Hardware-Based Encryption Solution for Dell


http://www.wave.com/dell/partner/03-000245_DellFAQ-SED.pdf

TCG Lays Out Blueprint for Trusted Virtual Computing


Neil Roiter

September 23, 2011


The newly released Virtualized Trusted Platform Architecture Specification is a key step in addressing the challenge of how to leverage the security value proposition of the Trusted Platform Module in a virtual environment. Securing virtual assets is a critical point as enterprises look to the cost and operational benefits of virtualization in data centers and in public and private clouds.

The question is how to extend the Trusted Computing initiative into the virtual world. Trusted Computing leverages the TPM, now deployed in more than half a billion (that’s billion with a “b”) computers. It provides device-based identification and authentication, locked-in hardware to prevent tampering – the second factor in your two-factor authentication is your laptop, for example.



But the TPM is hardware. So, in a virtual environment, the host server has a physical TPM, which provides unimpeachable attestation on the current state of that physical machine and that it is indeed “ACME_LTD_Web Server_New York_1.” A couple of high level challenges immediately come to mind:
¦How do I extend the level of assurance provided by the physical TPM to the guest virtual machines running on the host?
¦Assuming I can do that, what happens as VMs migrate dynamically from one host to another for load balancing, maximizing resource usage, etc.?

“Virtual machines, which are typically allocated to one OS and set of applications, want to use TPMs,” says Paul Sangster, distinguished engineer at Symantec and co-editor of the specification, in a presentation at the NSA Trusted Computing Conference. “We need ways that allow a single TPM to be shared, but isolated from other instances.”

In a Trusted Computing environment on a physical server, we have the operating environment, with the OS of choice at one layer, along with the physical TPM and Core Root of Trust for Measurement (CRTM). The CRTM measures the initial code executed on a platform as boot-up initiates and writes those measurements into the Platform Configuration Registers (PCRs) on the TPM.

When virtualization is implemented, a virtualization layer is introduced between the OS and the TPM at the physical layer. Each VM (and its OS) has its own virtual TPM and virtual CRTM. So, when a person or device (called the Remote Challenger) requests affirmation of the VM’s authenticity before it uses its applications, services, data, etc. the VM responds based on the information in the virtual TPM.

The key is that the virtual TPM assurance is actually based on the physical TPM on the host. The VM doesn’t “know” it is using to a virtual TPM. In this manner, a single physical TPM can support a number of virtual TPMs on a number of VMs. All of this is handled by the Virtual Machine Manager.

The solution, again, at a high level is rather elegant and makes use of a lot of basic existing TPM and virtualization functionality. It’s a blueprint, Sangster emphasizes; there’s a lot of work to be done before it can be implemented. The examples here are very simple, and I encourage you to check out the spec, which includes some simple, but excellent, diagrams that clearly illustrate the way a Trusted Computing virtual environment can work.

Mr. Roiter is a security writer who is not affiliated with the NSA

http://blog.wave.com/roiter/tcg-lays-out-blueprint-for-trusted-virtual-computing/#more-145

Building Castles in the Sky: Mobile Hacking and Its Impact on CyberSecurity

Author: Sowmya Murthy, Security Blog Editor

Today we are featuring a special guest blogger, Tom Kellerman, Commissioner on The Commission on Cyber Security for the 44th Presidency of the United States of America.

Just a few key questions, and we were able to get just a wealth of information. If you have naysayers who do not yet see the need for a new security paradigm, today is a good day to read this blog and add value to your business case on mobile devices and its impact on cybersecurity.

[Sowmya Murthy] Tom, what are some key trends in Mobile Hacking that should be on the radar of any large enterprise CIO/CTO?

[Tom Kellerman] According to the 2011 McAfee study, 85 percent of your assets are intangible and, thus, economic espionage is reaching a global crescendo. In addition, 65 percent of the 1000 executives surveyed were worried about wireless and mobile device security. “Worried” seems like a euphemism in today’s hostile cyber landscape.

The most recent United States Secret Service Data Breach Report noted that remote access compromise was the primary attack vector employed last year. The modus operandi of targeting remote user devices to bypass the network security controls has become commonplace. These cyber infiltrators applaud our widespread adoption of mobile devices as they fully recognize that your latest Android, iPhone or tablet have greater attack surfaces and minimal security controls beyond encryption.

