Doug Cavit Chief Security Strategist Trustworthy Computing

Life in the Fast Lane orCreating a more trustworthy Internet

Doug CavitChief Security StrategistTrustworthy Computing

© 2008 Microsoft Corporation

Users must be empowered to make informed trust decisions (including accepting the risks of anonymity)Strong identity claims and reputation must be available to enhance security, privacy, and trustBetter accountability must be created to deter crime and facilitate responses

The Internet RevolutionBeneficial change

Social: Enabling a global village Economic: Easier, faster, cheaper commercePolitical: Freer exchange of ideas

Undesirable changeLoss of data subject control over informationRise in identity theftTargeted attacks against businesses & governmentsIncreases in other types of online and tech-facilitated crimes

Now required: End to End Trust


Threat Trends

Hardware

O/S

Drivers

Applications

GUI

User

Physical

Examples• Spyware• Rootkits• Application

attacks• Phishing/Social

engineering

Attacks Getting More SophisticatedTraditional defenses are inadequate

National Interest

Personal Gain

Personal Fame

Curiosity

Amateur Expert Specialist

Largest area by volume

Largest area by $ lost

Script-Kiddy

Largest segment by

$ spent on defense

Fastest growing segment

AuthorVandal

Thief

Spy

Trespasser

Crime On The Rise

mainframe

client/server

Internet

mobility

B2E B2C

B2B

Pre-1980s

1980s 1990s 2000s

Nu

mb

er

of

Dig

ital

IDs

Exponential Growth of IDsIdentity and access management challenging

Trojan

Downl

oade

r/Dro

pper

Expl

oit

Wor

m

Keylog

gers

&c

Back

door

Viru

s

Root

kit

0

40,000

80,000

120,000

160,000

Increasingly Sophisticated MalwareAnti-malware alone is not sufficient

Number of variants from over 7,000 malware families (1H07)

Source: Microsoft Security Intelligence Report (January – June 2007)


Security Privacy Reliability

BusinessPractices

Secure against attacksProtects confidentiality, integrity & availability of data & systemsManageable

Protects from unwanted communication Controls for informational privacyProducts, online services adhere to fair information principles

Dependable, AvailablePredictable, consistent responsive serviceMaintainable Resilient, works despite changesRecoverable, easily restoredProven, ready

Commitment to customer-centric InteroperabilityRecognized industry leader, world-class partner Open, transparent

Launched in January 2002A Microsoft company-wide mandate

Trustworthy Computing

Microsoft's Commitment to TwC


Security Development Lifecycle Security Response Center Better Updates And Tools

Security Fundamentals


Security And Privacy Progress

Microsoft Security Response Center (MSRC)

Microsoft Malware Protection Center (MMPC)

Windows Live OneCare and Forefront Client Security, powered by the Microsoft Malware Protection Center

SPAM (Sender ID, Phishing Filters)

Network Access Protection (NAP/NAC)

Security Development Lifecycle process

Engineered for security

Design threat modeling

SD3:

Secure by Design

Secure by Default

Secure In Deployment

Automated patching and update services

SDL and SD3

Malware Example

Consumer Education

Laws

Firewalls

Antivirus Products

Antispyware Products

Malicious Software Removal Tool

Memory Management (ASLR)

Law Enforcement

Defense in Depth ThreatMitigation


Building a Trusted Stack

“I+4A”

Trusted Hardware

SecureFoundation

Core Security Components

Identity ClaimsAuthentication

AuthorizationAccess Control

MechanismsAudit

Trusted PeopleTrustedStack

Trusted Data

Trusted Software

INTEGRATED PROTECTION

SDL and SD3

Defensein Depth

ThreatMitigation


Trust decisions …are not binary

may change as circumstances change

are auditable

may be rolled back if bad

Effective trust decisions must Be based on a trusted stack

Balance privacy, security & risk

Be easy and informed

Made automatically where possible

Can people protect themselves and their family as they can in the physical world?

Making Effective Trust Decisions

Trusted People

Trusted Software

Trusted Hardware

Trusted Data

privacy security


Building AlignmentSuccessful end-to-end trust needs solutions aligned with

Societal valuesMarket forcesRegulatory environment

These ideas, raised by many before, have not been implemented, in part because of misalignmentWe must come together to change the status quo, and find ways to address international barriers to implementation


BenefitsReduce types and severity of threats (e.g., de-value PII and reduce ID Theft)

Create accountability for online crime

Enable greater, safer personal Internet usage

Enter new markets, expand Internet presence, and collaborate with partners and customers while reducing costs and risks

Improve public safety and national security efforts, including disaster response (e.g., priority routing)


TwC – a good foundation

Vulnerabilities greatly reduced but will never be zero

Defense in Depth limits damage but cannot eliminate successful attacks

Disabled features only protects against misuse of unused features

For-profit crime is driving increasingly sophisticated attacks

Enterprises can secure intranets,

Internet not yet safe

TwC for the Internet

People would do more online if they felt safer

TwC for the Internet

Users need to be able to assess risks

connecting to sitesusing softwareinteracting with people

Users need assurance of security & privacy

Identity claims when required need to be provable

Users need to be able to choose to be anonymous

Too hard to know if a computer should be trusted

Not possible to prove claims of identity beyond the intranet

Porous enterprise boundaries make suspicious activity harder to detect

Users need informed control of their computing experience

Users need a simple way to make trust decisions on sites, software & data

Bad actors like online criminals should be held accountable for their actions, which harm security and privacy

Requires broad industry, government and citizen collaboration


Establishing End to End Trust

Core Security Components

Trust Founded on “Identity Claims,” not

Identity

Trusted Stack Protecting Privacy

Needed for a trusted stack

HW, SW, people & data validationRobust trust modelInformed decisions based on integrity & reputation

Scalable across all user scenarios

Identity Claims

Authentication

Authorization Policies

Access Control Mechanisms

Audit

Authenticate users on certified attributes

In-person proofing

Protects identity, reveals only data required to be

AuthenticatedAuthorized for Access

Actions auditable, and privacy protected

Stolen identity claim insufficient to cause data breach or ID loss

Users should be able to control their PII

Anonymity should be protected in appropriate contexts as a key social value, and clear to all parties

People

SoftwareHardwar

e

Data


End To End TrustEconomic Forces

SocialRequirementsPolitical/

Legislative

Core Security

Components

Trusted Stack

Secure Foundation SDL and

SD3Defensein Depth

ThreatMitigatio

n

“I+4A”

Identity ClaimsAuthentication

AuthorizationAccess Control Mechanisms

Audit

Trusted Data

Trusted People

Trusted Software

Trusted Hardware

Integrated Protection


Imagine If We Had…Safe electronic playgrounds for children

Secure and easy electronic commerce with minimal identity theft

Trustworthy systems and connections with user control

Far less need to disclose personally identifiable information

A more secure infrastructure able to respond in real-time to developing threats


© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the

date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


Appendix

Unused Slides for Scott’s standard keynote


Next Steps

We need a broad dialogue on

Technology Innovations Economic Forces Political Standards Social Change

www.microsoft.com/endtoendtrust


Return to Some Scenarios

Safe electronic playgrounds for children

Secure and easy electronic commerce with minimal identity theft

Trustworthy systems and connections with user control

Far less need to disclose personally identifiable information

A more secure infrastructure able to respond in real-time to developing threats

Documents

Doug Cavit Chief Security Strategist Trustworthy Computing