You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
172 lines
4.4 KiB
172 lines
4.4 KiB
\documentclass{beamer}
|
|
\usetheme{Madrid}
|
|
\usepackage{graphicx}
|
|
%\setbeamertemplate{footline}[frame number]
|
|
|
|
\title[What is Trusted Computing?]{What is Trusted Computing?}
|
|
\author{Ariel Segall \\ ariels@alum.mit.edu}
|
|
%\institute{\copyright MITRE Corporation 2012}
|
|
\date{Day 1\\ \bigskip Approved for Public Release: 12-2749. \\Distribution unlimited}
|
|
%\date{May 30, 2012}
|
|
|
|
\begin{document}
|
|
|
|
\begin{frame}
|
|
\maketitle
|
|
\end{frame}
|
|
|
|
\begin{frame}{License}
|
|
|
|
All materials are licensed under a Creative Commons ``Share Alike'' license.
|
|
\begin{itemize}
|
|
\item http://creativecommons.org/licenses/by-sa/3.0
|
|
\end{itemize}
|
|
\includegraphics[width=4in]{creativecommons.png}
|
|
\end{frame}
|
|
|
|
\begin{frame}{What is Trust?}
|
|
|
|
According to the Trusted Computing Group\footnote{We'll get to them shortly}:
|
|
|
|
\begin{center}
|
|
\textit{A trusted component is one which is predictable.}
|
|
\end{center}
|
|
|
|
\begin{itemize}
|
|
\item Trusted is not the same as good!
|
|
\begin{itemize}
|
|
\item But it gives us a foundation to build on
|
|
\end{itemize}
|
|
\item Two broad reasons to trust:
|
|
\begin{itemize}
|
|
\item Reliable evidence \onslide<2->{\textit{Attestation}}
|
|
\item Out-of-band assumptions/No choice! \onslide<2->{\textit{Root of Trust}}
|
|
\end{itemize}
|
|
\end{itemize}
|
|
|
|
\end{frame}
|
|
|
|
|
|
\begin{frame}{What is Trusted Computing?}
|
|
|
|
\begin{itemize}
|
|
\item Not a precise term
|
|
\item Generally, refers to systems that use hardware to provide security support to software
|
|
\begin{itemize}
|
|
\item Today: Trusted Platform Modules (TPMs); processors with secure modes (TXT,SVM)
|
|
\item Future: Mobile Trusted Modules (MTMs)
|
|
\end{itemize}
|
|
\item Also covers infrastructure relying on above
|
|
\begin{itemize}
|
|
\item Software applications
|
|
\item Network Access Control (NAC)
|
|
\item Secure storage devices
|
|
\item etc...
|
|
\end{itemize}
|
|
|
|
\end{itemize}
|
|
|
|
\medskip
|
|
|
|
%\begin{center}
|
|
Goal: build trust in entire system for some purpose
|
|
%\end{center}
|
|
\end{frame}
|
|
|
|
\begin{frame}{The Grand Trusted Computing Vision}
|
|
|
|
\begin{itemize}
|
|
\item Before logging into a computer, I know it's good.
|
|
\item Machines that aren't up-to-date are routed to a DMZ to perform
|
|
updates before connecting to the network.
|
|
\item Servers can confirm exactly which machines they're talking to
|
|
and whether they're running good software before providing sensitive
|
|
data.
|
|
\item All of my data, including secret keys, are protected by
|
|
hardware and cannot be stolen over the network.
|
|
\end{itemize}
|
|
|
|
We're not there yet, but we're moving in the right direction.
|
|
\end{frame}
|
|
|
|
|
|
\begin{frame}{A High-Level Workstation View}
|
|
|
|
\includegraphics[width=4in]{trusted-basics}
|
|
|
|
\end{frame}
|
|
|
|
|
|
\begin{frame}{Trusted NAC From 50,000 Feet}
|
|
|
|
\includegraphics[width=4in]{tnc-highlevel}
|
|
|
|
%aka ``Trusted Network Connect''
|
|
\end{frame}
|
|
|
|
|
|
\begin{frame}{The Trusted Computing Group (TCG)}
|
|
|
|
\begin{itemize}
|
|
\item Industry (mostly) consortium
|
|
\item Defining standards for trusted computing
|
|
\item Layered vision: starting from hardware, moving up to applications
|
|
\item Workgroups focused on particular subsets of the problem; e.g:
|
|
\begin{itemize}
|
|
\item Technological: TPM, Mobile Solutions
|
|
\item Interoperability: Infrastructure, Trusted Network Connect
|
|
\item Use cases: Server, Trusted Multi-Tenant Infrastructure
|
|
\end{itemize}
|
|
\item www.trustedcomputinggroup.org
|
|
\item Formerly the Trusted Computing Platform Alliance (TCPA)
|
|
\end{itemize}
|
|
|
|
Most technologies in this area are defined by or with the TCG.
|
|
|
|
\end{frame}
|
|
|
|
\begin{frame}{Why the TCG Matters}
|
|
|
|
Sometimes we trust because we have no choice!
|
|
\begin{itemize}
|
|
\item TCG standards help define which components we must trust
|
|
\item Standards can be evaluated to determine if we \emph{should} trust
|
|
\item TCG has compliance programs
|
|
\begin{itemize}
|
|
\item Not government C&A, but better than nothing
|
|
\end{itemize}
|
|
\item Give us a foundation on which to build
|
|
\end{itemize}
|
|
|
|
Unfortunately, not very good at communicating with users.
|
|
|
|
\end{frame}
|
|
|
|
\begin{frame}{Trusted Computing Topics in This Class}
|
|
|
|
\begin{itemize}
|
|
\item Trusted Platform Modules
|
|
\begin{itemize}
|
|
\item The foundation most of the rest is built on
|
|
\item Most of the technical meat of this class
|
|
\end{itemize}
|
|
\item Roots of Trust for Measurement
|
|
\begin{itemize}
|
|
\item With the TPM, what allow us to verify machine state
|
|
\item Two kinds: static (BIOS) and dynamic (CPU)
|
|
\end{itemize}
|
|
\item Trusted Network Connect
|
|
\begin{itemize}
|
|
\item NAC protocol with trusted computing support
|
|
\end{itemize}
|
|
\item Not covered in detail:
|
|
\begin{itemize}
|
|
\item Storage: Too specialized
|
|
\item Most infrastructure protocols: Too many!
|
|
\end{itemize}
|
|
\end{itemize}
|
|
|
|
|
|
\end{frame}
|
|
|
|
\end{document}
|
|
|