Upload
clementine-fields
View
241
Download
2
Tags:
Embed Size (px)
Citation preview
EMB304EMB304Building Trustworthy Building Trustworthy Windows CE Embedded Windows CE Embedded Devices and ApplicationsDevices and Applications
Ganapathy RamanGanapathy RamanProgram ManagerProgram ManagerWindows CE Security TeamWindows CE Security TeamMicrosoft CorporationMicrosoft Corporation
MManagementanagementTToolsools
CCommunicationsommunications& & MMessagingessaging
Device Update Agent
Software Update Services
Live Communications Server
Exchange Server
Internet Security and Acceleration Server
Speech Server
Image Update
LLocation ocation SServiceservices
MMultimediaultimedia
MapPoint
DirectX
Windows Media
Visual Studio 2005DDevelopment evelopment TToolsools
MFC 8.0, ATL 8.0
Win32NNativeative
MManagedanaged
SServer erver SSideide
LLightweightightweight
RRelationalelationalSQL Server 2005 Express EditionEDB
DDa
taata
PPro
gra
mm
ing
ro
gra
mm
ing
MM
od
el
od
el
DDevice evice BBuilding uilding TToolsools
HHardware/ardware/DDriversrivers
Windows XP DDK
Windows Embedded Studio
Platform Builder
OEM/IHV SuppliedBSP
(ARM, SH4, MIPS)OEM Hardware and Standard Drivers
Standard PC Hardware and Drivers
SQL Server 2005SQL Server 2005 Mobile Edition
ASP.NET Mobile Controls ASP.NET
.NET Compact Framework .NET Framework
Microsoft Operations Manager
Systems Management Server
IntroductionIntroduction
Microsoft committed to helping you Microsoft committed to helping you meet your security goalsmeet your security goals
Secure DevicesSecure Devices
Secure ApplicationsSecure Applications
Demonstrate rich set of security Demonstrate rich set of security features features
Share best practices , processes, toolsShare best practices , processes, tools
Code Execution SecurityCode Execution Security
QuestionsQuestionsControl over code executionControl over code execution
Control over code rightsControl over code rights
AnswerAnswerWindows CE Trust ModelWindows CE Trust Model
Every exe/dll assigned trust levelEvery exe/dll assigned trust level
Trust levelTrust level0 – Don’t run0 – Don’t run
1 – Run normal (restricted rights)1 – Run normal (restricted rights)
2 – Run trusted 2 – Run trusted
Code Execution SecurityCode Execution Security
Normal mode (restricted rights)Normal mode (restricted rights)Protected registry keys (write)Protected registry keys (write)
Protected system filesProtected system files
Protected API’sProtected API’s
You can extend trusted boundaryYou can extend trusted boundary
How does OS determine trust level?How does OS determine trust level?It does not; You doIt does not; You do
Implement secure loaderImplement secure loaderTrust based on signaturesTrust based on signatures
Code Execution SecurityCode Execution Security
Code Execution SecurityCode Execution Security
SecretsSecrets
Storing secrets in software Storing secrets in software is DIFFICULTis DIFFICULT
It’s best to not store the secret itselfIt’s best to not store the secret itself
Think of key hierarchiesThink of key hierarchies
Leverage secure storage in hardwareLeverage secure storage in hardware
Whom are you protecting the secret from ?Whom are you protecting the secret from ?‘‘Normal’ processes on same deviceNormal’ processes on same device
Theft of offline storage (CF card)Theft of offline storage (CF card)
Communication networkCommunication network
UserUser
Data Protection API (DPAPI)Data Protection API (DPAPI)
APIAPICryptProtectDataCryptProtectData
CryptUnProtectDataCryptUnProtectData
Easy to useEasy to useDon’t have to create or manage keysDon’t have to create or manage keys
Highly leveraged by OS componentsHighly leveraged by OS components
Does not deal with storage Does not deal with storage
System flag supportSystem flag supportRestrict access to trusted codeRestrict access to trusted code
Can provide additional entropy (application Can provide additional entropy (application specific information)specific information)
Data Protection API (DPAPI)Data Protection API (DPAPI)
Data Protection APIData Protection API
Local Authentication – LASSLocal Authentication – LASS
Local Authentication Sub-System / Device Local Authentication Sub-System / Device LockLock
Applications can request user verification using Applications can request user verification using configured device locking mechanismconfigured device locking mechanism
Ability to set simple policies via registryAbility to set simple policies via registryPrompt if 5 minutes has expired since last successful Prompt if 5 minutes has expired since last successful authenticationauthentication
Modular Device Lock mechanism with support for Modular Device Lock mechanism with support for plug-insplug-ins
Password / PIN plug-inPassword / PIN plug-in
Smart Card plug-inSmart Card plug-in
Fingerprint plug-inFingerprint plug-in
Local AuthenticationLocal AuthenticationLASSLASS
Local AuthenticationLocal Authentication
Writing Secure CodeWriting Secure Code
General best practicesGeneral best practicesE.g.: Buffer overflowE.g.: Buffer overflowGood referenceGood reference
Writing Secure Code, Second EditionWriting Secure Code, Second EditionMichaelMichael Howard, David LeBlanc Howard, David LeBlanc
Windows CE specific best practicesWindows CE specific best practicesE.g.: Check trust level of callerE.g.: Check trust level of callerPlatform Builder Docs – Security Best practices Platform Builder Docs – Security Best practices section for each featuresection for each feature
