Intel Trusted Execution Technology for Server Platforms : A Guide to More Secure Datacenters.

Yazar:Futral, William
Katkıda bulunan(lar):Greene, James
Materyal türü: KonuKonuYayıncı: Berkeley, CA : Apress L. P., 2013Telif hakkı tarihi: �2013Tanım: 1 online resource (149 pages)İçerik türü:text Ortam türü:computer Taşıyıcı türü: online resourceISBN: 9781430261490Tür/Form:Electronic books.Ek fiziksel biçimler:Print version:: Intel Trusted Execution Technology for Server PlatformsLOC classification: QA75.5-76.95Çevrimiçi kaynaklar: Click to View
İçindekiler:
Intro -- Contents at a Glance -- Contents -- Foreword -- About the Authors -- Acknowledgments -- Introduction -- Chapter 1: Introduction to Trust and Intel � Trusted Execution Technology -- Why More Security ? -- Types of Attacks -- What Is Trust? How Can Hardware Help? -- What Is Intel� Trusted Execution Technology? -- Static Chain of Trust -- Dynamic Chain of Trust -- Virtualization -- Measured Launch Environment -- Finding Value in Trust -- Cloud Computing -- Attestation: The Founding Principle -- Value to System Software -- Cloud Service Provider/Cloud Service Client -- What Intel TXT Does Not Do -- Enhancements for Servers -- Including BIOS in the TCB -- Processor-Based CRTM -- Trusting the SMM -- Other Differences -- Impact of the Differences -- Roles and Responsibilities -- OEM -- Platform Owner -- Host Operating System -- Other Software -- Chapter 2: Fundamental Principles of Intel � TXT -- What You Need: Definition of an Intel � TXT-Capable System -- Intel� TXT-Capable Platform -- Intel TXT Platform Components -- Processor -- Chipset -- Trusted Platform Module (TPM) -- BIOS -- Authenticated Code Module (ACM) -- The Role of the Trusted Platform Module (TPM) -- TPM Interface -- Localities -- Control Protocol -- Random Number Generator (RNG) -- SHA-1 Engine -- RSA Engine and Key Generation -- Platform Configuration Registers (PCRs) -- Nonvolatile Storage -- Attestation Identity Key (AIK) -- TPM Ownership and Access Enforcement -- Cryptography -- Symmetric Encryption -- Asymmetric Encryption -- Cryptographic Hash Functions -- Why It Works and What It Does -- Key Concepts -- Measurements -- Secure Measurements -- Static and Dynamic Measurements -- The Intel TXT Boot Sequence -- Measured Launch Process (Secure Launch) -- Protection Against Reset Attacks -- Launch Control Policy -- Platform Configuration (PCONF).
Trusted OS Measurements (MLE Element) -- Protecting Policies -- Sealing -- Attestation -- Summary -- Chapter 3: Getting It to Work: Provisioning Intel � TXT -- Provisioning a New Platform -- BIOS Setup -- Enable and Activate the Trusted Platform Module (TPM) -- Enable Supporting Technology -- Enabling Intel� TXT -- Summary of BIOS Setup -- Automating BIOS Provisioning -- Establish TPM Ownership -- What Is TPM Ownership ? Why Is This Important? -- How to Establish TPM Ownership -- Pass-Through TPM Model -- Remote Pass-Through TPM Model -- Management Server Model -- Protecting Authorization Values -- Install a Trusted Host Operating System -- VMware ESXi Example -- Linux Example (Ubuntu) -- Create Platform Owner's Launch Control Policy -- How It Works -- What LCP Does -- Specifying Platform Configuration: The PCONF Element -- Specifying Trusted Operating Systems: The MLE Element -- Specifying Trusted ACMs -- Specifying a Policy of "ANY" -- Revoking Platform Default Policy -- Why Is PO Policy Important? -- Prevent Interference by the Platform Supplier Policy -- Establishing Trusted Pools -- Reduce the Need for Remote Attestation -- Reset Attack Protection -- Considerations -- Summary -- Chapter 4: Foundation for Control: Establishing Launch Control Policy -- Quick Review of Launch Control Policy -- When Is Launch Control Policy Needed? -- Remote Attestation -- What Does Launch Control Policy Deliver? -- PCR0: CRTM, BIOS, and Host Platform Extensions -- PCR1: Host Platform Configuration -- PCR2, 3: Option ROM Code and Configuration Data -- PCR4, 5: IPL Code and Configuration Data -- PCR6: State Transition and Wake Events -- PCR7: Host Platform Manufacturer Control -- Platform Configuration (PCONF) Policy -- Specifying Trusted Platform Configurations -- Tools Needed for Creating a PCONF Policy -- Difficulties with Using PCONF Policy.
Specifying Trusted Host Operating Systems -- Tools Needed for Creating MLE Policy -- Options and Tradeoffs -- Impact of SINIT Updates -- Impact of Platform Configuration Change -- Impact of a BIOS Update -- Impact of OS/VMM Update -- Managing Launch Control Policy -- Think Big -- Use a Signed List -- Make Use of Vendor-Signed Policies -- Use Multiple Lists for Version Control -- Using the Simplest Policy -- Other Tips -- Strategies -- Impact of Changing TPM Ownership -- Decision Matrix -- Chapter 5: Raising Visibility for Trust: The Role of Attestation -- Attestation: What It Means -- Attestation Service Components -- Endpoint, Service, and Administrative Components -- Attestation Service Component Capabilities -- Administrative Component Capabilities -- Attestation in the Intel TXT Use Models -- Enabling the Market with Attestation -- OpenAttestation -- Mt. Wilson -- How to Get Attestation -- Chapter 6: Trusted Computing: Opportunities in Software -- What Does "Enablement" Really Mean? -- Platform Enablement: The Basics -- Platform Enablement: Extended -- Provisioning -- Updates -- Attestation -- Reporting and Logging -- Operating System and Hypervisor Enablement -- Enablement at Management and Policy Layer -- Provisioning -- Updates -- Attestation -- Reporting and Logging -- Enablement at the Security Applications Layer -- Chapter 7: Creating a More Secure Datacenter and Cloud -- When Datacenter Meets the Cloud -- The Cloud Variants -- Cloud Delivery Models -- Intel TXT Use Models and the Cloud(s) -- The Trusted Launch Model -- Trusted Compute Pools: Driving the Market -- Extended Trusted Pools: Asset Tags and Geotags -- Compliance: Changing the Landscape -- Chapter 8: The Future of Trusted Computing -- Trust Is a Foundation -- More Protections and Assurance -- Is There Enough to Trust? -- Measures at Launch Time. -- What Intel TXT Measures.
The Whitelist Approach -- The Evolution of Trust -- Trusted Guest -- End-to-End Trust -- Runtime Trust -- The Trust and Integrity "Stack" -- Index.
Bu kütüphanenin etiketleri: Kütüphanedeki eser adı için etiket yok. Etiket eklemek için oturumu açın.
    Ortalama derecelendirme: 0.0 (0 oy)
Bu kayda ilişkin materyal yok

