BATTLE OF SKM AND IUM

Recommendations

Info

THREE KEY VBS FEATURES BEING INTRODUCED • Device Guard [ref: RSA 2015 Microsoft Presentation] • Device Guard allows enterprises to strictly control the execution of everything from PowerShell scripts, to usermode DLLs and executables, to kernel-mode drivers – can even include anonymous executable memory • Credential Guard [ref: BlackHat 2015 Microsoft Presentation] • Credential Guard allows cryptographic secrets (normally owned by LSA, the Local Security Authority) to be kept in memory that cannot be read from anyone on the machine, regardless of privilege level or even hardware access • Guarded Fabric and vTPM (Virtual TPM) [ref: Microsoft Ignite 2015 Presentation] • vTPM allows using BitLocker to function on Virtual Machines and to keep data encrypted at all times • Shielded VMs leverage vTPM and other security features to make memory owned by the VM invisible to Host
ENABLING VBS
Page 1 and 2: BATTLE OF SKM AND IUM HOW WINDOWS 1
Page 3 and 4: PRESENTATION OVERVIEW • Microsoft
Page 5: VBS FEATURES IN WINDOWS 10 / SERVER
Page 9 and 10: HOW DOES IT ALL WORK? • Hyperviso
Page 11 and 12: SEPARATION OF ROLES • Instead of
Page 13 and 14: PLATFORM REQUIREMENTS • The Boot
Page 15 and 16: HARD CODE GUARANTEES • When hard
Page 17 and 18: VIRTUAL SECURE MODE (VSM) BOOTSTRAP
Page 19 and 20: SKM LAUNCH • To initialize VTL 1,
Page 21 and 22: BCD VSM POLICY OPTIONS • The poli
Page 23 and 24: SKM INTERNALS
Page 25 and 26: SKM STRUCTURES • SKM has a PCR at
Page 27 and 28: SKM CAPABILITIES • The SkCapabili
Page 29 and 30: SECURE MODE CALLS • Secure Mode C
Page 31 and 32: SPECIALIZED SECURE MORE SERVICE CAL
Page 33 and 34: NORMAL MODE SERVICE CALLS • SK ne
Page 35 and 36: IUM INTERNALS
Page 37 and 38: SECURE SYSTEM CALLS • SKM exposes
Page 39 and 40: SECURE BASE API • Trustlets shoul
Page 41 and 42: NOTABLY MISSING… • Trustlets ca
Page 43 and 44: NORMAL MODE SYSTEM CALL PROXYING Th
Page 45 and 46: LAUNCHING A TRUSTLET • Process At
Page 47 and 48: EXAMPLE IUM-COMPLIANT SIGNED BINARY
Page 49 and 50: TRUSTLET INSTANCE GUID • Trustlet
Page 51 and 52: LSA TRUSTLET • One of the two inb
Page 53 and 54: LOADING A TRUSTLET • Ldr, or the
Page 55 and 56: TRUSTLET TO NORMAL WORLD COMMUNICAT
Page 57 and 58:
CAN WE BUILD OUR OWN TRUSTLETS? •
Page 59 and 60:
CONCLUSION RISKS AND THOUGHTS
Page 61 and 62:
SECURE KERNEL COMPLEXITY / ATTACK S
Page 63 and 64:
VSM WITHOUT SECUREBOOT • What’s
Page 65:
YOU HAVE QUESTIONS? I HOPEFULLY HAV
show all

BATTLE OF SKM AND IUM

Create successful ePaper yourself

Delete template?

Save as template?