Upload
redell
View
32
Download
3
Embed Size (px)
DESCRIPTION
EMB423 Creating A Trusted Environment For Windows CE 5.0. Nat Frampton President Real Time Development [email protected]. OEM/IHV Supplied. BSP (ARM, SH4, MIPS). OEM Hardware and Standard Drivers. Standard PC Hardware and Drivers. H ardware/ D rivers. Windows XP DDK. - PowerPoint PPT Presentation
Citation preview
EMB423EMB423Creating A Trusted Creating A Trusted Environment For Environment For Windows CE 5.0Windows CE 5.0
Nat FramptonNat FramptonPresidentPresidentReal Time DevelopmentReal Time [email protected]@realtimeonline.com
MManagementanagementTToolsools
CCommunicationsommunications& & MMessagingessaging
Device Update AgentSoftware Update Services
Live Communications ServerExchange Server
Internet Security and Acceleration Server
Speech Server
Image Update
LLocation ocation SServiceservices
MMultimediaultimedia
MapPoint
DirectXWindows Media
Visual Studio 2005DDevelopment evelopment TToolsools
MFC 8.0, ATL 8.0Win32NNativeative
MManagedanagedSServer erver SSideide
LLightweightightweightRRelationalelational
SQL Server 2005 Express EditionEDB
DDat
aat
aPP r
ogra
mm
ing
rogr
amm
ing
MMod
elod
el
DDevice evice BBuilding uilding TToolsools
HHardware/ardware/DDriversrivers
Windows XP DDKWindows Embedded
StudioPlatform Builder
OEM/IHV Supplied BSP(ARM, SH4, MIPS)
OEM Hardware and Standard Drivers
Standard PC Hardware and Drivers
SQL Server 2005SQL Server 2005 Mobile Edition
ASP.NET Mobile Controls ASP.NET.NET Compact Framework .NET Framework
Microsoft Operations ManagerSystems Management Server
OverviewOverviewInside Loader AuthenticationInside Loader AuthenticationImplementation ExampleImplementation ExampleImplementation SceneriosImplementation SceneriosConclusionsConclusions
Locking Down App Execution Locking Down App Execution Trusted ModelTrusted Model
Application execution control via Application execution control via Trusted ModelTrusted ModelOEM option to assign trust levels to processesOEM option to assign trust levels to processesProtectionsProtections
Prevents unauthorized modules from being loadedPrevents unauthorized modules from being loadedRestricts access to certain system APIsRestricts access to certain system APIsPrevent registry WRITE access to certain root and sub-keys:Prevent registry WRITE access to certain root and sub-keys:
HKEY_LOCAL_MACHINE\Comm, Drivers, Hardware, Init, HKEY_LOCAL_MACHINE\Comm, Drivers, Hardware, Init, Services, SYSTEM, WDMDrivers Services, SYSTEM, WDMDrivers
Prevents WRITE access to files with SYSTEM attributePrevents WRITE access to files with SYSTEM attributeREAD access granted, by default. Can be changed via READ access granted, by default. Can be changed via [HKLM\System\ObjectStore]\“AllowSystemAccess”[HKLM\System\ObjectStore]\“AllowSystemAccess”
Locking Down App Execution Locking Down App Execution When do I implement the Trusted Model?When do I implement the Trusted Model?
1-tier (all code runs as Trusted)1-tier (all code runs as Trusted)Prevent unknown code from executing on devicePrevent unknown code from executing on deviceTrust all code running on device (to same extent)Trust all code running on device (to same extent)
2-tier (code can run as Trusted or Untrusted)2-tier (code can run as Trusted or Untrusted)End users can run any code on deviceEnd users can run any code on deviceProtect from malicious code, such as worms, Protect from malicious code, such as worms, viruses, trojan attacks, etc.viruses, trojan attacks, etc.Restrict capabilities of certain processes Restrict capabilities of certain processes
Locking Dow… Execution Locking Dow… Execution Trusted Model Trusted Model
Load Library
Trusted Model?
