.jpg)
A number of system components’ functionalities as well as architecture is enhanced:
Processor: Provides for simultaneous support of the standard partition & one or more protected partitions.
Chipset: Provides protected channels to graphics h/w and i/o devices on
behalf of the protected partitions. Also provides interfaces to the TPM.
Keyboard & Mouse:Support encryption of keyboard and mouse input using a cryptographic key that is shared between the input device and the input manager for protected execution domain.
(contd..)
7
Architectural Enhancements
6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 8: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/8.jpg)
Graphics:Provides protected pathway between an application or software agent and the output display context(such as window object)
TPM(Trusted Platform Module):Hardware-based mechanism that stores cryptographic keys and other data related to Intel® TXT within the platform, also provides hardware support for the attestation process to confirm the successful invocation of the Intel TXT environment.
8 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 9: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/9.jpg)
Internal Components of a TPM
9 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 10: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/10.jpg)
How does it works?
10 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 11: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/11.jpg)
Creates a Measured Launch Environment(MLE) that enables accurate comparison of all critical elements of launch environment against known-good source.
Creates a cryptographically unique identifier for each approved launch-enabled component, and then provides hardware-based enforcement mechanisms to block the launch of code that does not match approved code.
Intel TXT provides:• Verified Launch (MLE)• Launch Control Policy (LCP)• Secret Protection • Attestation
11
How does it works? (contd..)
6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 12: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/12.jpg)
How does it works? (contd..)
12 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 13: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/13.jpg)
13
Control Points
Memory
SINIT ACM
MLE
MLE
MLE
Establish special environment
Load SINIT and MLE into memory
Invoke GETSEC [SENTER]
Load SINIT into ACEA
Validate SINIT digital signature
a Store SINIT identity in TPM
SINIT measures MLE in memory
CPU
ACEA
SINIT ACM
SINIT ACM
a Store MLE identity in TPM
aa
6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 14: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/14.jpg)
Control Points
Memory
SINIT ACM
MLE
MLE
MLE
Establish special environment
Load SINIT and MLE into memory
Invoke GETSEC [SENTER]
Load SINIT into ACEA
Validate SINIT digital signature
a Store SINIT identity in TPM
SINIT measures MLE in memory
CPU
ACEA
SINIT ACM
SINIT ACM
a Store MLE identity in TPM
aa
LCP
VMM1
VMM2
SINIT loads LCP
SINIT passes control to known MLE
14 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 15: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/15.jpg)
LCP Protection LCP Protection
15 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 16: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/16.jpg)
16 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 17: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/17.jpg)
Ensures Safe Migration between Hosts through Trustable Pools
17 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 18: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/18.jpg)
Benefits of Intel® TXT
Increased user confidence in their computing environment
More protection from malicious software
Improved protection of corporate information assets
Better confidentiality and integrity of sensitive information
18 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 19: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/19.jpg)
Identity
Control
Integrity
Software stack identity provided by SENTER measurement
Control of software stack provided by authenticated code enforcing a launch control policy set for the specific platform
Integrity of the launch control policy guaranteed by hash and TPM controls
Meeting The RequirementsMeeting The Requirements
19 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 20: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/20.jpg)
Safer Computing with Intel technologies
Pro
tecti
on
Cap
ab
ilit
ies
Time
Smart CardSmart Card
TPM (Trusted Platform Module)TPM (Trusted Platform Module)
Software-OnlySoftware-Only
Intel® Trusted Execution TechnologyIntel® Trusted Execution Technology
Execute DisableExecute Disable
Intel® Virtualization TechnologyIntel® Virtualization Technology
Future Technologies
Advancing Platform Protections
Intel® Active Management TechnologyIntel® Active Management Technology
20 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 21: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/21.jpg)
Conclusion
With Intel® TXT enabled solutions we can:
Address the increasing and evolving security threats across physical and virtual infrastructure.
Facilitate compliance with government and industry regulations and data protection standards.
Reduce malware-related support and remediation costs.
21 6 Mar 2012Intel ® TXT
Front Door of Trusted Computing …
![Page 22: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/22.jpg)
References Software Development Guide, Intel® TXT, pdf format, March 2011 White Paper, Intel® TXT Software, pdf format Technology Overview, Intel® TXT, pdf format http://en.wikipedia.org/wiki/Trusted_Execution_Technology http://www.youtube.com/watch?v=LsjXjDksU http://www.intel.com/content/www/us/en/data-security/security-overview-
general-technology.html http://www.intel.com/content/www/us/en/architecture-and-technology/
trusted-execution-technology/trusted-execution-technology-overview.html
http://www.intel.com/content/www/us/en/architecture-and-technology/trusted-execution-technology/malware-reduction-general-technology.html
Intel ® TXT
Front Door of Trusted Computing …22 6 Mar 2012
![Page 23: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/23.jpg)
16 Oct 2008 Front Door of Trusted Computing23
![Page 24: Intel Trusted eXecution Technology](https://reader034.vdocuments.site/reader034/viewer/2022050808/5537f0a5550346592f8b4664/html5/thumbnails/24.jpg)