\documentclass{beamer} \usetheme{Madrid} \usepackage{graphicx} %\setbeamertemplate{footline}[frame number] \title[What is Trusted Computing?]{What is Trusted Computing?} \author{Ariel Segall \\ ariels@alum.mit.edu} %\institute{\copyright MITRE Corporation 2012} \date{Day 1\\ \bigskip Approved for Public Release: 12-2749. \\Distribution unlimited} %\date{May 30, 2012} \begin{document} \begin{frame} \maketitle \end{frame} \begin{frame}{License} All materials are licensed under a Creative Commons ``Share Alike'' license. \begin{itemize} \item http://creativecommons.org/licenses/by-sa/3.0 \end{itemize} \includegraphics[width=4in]{creativecommons.png} \end{frame} \begin{frame}{What is Trust?} According to the Trusted Computing Group\footnote{We'll get to them shortly}: \begin{center} \textit{A trusted component is one which is predictable.} \end{center} \begin{itemize} \item Trusted is not the same as good! \begin{itemize} \item But it gives us a foundation to build on \end{itemize} \item Two broad reasons to trust: \begin{itemize} \item Reliable evidence \onslide<2->{\textit{Attestation}} \item Out-of-band assumptions/No choice! \onslide<2->{\textit{Root of Trust}} \end{itemize} \end{itemize} \end{frame} \begin{frame}{What is Trusted Computing?} \begin{itemize} \item Not a precise term \item Generally, refers to systems that use hardware to provide security support to software \begin{itemize} \item Today: Trusted Platform Modules (TPMs); processors with secure modes (TXT,SVM) \item Future: Mobile Trusted Modules (MTMs) \end{itemize} \item Also covers infrastructure relying on above \begin{itemize} \item Software applications \item Network Access Control (NAC) \item Secure storage devices \item etc... \end{itemize} \end{itemize} \medskip %\begin{center} Goal: build trust in entire system for some purpose %\end{center} \end{frame} \begin{frame}{The Grand Trusted Computing Vision} \begin{itemize} \item Before logging into a computer, I know it's good. \item Machines that aren't up-to-date are routed to a DMZ to perform updates before connecting to the network. \item Servers can confirm exactly which machines they're talking to and whether they're running good software before providing sensitive data. \item All of my data, including secret keys, are protected by hardware and cannot be stolen over the network. \end{itemize} We're not there yet, but we're moving in the right direction. \end{frame} \begin{frame}{A High-Level Workstation View} \includegraphics[width=4in]{trusted-basics} \end{frame} \begin{frame}{Trusted NAC From 50,000 Feet} \includegraphics[width=4in]{tnc-highlevel} %aka ``Trusted Network Connect'' \end{frame} \begin{frame}{The Trusted Computing Group (TCG)} \begin{itemize} \item Industry (mostly) consortium \item Defining standards for trusted computing \item Layered vision: starting from hardware, moving up to applications \item Workgroups focused on particular subsets of the problem; e.g: \begin{itemize} \item Technological: TPM, Mobile Solutions \item Interoperability: Infrastructure, Trusted Network Connect \item Use cases: Server, Trusted Multi-Tenant Infrastructure \end{itemize} \item www.trustedcomputinggroup.org \item Formerly the Trusted Computing Platform Alliance (TCPA) \end{itemize} Most technologies in this area are defined by or with the TCG. \end{frame} \begin{frame}{Why the TCG Matters} Sometimes we trust because we have no choice! \begin{itemize} \item TCG standards help define which components we must trust \item Standards can be evaluated to determine if we \emph{should} trust \item TCG has compliance programs \begin{itemize} \item Not government C&A, but better than nothing \end{itemize} \item Give us a foundation on which to build \end{itemize} Unfortunately, not very good at communicating with users. \end{frame} \begin{frame}{Trusted Computing Topics in This Class} \begin{itemize} \item Trusted Platform Modules \begin{itemize} \item The foundation most of the rest is built on \item Most of the technical meat of this class \end{itemize} \item Roots of Trust for Measurement \begin{itemize} \item With the TPM, what allow us to verify machine state \item Two kinds: static (BIOS) and dynamic (CPU) \end{itemize} \item Trusted Network Connect \begin{itemize} \item NAC protocol with trusted computing support \end{itemize} \item Not covered in detail: \begin{itemize} \item Storage: Too specialized \item Most infrastructure protocols: Too many! \end{itemize} \end{itemize} \end{frame} \end{document}