Post on 18-Nov-2014
description
transcript
© 2012 IBM CorporationIBM Secure Enterprise Desktop
IBM Secure Enterprise Desktop –An enterprise application of the IBM ZTIC
Dr. Michael Baentsch, Dr. Paolo Scotton, IBM Research – Zurich
IBM Secure Enterprise Desktop
All Internet connected devices are (and will remain) under attack …
– Attack vectors (selection)• Spam (mail): “Click-and-be-doomed”• Some “free helper tools”• “popular” websites (porn, warez, etc.): “Drive-by infection”
• Google-found websites
– Sample attack method (beyond traditional vulnerability + standard API exploits)• APEG (Automatic Patch-based exploit generation)
– Attack goals (selection)• Get at company secrets (SpearPhishing, Advanced Persistent Threats and beyond)• Log company communication in real-time• Find out about customer’s customers
– Attack professionalism• Very high and rising (task “outsourcing”, physical “enforcement” the norm)• To some accounts, e-crime is already more profitable than drug trafficking
Secure Enterprise Desktop: Core problem addressed
IBM Secure Enterprise Desktop
Authentication: Main Attack classes
Fakeserver
ServerServer
login:
Fake server
Malicioussoftware (MSW)
Spoofed email (phishing)
LinkCredentials
Trojan horse virus
Credentials
Man-in-the-middle (MITM)
Impersonation at any time
Impersonation whilegenuine client connects
Impersonatio
n at any tim
e /
During genuine tra
nsaction
Fakeclient
Man-in-the-browser (MITB)
IBM Secure Enterprise Desktop
You cannot trust the PC (tablet, smart phone, etc.) display – nor any SW.
You need separate protection – crypto & I/O HW outside the PC.
Based on some “trust anchor” – ideally a mobile one.
Secure Enterprise Desktop: So what?
IBM Secure Enterprise Desktop
classicZTIC concept: How it works (high-level)
1: User approaches any appliance with USB port and inserts ZTIC
TLS Proxy
2: ZTIC initiates connection to server (automatically via auto-run or after user clicks on ZTIC icon)
TLS Server Connection
3: ZTIC establishes TLS connection to server
(incl. automatic certificate check and possibly, using client authentication)
4: Server validates authenticity
(using existing authentication protocols like EMV CAP or via PKI/SSL client authentication)
IBM Secure Enterprise Desktop
Approaches to Desktop Security
� Corporate-issue PCs: Machines are custom-installed and centrally managed.
Challenges: limited choice of machines; cost for dedicated hardware; zero-day exploits; mobility
� Trusted Platform Modules, Smart Cards, etc: Security hardware protecting system software
Challenges: Without I/O, user cannot ascertain what’s happening; mobility
� Secure Execution Environments: Software controlling applications executing
Challenges: Size & origin of software; can software be protected by software?
� Secure boot stick: user carries a secure OS to boot from on a USB stick
Challenges: maintenance of OS; no central control; no user credential control
� Virtualization: adding an access & security control layer for all resources
Challenges: host-OS security; installation; performance/scalability
IBM Secure Enterprise Desktop
IBM Secure Enterprise Desktop: Design Goals
� Protect against “State of the Art” Attacks (esp. Malware & Man-in-the-Middle)– Do not rely on PC or smart phone for input or output of critical data
� Do not require the installation of additional software– No device drivers (no new user/support center hassles)– Work on as many platforms as possible
� Do not interfere with existing protection technologies– VPNs, Firewalls, Virus scanners, etc.
� Be easy-to-use– Do not create performance penalties– Use “familiar” device/interaction pattern � mobility
� Be easy-to-administrate & integrate– Require minimal server changes
• Re-use existing authentication protocols, e.g., CAP, PKI/SSL client-authentication
– Allow for “fool-proof” device maintenance
IBM Secure Enterprise Desktop
Secure Enterprise Desktop: Goal
IBM Secure Enterprise Desktop
Secure Enterprise Desktop: Basic Concept ‘Bring-Your-Own’
IBM Secure Enterprise Desktop
Secure Enterprise Desktop: Core technologies
Secure Enterprise Desktop
ZTICImage Management
Provisioning
• Image backup• Image composition• Image maintenance
• Security• Authentication• Key storage
• Streaming technology• Significant OS experience
IBM Secure Enterprise Desktop
Secure Enterprise Desktop: Architecture
Hypervisor allows SED…� …to be hardware agnostic: hardware support delegated to the hypervisor� …to implement specialized drivers without changing the user image� …run multiple images on the same client
IBM Secure Enterprise Desktop
Secure Enterprise Desktop: Usage view
IBM Secure Enterprise Desktop
Secure Enterprise Desktop: Key Differentiators
� VM + OS provisioning is server-controlled via trusted channel– ZTIC establishes basic trust level and pulls disk-keys & software via SSL– Future extension: Build VPN support into low-level drivers + ZTIC
� No need for or reliance on pre-installed software– ZTIC possession is sufficient to get started � boot off empty/’bare metal’ machines– All OS & user data is streamed as needed � Fast start-up time on empty machines– Local machine used as ‘cache’ � scalability from overall system perspective
� Constant ‘backup’ when online– Offline operation also possible (e.g., when traveling)– All local data encrypted via ZTIC and mirrored back when online again
� User credentials handled outside of PC– Protection even against hacked BIOS’– Smart card support without need for drivers
IBM Secure Enterprise Desktop
Secure Enterprise Desktop: Next steps for 2012
� IBM internal pilot operation
� Introduction of standard/’out-of-the-box’ usage scenarios
� Pilot deployment at lead customers
� Integration with IBM standard offerings
IBM Secure Enterprise Desktop
Questions?
� http://www.zurich.ibm.com/secure-ed
� eztic@zurich.ibm.com
� YouTube: http://www.youtube.com/watch?v=mPZrkeHMDJ8
� Michael Baentsch (mib@zurich.ibm.com; +41 44 724 8620)
� Paolo Scotton (psc@zurich.ibm.com; +41 44 724 8948)