Intro -- Contents at a Glance -- Contents -- Foreword -- About the Authors -- Acknowledgments -- Introduction -- Chapter 1: Introduction to Trust and Intel � Trusted Execution Technology -- Why More Security ? -- Types of Attacks -- What Is Trust? How Can Hardware Help? -- What Is Intel� Trusted Execution Technology? -- Static Chain of Trust -- Dynamic Chain of Trust -- Virtualization -- Measured Launch Environment -- Finding Value in Trust -- Cloud Computing -- Attestation: The Founding Principle -- Value to System Software -- Cloud Service Provider/Cloud Service Client -- What Intel TXT Does Not Do -- Enhancements for Servers -- Including BIOS in the TCB -- Processor-Based CRTM -- Trusting the SMM -- Other Differences -- Impact of the Differences -- Roles and Responsibilities -- OEM -- Platform Owner -- Host Operating System -- Other Software -- Chapter 2: Fundamental Principles of Intel � TXT -- What You Need: Definition of an Intel � TXT-Capable System -- Intel� TXT-Capable Platform -- Intel TXT Platform Components -- Processor -- Chipset -- Trusted Platform Module (TPM) -- BIOS -- Authenticated Code Module (ACM) -- The Role of the Trusted Platform Module (TPM) -- TPM Interface -- Localities -- Control Protocol -- Random Number Generator (RNG) -- SHA-1 Engine -- RSA Engine and Key Generation -- Platform Configuration Registers (PCRs) -- Nonvolatile Storage -- Attestation Identity Key (AIK) -- TPM Ownership and Access Enforcement -- Cryptography -- Symmetric Encryption -- Asymmetric Encryption -- Cryptographic Hash Functions -- Why It Works and What It Does -- Key Concepts -- Measurements -- Secure Measurements -- Static and Dynamic Measurements -- The Intel TXT Boot Sequence -- Measured Launch Process (Secure Launch) -- Protection Against Reset Attacks -- Launch Control Policy -- Platform Configuration (PCONF).

