Upload
marilynn-terry
View
303
Download
17
Tags:
Embed Size (px)
Citation preview
AMD PLATFORM SECURITY PROCESSORARVIND CHANDRASEKAR
DIRECTOR – AMD
2| BRIEFING TO INDIAN ARMY| CONFIDENTIAL
SECURITY LANDSCAPE – TODAY IN THE CYBERSPACE
India ranks high in the list of countries targeted. India is rated number 2 in the attacks on mobile devices – Kapersky report.
Number of Web sites being hacked on the increase from vested interests. Government owned websites are specifically targeted. Cross-border cyber attacks on the rise.
Military installations are now targeted directly due to the sensitive nature of data available.
Increased usage of Social Media due to young demographic work force in the country. Increasing usage of Cloud for data storage by individuals and enterprises. Lower costs
driving storage on the interweb. Weakness in the human element involved in the security loop. Lack of password
control.
UNSECURED OBJECTS - THE WEAKEST LINK
3| BRIEFING TO INDIAN ARMY| CONFIDENTIAL
TODAY’S SECURITY CHALLENGES
Mobility (seamless client to cloud)‒ More devices and data per person,
centralized data repositories, subsidized platforms, controlled user experience, metering/licensing, consumer data protection
Consumerization of IT (BYOD)‒ Personally owned devices employed in
enterprise environments, protection of corporate information, address regulation and compliance requirements
2010 20200
5
10
15
20
25Internet-Connected Devices Per Person
Internet Connected Devices (Bil-lions)World Population (Billions)
Source: IMS research report;World population estimates
0.7 devices per person
2.9 devices per person
“A recent survey completed by Gartner indicates that CIOs fully expect to support up to three mobile operating systems by 2012 and that 20% of devices will be employee-owned by that year.“ Source http://softwarestrategiesblog.com/category/platform-as-a-service/
4| BRIEFING TO INDIAN ARMY| CONFIDENTIAL
TODAY’S SECURITY CHALLENGES
Cloud computing (separation & transparency)
‒ Multi-tenancy and lack of control, with Governance, Risk & Compliance driving separation technologies and the need for transparency and accountability in the cloud to support mission critical workloads
Advanced Persistent Threats (APTs)‒ Advanced and normally clandestine means
to gain continual, persistent intelligence on an individual, or group of individuals such as a foreign nation state government
• Operation Aurora on Google• Stuxnet worm targeting Iranian nuclear sites• Night Dragon targeting energy companies• Flame targeting PCs in the Middle East
5| BRIEFING TO INDIAN ARMY| CONFIDENTIAL
Security starts at the root of a system‒ Anything short of that allows an attacker to
interpose the bootstrap process and enables BIOS/firmware viruses and other Advanced Persistent Threats (APTs)
Security needs to be anchored within the hardware so that it cannot be circumvented
Security needs to be an active and dynamic component of the system‒ Security functions change over time or per
market segment (e.g. consumer, commercial or Cloud servers)
‒ You should be able to add security functions to your platform at manufacturing time, install time or even later
SECURITY STARTS IN HARDWARE
6| BRIEFING TO INDIAN ARMY| CONFIDENTIAL
THE SECURITY ECOSYSTEM TODAY IS FRAGMENTED
Difficult for a security ISVs to anchor their solutions in hardware
Partial solutions exists for different operating systems but depend on many complex layers
The hardware ecosystem is very fragmented with many proprietary solutions
These proprietary solutions rarely allow ISV extensions
We need more flexible solutions …
7| BRIEFING TO INDIAN ARMY| CONFIDENTIAL
AMD ADOPTING ARM TRUSTZONE
Relationship between ARM & AMD‒ AMD is adding an ARM embedded microcontroller with ARM TrustZone technology to some of its
SOCs as a security foundation
This is designed to provide a consistent security foundation that is beneficial for whole-system security and end-to-end protection across heterogeneous environments
‒ Shared goal of promoting hardware, software, and services ecosystem based on ARM TrustZone technology
What does this mean for the industry?‒ AMD and ARM together provide scale and breadth of products‒ Broad ecosystem based on adoption of TrustZone technology and open industry-standards across
all types of computing platforms
8| BRIEFING TO INDIAN ARMY| CONFIDENTIAL
THE TRUSTZONE ECOSYSTEM
The TrustZone ecosystem is based on open industry standards such as GlobalPlatform‒ Standard APIs to security services, certification
programs, and protection profiles‒ Proven secure isolation kernels exists such as
those produced by Trusted Logic Mobility/Gemalto (now Trustonic)
Enables ISVs to develop secure applications and be portable across a wide range of solutions
AMD’s security technology maintains portability, even at the application binary interface (ABI) level, for trusted applications
Different security solutions for alternate segments‒ E.g., Consumer: mobile payments, password
vaults, anti-malware, content protection‒ E.g., Commercial: asset protection, document
control, bring-your-own-device protection
Hardware Platform
Rich OS Application Environment
Rich OS
GlobalPlatformTEE Client API
Trusted Execution Environment
Trusted CoreEnvironment
GlobalPlatformTEEInternalAPI
TrustedFunctions
Payment Corporate
GlobalPlatformTEE Functional APIThe image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.GlobalPlatform
TEE Functional API
Client Applications
GlobalPlatform TEE Client API
TrustedApplication
DRM
TrustedApplication
Payment
TrustedApplicationCorporate
HW Keys, Secure Storage,Trusted UI (Keypad, Screen),
Crypto accelerators,NFC controller,
Secure Element, etc.
