190 likes | 503 Views
Life in the Fast Lane or Creating a more trustworthy Internet. Doug Cavit Chief Security Strategist Trustworthy Computing. The Internet Revolution. Beneficial change. Social: Enabling a global village Economic: Easier, faster, cheaper commerce Political: Freer exchange of ideas.
E N D
Life in the Fast Lane orCreating a more trustworthy Internet Doug Cavit Chief Security Strategist Trustworthy Computing
The Internet Revolution Beneficial change • Social: Enabling a global village • Economic: Easier, faster, cheaper commerce • Political: Freer exchange of ideas Undesirable change • Loss of data subject control over information • Rise in identity theft • Targeted attacks against businesses & governments • Increases in other types of online and tech-facilitated crimes Now required: End to End Trust • Users must be empowered to make informed trust decisions (including accepting the risks of anonymity) • Strong identity claims and reputation must be available to enhance security, privacy, and trust • Better accountability must be created to deter crime and facilitate responses
National Interest Personal Gain Personal Fame Curiosity Threat Trends Exponential Growth of IDsIdentity and access management challenging Increasingly Sophisticated MalwareAnti-malware alone is not sufficient Largest segment by $ spent on defense Number of variants from over 7,000 malware families (1H07) B2C Spy B2E Largest areaby $ lost B2B mobility Number of Digital IDs Internet Fastest growing segment Thief client/server mainframe Pre-1980s 1980s 1990s 2000s Source: Microsoft Security Intelligence Report (January – June 2007) Trespasser Crime On The Rise Attacks Getting More SophisticatedTraditional defenses are inadequate Largest area by volume Author User • Examples • Spyware • Rootkits • Application attacks • Phishing/Social engineering Vandal GUI Applications Drivers O/S Hardware Script-Kiddy Amateur Expert Specialist Physical
Microsoft's Commitment to TwC Trustworthy Computing Business Practices Security Privacy Reliability Secure against attacks Protects confidentiality, integrity & availability of data & systems Manageable Protects from unwanted communication Controls for informational privacy Products, online services adhere to fair information principles Dependable, Available Predictable, consistent responsive service Maintainable Resilient, works despite changes Recoverable, easily restored Proven, ready Commitment to customer-centric Interoperability Recognized industry leader, world-class partner Open, transparent • Launched in January 2002 • A Microsoft company-wide mandate
Security Fundamentals • Security Development Lifecycle • Security Response Center • Better Updates And Tools
Security And Privacy Progress SDL and SD3 Defense in Depth Threat Mitigation • Security Development Lifecycle process • Engineered for security • Design threat modeling • SD3: • Secure by Design • Secure by Default • Secure In Deployment • Automated patching and update services • Malware Example • Consumer Education • Laws • Firewalls • Antivirus Products • Antispyware Products • Malicious Software Removal Tool • Memory Management (ASLR) • Law Enforcement • Microsoft Security Response Center (MSRC) • Microsoft Malware Protection Center (MMPC) • Windows Live OneCare and Forefront Client Security, powered by the Microsoft Malware Protection Center • SPAM (Sender ID, Phishing Filters) • Network Access Protection (NAP/NAC)
Building a Trusted Stack Identity Claims Authentication Authorization Access Control Mechanisms Audit Core Security Components “I+4A” Trusted Data Trusted People Trusted Stack Trusted Software Trusted Hardware INTEGRATED PROTECTION Secure Foundation SDL and SD3 Defensein Depth Threat Mitigation
Making Effective Trust Decisions • Trust decisions … • are not binary • may change as circumstances change • are auditable • may be rolled back if bad • Effective trust decisions must • Be based on a trusted stack • Balance privacy, security & risk • Be easy and informed • Made automatically where possible • Can people protect themselves and their family as they can in the physical world? privacy security Trusted Data Trusted People Trusted Software Trusted Hardware
Building Alignment • Successful end-to-end trust needs solutions aligned with • Societal values • Market forces • Regulatory environment • These ideas, raised by many before, have not been implemented, in part because of misalignment • We must come together to change the status quo, and find ways to address international barriers to implementation
Benefits • Reduce types and severity of threats (e.g., de-value PII and reduce ID Theft) • Create accountability for online crime • Enable greater, safer personal Internet usage • Enter new markets, expand Internet presence, and collaborate with partners and customers while reducing costs and risks • Improve public safety and national security efforts, including disaster response (e.g., priority routing)
TwC for the Internet TwC – a good foundation Enterprises can secure intranets,Internet not yet safe People would do more online if they felt safer TwC for the Internet • Vulnerabilities greatly reduced but will never be zero • Defense in Depth limits damage but cannot eliminate successful attacks • Disabled features only protects against misuse of unused features • For-profit crime is driving increasingly sophisticated attacks • Too hard to know if a computer should be trusted • Not possible to prove claims of identity beyond the intranet • Porous enterprise boundaries make suspicious activity harder to detect • Users need to be able to assess risks • connecting to sites • using software • interacting with people • Users need assurance of security & privacy • Identity claims when required need to be provable • Users need to be able to choose to be anonymous • Users need informed control of their computing experience • Users need a simple way to make trust decisions on sites, software & data • Bad actors like online criminals should be held accountable for their actions, which harm security and privacy • Requires broad industry, government and citizen collaboration
Establishing End to End Trust Trusted Stack Core Security Components Trust Founded on “Identity Claims,” not Identity Protecting Privacy • Needed for a trusted stack • HW, SW, people & data validation • Robust trust model • Informed decisions based on integrity & reputation • Scalable across all user scenarios • Identity Claims • Authentication • Authorization Policies • Access Control Mechanisms • Audit • Authenticate users on certified attributes • In-person proofing • Protects identity, reveals only data required to be • Authenticated • Authorized for Access • Actions auditable, and privacy protected • Stolen identity claim insufficient to cause data breach or ID loss • Users should be able to control their PII • Anonymity should be protected in appropriate contexts as a key social value, and clear to all parties Data People Software Hardware
End To End Trust Economic Forces Identity Claims Authentication Authorization Access Control Mechanisms Audit Core Security Components “I+4A” Trusted Data SocialRequirements Trusted People Political/ Legislative Trusted Software Trusted Hardware Trusted Stack Integrated Protection SDL and SD3 Defensein Depth Threat Mitigation Secure Foundation
Imagine If We Had… • Safe electronic playgrounds for children • Secure and easy electronic commerce with minimal identity theft • Trustworthy systems and connections with user control • Far less need to disclose personally identifiable information • A more secure infrastructure able to respond in real-time to developing threats
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Appendix Unused Slides for Scott’s standard keynote
Next Steps • www.microsoft.com/endtoendtrust We need a broad dialogue on • Technology Innovations • Economic Forces • Political Standards • Social Change
Return to Some Scenarios • Safe electronic playgrounds for children • Secure and easy electronic commerce with minimal identity theft • Trustworthy systems and connections with user control • Far less need to disclose personally identifiable information • A more secure infrastructure able to respond in real-time to developing threats