YN
YN
Load FailFail
Pass OEM Verification
Assign TrustLevel
TR
F
Load
Load
Locking Down App Execution Locking Down App Execution Trusted ModelTrusted Model
Implement Trusted Environment with two functionsImplement Trusted Environment with two functionsOEMCertifyModuleInitOEMCertifyModuleInit
Loader notifies OAL (OEM Adaptation Layer) code when Loader notifies OAL (OEM Adaptation Layer) code when launching new module launching new module
OEMCertifyModuleOEMCertifyModuleLoader passes module to OAL code for verificationLoader passes module to OAL code for verificationReturns one of three trust levels:Returns one of three trust levels:
OEM_CERTIFY_TRUST, OEM_CERTIFY_TRUST, OEM_CERTIFY_RUN, OEM_CERTIFY_RUN, OEM_CERTIFY_FALSEOEM_CERTIFY_FALSE
Samples available Samples available loadauth.lib – Sample implementation of loadauth.lib – Sample implementation of OEMCertifyModuleOEMCertifyModule and and OEMCertifyModuleInitOEMCertifyModuleInitsignfile.exe – Desktop application that signs CE binariessignfile.exe – Desktop application that signs CE binaries
OEM CertificationOEM CertificationFunction Description Return value
OEMCertifyModuleInit Enables the OS loader to notify the OEM that a new module is being loaded. Allows the OEM to decide whether to verify the module for safety.
TRUE or FALSE
OEMCertifyModule Allows the OS loader to pass the module code (for example, DLL, EXE, and OCX) to the OEM for verification that it is safe to run on the system.
OEM_CERTIFY_TRUST OEM_CERTIFY_RUN OEM_CERTIFY_FALSE
DLL And EXE Trust LevelsDLL And EXE Trust Levels
EXE trust DLL trust Final DLL trust
OEM_CERTIFY_RUN OEM_CERTIFY_RUN OEM_CERTIFY_RUN
OEM_CERTIFY_RUN OEM_CERTIFY_TRUST OEM_CERTIFY_RUN
OEM_CERTIFY_TRUST OEM_CERTIFY_RUN DLL fails to load
OEM_CERTIFY_TRUST OEM_CERTIFY_TRUST OEM_CERTIFY_TRUST
Loader LocationLoader LocationAppears in…Appears in…
\WINCE500\Private\WINCEOS\COREOS\\WINCE500\Private\WINCEOS\COREOS\NK\KERNEL\Loader.cNK\KERNEL\Loader.c
Function VerifyBinaryFunction VerifyBinaryDefine the following in OEMInit… Define the following in OEMInit…
pOEMLoadInit = OEMCertifyModuleInitpOEMLoadInit = OEMCertifyModuleInitpOEMLoadModule = OEMCertifyModulepOEMLoadModule = OEMCertifyModule
Implementation ExampleImplementation Example
Lockdown ArchitectureLockdown Architecture
Win32Win32
KernelKernel
OALOAL
Load Library
OEMCertify….AllowableAllowable
FilesFilesListList
KernelIOControl
AllowableAllowableFilesFiles
DatabaseDatabase
File Changes \WINCE500…File Changes \WINCE500…\PLATFORM\COMMON\SRC\X86\COMMON\\PLATFORM\COMMON\SRC\X86\COMMON\STARTUP\OEMINIT.CSTARTUP\OEMINIT.C
Actual OEMCertification ModulesActual OEMCertification Modules\PUBLIC\COMMON\OAK\INC\PkFuncs.h\PUBLIC\COMMON\OAK\INC\PkFuncs.h
Define IOCTL Codes into the KernelIOControlDefine IOCTL Codes into the KernelIOControl\PLATFORM\COMMON\SRC\X86\INC\ioctl_tab.h\PLATFORM\COMMON\SRC\X86\INC\ioctl_tab.h
Associate our IOCTL Call handler with IOCTLsAssociate our IOCTL Call handler with IOCTLs\PLATFORM\COMMON\SRC\X86\INC\x86ioctl.h\PLATFORM\COMMON\SRC\X86\INC\x86ioctl.h
Declare our interface to our IOCTL Call HandlerDeclare our interface to our IOCTL Call Handler