HW SecureResources
EnvironmentTrusted Core Trusted
Functions
GlobalPlatformTEE Internal
TEE Kernel
API
Source: GlobalPlatform
9| BRIEFING TO INDIAN ARMY| CONFIDENTIAL
AMD’S SECURITY FEATURE ROADMAP
CoreSecurity
Secure PlatformEnablement
Today 2014 2015
Trusted Platform Moduleand
Secure Kernel Initalization
Virtualization extensionsand
2nd gen. I/O Virtualization
AES Instructions
Platform Security Processor with fixed security
functions introduction
Cryptography acceleration for AES, RSA, ECC, SHA,
TRNG
Secure boot capabilities
Platform Security Processor enabled on all 2015 APUs
TrustZone ecosystem enablement
Identity protection, anti-theft, etc. in hardware
Secure PlatformDeployment
10| BRIEFING TO INDIAN ARMY| CONFIDENTIAL
Platform Security Foundational support‒ Trusted Execution Environment‒ Secure boot‒ Cryptographic acceleration‒ TPM functionality
Client solutions enablement‒ 3rd party solutions – e.g., payments, anti-theft,
identity management, data protection, anti-malware, content protection, bring-your-own-device
End-to-end / client-to-cloud‒ 3rd party solutions – e.g., vertical solutions, policy
enforcement, integrity monitoring, audit & asset management, virtual HSM
PLATFORM SECURITY PROCESSOR USE CASES
Platform Security Processor HW
Boot ROM code (HW)
Security kernel
Secure boot TPM 2.0
Client-targeted solutions(e.g., mobile payments, data protection,
identity mgmt., antimalware, content)
End-to-end / client-to-cloud (e.g., policy enforcement, integrity monitoring,
asset mgmt., virtual HSM)
Crypto handlers
Platform Differentiation
TEE Baseline
11| BRIEFING TO INDIAN ARMY| CONFIDENTIAL
SUMMARY
Changes in the landscape are prompting changes on both sides, attackers and security layers.
Mobility & consumerisation of IT have led to many open/unsecured interfaces to the network which can be leveraged maliciously.
Clouds leading to interconnected storage allow for loopholes which may be exploited if not secured.
The largest share of issues stem from the lack of secure operating environments.
AMD is deploying Trustzone on some of its SoC to build a stronger security foundation at a micro-processor level.
It is always easier to stem attacks at the Physical layer than at the Application Layer (OSI).
For the first time a hardware based mass-market solution will be available for Cybersecurity based Trusted Execution Environments.
12| BRIEFING TO INDIAN ARMY| CONFIDENTIAL
DISCLAIMER & ATTRIBUTION
The information presented in this document is for informational purposes only and may contain technical inaccuracies, omissions and typographical errors.
The information contained herein is subject to change and may be rendered inaccurate for many reasons, including but not limited to product and roadmap changes, component and motherboard version changes, new model and/or product releases, product differences between differing manufacturers, software changes, BIOS flashes, firmware upgrades, or the like. AMD assumes no obligation to update or otherwise correct or revise this information. However, AMD reserves the right to revise this information and to make changes from time to time to the content hereof without obligation of AMD to notify any person of such revisions or changes.
AMD MAKES NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE CONTENTS HEREOF AND ASSUMES NO RESPONSIBILITY FOR ANY INACCURACIES, ERRORS OR OMISSIONS THAT MAY APPEAR IN THIS INFORMATION.
AMD SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE. IN NO EVENT WILL AMD BE LIABLE TO ANY PERSON FOR ANY DIRECT, INDIRECT, SPECIAL OR OTHER CONSEQUENTIAL DAMAGES ARISING FROM THE USE OF ANY INFORMATION CONTAINED HEREIN, EVEN IF AMD IS EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
ATTRIBUTION
© 2014 Advanced Micro Devices, Inc. All rights reserved. AMD, the AMD Arrow logo and combinations thereof are trademarks of Advanced Micro Devices, Inc. in the United States and/or other jurisdictions. SPEC is a registered trademark of the Standard Performance Evaluation Corporation (SPEC). Other names are for informational purposes only and may be trademarks of their respective owners.
THANK YOU
THANK YOUARVIND CHANDRASEKAR