Defect detection toolDefect detection toolPREFastPREFastDetect errors by static analysis Detect errors by static analysis
PREFast PREFast
Network AuthenticationNetwork Authentication
Credential ManagementCredential Management
Credential Manager (Credman)Credential Manager (Credman)Higher level abstraction Higher level abstraction Simplified managementSimplified managementImproved securityImproved securityBetter user experience thro sharingBetter user experience thro sharing
Credential CharacteristicsCredential CharacteristicsTypeType
Domain, Plaintext, Certificate, Custom Domain, Plaintext, Certificate, Custom TargetTarget
WebSiteA, WebSiteB, FileShareCWebSiteA, WebSiteB, FileShareCUserUserPasswordPasswordFlagsFlags
Sensitive (prompt user before read)Sensitive (prompt user before read)Trusted (only trusted callers can read)Trusted (only trusted callers can read)Persist in registry / memoryPersist in registry / memory
Credential ManagerCredential Manager
Credman + Credman + SSPI integrationSSPI integration
Credman + SSPI IntegrationCredman + SSPI Integration
Features We Looked AtFeatures We Looked At
Secure Loader (Trust model)Secure Loader (Trust model)
DPAPI (Secret protection)DPAPI (Secret protection)
LASS (Local Authentication)LASS (Local Authentication)
Tools (PREFast)Tools (PREFast)
SSPI (Network Authentication)SSPI (Network Authentication)
Credential Manager (User credentials)Credential Manager (User credentials)
More FeaturesMore Features
Cryptography - CAPI1.0Cryptography - CAPI1.03DES,AES,SHA,MD5,RSA3DES,AES,SHA,MD5,RSA
PKI - CAPI2.0PKI - CAPI2.0CertificatesCertificates
SmartcardsSmartcards2 Factor authentication2 Factor authentication
Secure HardwareSecure Hardware
Network securityNetwork securityIPSECIPSEC
VPN VPN
WirelessWireless
Component securityComponent securityWeb Server, Bluetooth etcWeb Server, Bluetooth etc
SummarySummary
Windows CE platform has a rich set of Windows CE platform has a rich set of security featuressecurity features
Microsoft committed to helping youMicrosoft committed to helping youBuild Secure DevicesBuild Secure Devices
Develop Secure ApplicationsDevelop Secure Applications
Talk to us. We love to hear from you.Talk to us. We love to hear from you.Speaker cabana – Next 3 hoursSpeaker cabana – Next 3 hours
Can setup informal meetings. If interested Can setup informal meetings. If interested mention in session feedback. mention in session feedback.
Related sessionsRelated sessions
EMB423 – Creating a trusted environment for EMB423 – Creating a trusted environment for windows CE 5.0windows CE 5.0
EMB320 – Windows CE 5.0 Boot Loader EMB320 – Windows CE 5.0 Boot Loader SecuritySecurity
CLI320 – Security and device configuration CLI320 – Security and device configuration for developers in windows mobilefor developers in windows mobile
ENT313 – Panel discussion : Inside windows ENT313 – Panel discussion : Inside windows mobile securitymobile security
ENT312 – Mobile security – Its not an ENT312 – Mobile security – Its not an oxymoronoxymoron
ENT315 – Windows mobile platform security ENT315 – Windows mobile platform security drilldown for the enterprisedrilldown for the enterprise
While At MEDC 2005…While At MEDC 2005…Fill outFill out an evaluation for this session an evaluation for this session
Randomly selected instant Randomly selected instant WINWIN prizes! prizes!
Use Use real technology in a labreal technology in a lab Instructor led Instructor led Reef E/FReef E/F & & Breakers LBreakers L
Self-paced Self-paced Reef B/CReef B/C
VisitVisit the Microsoft Product Pavilion the Microsoft Product Pavilion
in the Exhibit Hall in the Exhibit Hall Shorelines BShorelines B
After The Conference…After The Conference…
DevelopDevelop
BuildBuild
InstallInstall
BuildBuild
JoinJoin
InstallInstall
EnterEnter
JoinJoin
Full-featured trial versions of Windows CE Full-featured trial versions of Windows CE and/or Windows XP Embeddedand/or Windows XP Embedded
Cool stuff & tell us about it: Cool stuff & tell us about it: msdn.microsoft.com/embedded/community
Windows Embedded Partner Program:Windows Embedded Partner Program:www.mswep.com
Windows Mobile 5.0 Eval Kit including Windows Mobile 5.0 Eval Kit including Visual Studio 2005 Beta 2Visual Studio 2005 Beta 2
Mobile2Market Contest and win up to $25000: Mobile2Market Contest and win up to $25000: mobile2marketcontest.com
Microsoft Solutions Partner Program:Microsoft Solutions Partner Program:partner.microsoft.com
Tools & ResourcesTools & Resources
msdn.microsoft.com/msdn.microsoft.com/ embeddedembedded
microsoft.public.microsoft.public. windowsxp.embeddedwindowsxp.embedded windowsce.platbuilderwindowsce.platbuilder windowsce.embedded.vcwindowsce.embedded.vc
blogs.msdn.com/blogs.msdn.com/ mikehallmikehall
Windows CE 5.0 Eval KitWindows CE 5.0 Eval KitWindows XP Embedded Eval KitWindows XP Embedded Eval Kit
msdn.microsoft.com/msdn.microsoft.com/ mobilitymobility
microsoft.public.microsoft.public. pocketpc.developer pocketpc.developer smartphone.developer smartphone.developer dotnet.framework.compactframeworkdotnet.framework.compactframework
blogs.msdn.com/blogs.msdn.com/ windowsmobilewindowsmobile vsdteamvsdteam netcfteamnetcfteam
Windows Mobile 5.0 Eval KitWindows Mobile 5.0 Eval Kit
WebsitesWebsites
NewsgroupsNewsgroups
BlogsBlogs
ToolsTools
BuildBuild DevelopDevelop
Questions?Questions?
Ganapathy RamanGanapathy [email protected]@microsoft.com
© 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.