Implementation ScenariosImplementation ScenariosOEM is free to choose trust levelOEM is free to choose trust levelDigital Certificates represent highest Digital Certificates represent highest trust leveltrust levelDigital Certificates require extra Digital Certificates require extra footprintfootprintOEM can implement dynamic trustOEM can implement dynamic trust
Allows for the device to change Allows for the device to change personalitypersonality
OEM can implement Name/ChecksumOEM can implement Name/Checksum
ConclusionsConclusionsWindows CE 5.0 Provides a robust Windows CE 5.0 Provides a robust Security ArchitectureSecurity ArchitectureLoader Certification provides a Loader Certification provides a mechanism tomechanism to
Create a Trusted EnvironmentCreate a Trusted EnvironmentDynamically define the devices personalityDynamically define the devices personality
Follow Best Practices at multiple levels Follow Best Practices at multiple levels for best defensefor best defense““Trusted Security is best achieved by having Trusted Security is best achieved by having a thorough understanding of the Windows CE a thorough understanding of the Windows CE 5.0’s Security Architecture and Trust Model!”5.0’s Security Architecture and Trust Model!”
While At MEDC 2005…While At MEDC 2005…Fill outFill out an evaluation for this session an evaluation for this session
Randomly selected instant Randomly selected instant WINWIN prizes! prizes!
Use Use real technology in a labreal technology in a lab Instructor led Instructor led Reef E/FReef E/F & & Breakers LBreakers L Self-paced Self-paced Reef B/CReef B/C
VisitVisit the Microsoft Product Pavilion the Microsoft Product Pavilion in the Exhibit Hall in the Exhibit Hall Shorelines BShorelines B
After The Conference…After The Conference…
DevelopDevelop
BuildBuildInstallInstall
BuildBuild
JoinJoin
InstallInstall
EnterEnter JoinJoin
Full-featured trial versions of Windows CE Full-featured trial versions of Windows CE and/or Windows XP Embeddedand/or Windows XP EmbeddedCool stuff & tell us about it: Cool stuff & tell us about it: msdn.microsoft.com/embedded/community Windows Embedded Partner Program:Windows Embedded Partner Program:www.mswep.com
Windows Mobile 5.0 Eval Kit including Windows Mobile 5.0 Eval Kit including Visual Studio 2005 Beta 2Visual Studio 2005 Beta 2Mobile2Market Contest and win up to $25000: Mobile2Market Contest and win up to $25000: mobile2marketcontest.com Microsoft Solutions Partner Program:Microsoft Solutions Partner Program:partner.microsoft.com
Tools & ResourcesTools & Resources
msdn.microsoft.com/msdn.microsoft.com/ embeddedembedded
microsoft.public.microsoft.public. windowsxp.embeddedwindowsxp.embedded windowsce.platbuilderwindowsce.platbuilder windowsce.embedded.vcwindowsce.embedded.vc
blogs.msdn.com/blogs.msdn.com/ mikehallmikehall
Windows CE 5.0 Eval KitWindows CE 5.0 Eval KitWindows XP Embedded Eval KitWindows XP Embedded Eval Kit
msdn.microsoft.com/msdn.microsoft.com/ mobilitymobility
microsoft.public.microsoft.public. pocketpc.developer pocketpc.developer smartphone.developer smartphone.developer dotnet.framework.compactframeworkdotnet.framework.compactframework
blogs.msdn.com/blogs.msdn.com/ windowsmobilewindowsmobile vsdteamvsdteam netcfteamnetcfteam
Windows Mobile 5.0 Eval KitWindows Mobile 5.0 Eval Kit
WebsitesWebsites
NewsgroupsNewsgroups
BlogsBlogs
ToolsTools
BuildBuild DevelopDevelop