Trusted OS Measurements (MLE Element) -- Protecting Policies -- Sealing -- Attestation -- Summary -- Chapter 3: Getting It to Work: Provisioning Intel � TXT -- Provisioning a New Platform -- BIOS Setup -- Enable and Activate the Trusted Platform Module (TPM) -- Enable Supporting Technology -- Enabling Intel� TXT -- Summary of BIOS Setup -- Automating BIOS Provisioning -- Establish TPM Ownership -- What Is TPM Ownership ? Why Is This Important? -- How to Establish TPM Ownership -- Pass-Through TPM Model -- Remote Pass-Through TPM Model -- Management Server Model -- Protecting Authorization Values -- Install a Trusted Host Operating System -- VMware ESXi Example -- Linux Example (Ubuntu) -- Create Platform Owner's Launch Control Policy -- How It Works -- What LCP Does -- Specifying Platform Configuration: The PCONF Element -- Specifying Trusted Operating Systems: The MLE Element -- Specifying Trusted ACMs -- Specifying a Policy of "ANY" -- Revoking Platform Default Policy -- Why Is PO Policy Important? -- Prevent Interference by the Platform Supplier Policy -- Establishing Trusted Pools -- Reduce the Need for Remote Attestation -- Reset Attack Protection -- Considerations -- Summary -- Chapter 4: Foundation for Control: Establishing Launch Control Policy -- Quick Review of Launch Control Policy -- When Is Launch Control Policy Needed? -- Remote Attestation -- What Does Launch Control Policy Deliver? -- PCR0: CRTM, BIOS, and Host Platform Extensions -- PCR1: Host Platform Configuration -- PCR2, 3: Option ROM Code and Configuration Data -- PCR4, 5: IPL Code and Configuration Data -- PCR6: State Transition and Wake Events -- PCR7: Host Platform Manufacturer Control -- Platform Configuration (PCONF) Policy -- Specifying Trusted Platform Configurations -- Tools Needed for Creating a PCONF Policy -- Difficulties with Using PCONF Policy.

Specifying Trusted Host Operating Systems -- Tools Needed for Creating MLE Policy -- Options and Tradeoffs -- Impact of SINIT Updates -- Impact of Platform Configuration Change -- Impact of a BIOS Update -- Impact of OS/VMM Update -- Managing Launch Control Policy -- Think Big -- Use a Signed List -- Make Use of Vendor-Signed Policies -- Use Multiple Lists for Version Control -- Using the Simplest Policy -- Other Tips -- Strategies -- Impact of Changing TPM Ownership -- Decision Matrix -- Chapter 5: Raising Visibility for Trust: The Role of Attestation -- Attestation: What It Means -- Attestation Service Components -- Endpoint, Service, and Administrative Components -- Attestation Service Component Capabilities -- Administrative Component Capabilities -- Attestation in the Intel TXT Use Models -- Enabling the Market with Attestation -- OpenAttestation -- Mt. Wilson -- How to Get Attestation -- Chapter 6: Trusted Computing: Opportunities in Software -- What Does "Enablement" Really Mean? -- Platform Enablement: The Basics -- Platform Enablement: Extended -- Provisioning -- Updates -- Attestation -- Reporting and Logging -- Operating System and Hypervisor Enablement -- Enablement at Management and Policy Layer -- Provisioning -- Updates -- Attestation -- Reporting and Logging -- Enablement at the Security Applications Layer -- Chapter 7: Creating a More Secure Datacenter and Cloud -- When Datacenter Meets the Cloud -- The Cloud Variants -- Cloud Delivery Models -- Intel TXT Use Models and the Cloud(s) -- The Trusted Launch Model -- Trusted Compute Pools: Driving the Market -- Extended Trusted Pools: Asset Tags and Geotags -- Compliance: Changing the Landscape -- Chapter 8: The Future of Trusted Computing -- Trust Is a Foundation -- More Protections and Assurance -- Is There Enough to Trust? -- Measures at Launch Time. -- What Intel TXT Measures.

The Whitelist Approach -- The Evolution of Trust -- Trusted Guest -- End-to-End Trust -- Runtime Trust -- The Trust and Integrity "Stack" -- Index.

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2022. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.

There are no comments on this title.

yorum yazmak için.

Ziyaretçi Sayısı

Destekleyen Koha