Today’s mobile device is a computer. With more memory and computer power than that of our desktops, mobile devices live in a power struggle between two networks: one we lease (the carrier network) and one we own (our corporate network). These powerful computers lack security controls because the carriers and device manufactures of these mobile devices obfuscate the operating systems BIOS and low level device control from the user. These devices also have a multitude of attack surfaces which create an oasis for hackers.

[Sowmya Murthy] What are the critical gaps you believe need to be addressed in the short term?

[Tom Kellerman] There are 6 fundamental security gaps in mobile device security.
1.Authentication: Access control is the foundation of computer security. As we follow the lead of the financial sector’s mobile banking models for risk management, we must be aware that one time use passwords via SMS are being defeated by Zeus Trojans and DroidDream as they compromise these devices. Voice authentication and other biometrics will be critical.
2.Virus scanning and removal: Given the hundreds of mobile malware which are flourishing in the wild, it is important to note that the current mobile antivirus solutions do not actually clean the devices. If these technologies actually do identify a threat, you must get the phone reimaged. Obviously, this is not very easy to do when you are traveling or meeting deadlines.
3.Data Leakage: Encryption is foundational. However if the user, wireless cyber environment or device is compromised, then the keys will also be compromised.
4.Web filtering/Browser security: Trends of attacks have focused on this weak side door. The browsers on most smart phones are injectable and thus become gateways for hackers.
5.Application Security: We have all heard of malicious apps but many trusted apps like their website cousins are being polluted as we speak. The future of systemic widespread infestations is coming when hackers begin to infiltrate the servers of “Android Market” and the “App Store.”
6.Mobile Intelligence: Mitigating the environmental risks to your users and their devices is paramount. Your users’ mobile devices are capable and intelligent machines. Wireless situational awareness and continuous monitoring sustains your remote user population.

[Sowmya Murthy] There is a lot of talk about a new security paradigm, is one really necessary at this point? Why?

[Tom Kellerman] We are now carrying computers in our pockets – it is time we start treating them as such. You would not let anyone bring a home computer to work and plug into your network without applying the appropriate controls, would you?

Then, why would you let anyone with a smartphone connect and do the same? 2011 has ushered in the year of wireless attacks. Managing these attacks can be achieved through greater situational awareness via continuous monitoring of the wireless spectrum. Mobile intelligence can only be achieved via a combination of wireless intrusion detection and dynamic location-based policy management. A new security paradigm is necessitated – Convergence of physical and cyber security must occur. The way to address these is to apply intelligent mobility by providing contextual awareness in real time.

Building castles in the sky requires a healthy respect for the adversary’s capabilities. The art managing mobile risk resides in limiting the capacity of a hacker to ex-filtrate data in real-time.

Tom Kellermann is a Commissioner on The Commission on Cyber Security for the 44th Presidency, CTO of AirPatrol, and serves on the board of the International Cyber Security Protection Alliance. In addition, Tom is a member of the National Board of Information Security Examiners Panel for Penetration Testing, the Information Technology Sector Coordinating Council, and the ITISAC subcommittee on International Cybersecurity policy. Tom is a Professor at American University’s School of International Service and is a Certified Information Security Manager (CISM). Finally, Tom sits on the steering Committee of the Financial Coalition Against Child Pornography.

Tom Kellermann formerly held the position of Vice President of Security Strategy for Core Security. Prior to his five years with Core Security, Tom was the Senior Data Risk Management Specialist the World Bank Treasury Security Team, where he was responsible for cyber-intelligence and policy management within the World Bank Treasury. In this role, Tom regularly advised central banks around the world about their cyber-risk posture and layered security architectures. Along with Thomas Glaessner and Valerie McNevin, he co-authored the book “E-safety and Soundness: Securing Finance in a New Age.”


http://blogs.unisys.com/security/2011/09/22/building-castles-in-the-sky-mobile-hacking-and-its-impact-on-cybersecurity/






























































You might also like:

Trusted Computing Group Announces Trusted Virtualized Platform Architecture


Blueprint Provides Guidance to Creating Secure, Interoperable Trusted Virtual Machines.
.

Thursday, September 22, 2011 18:00
.



Trusted Computing Group (TCG) today announced the release of the first Virtualized Platform Architecture, which describes how to build a trusted virtualized platform. With this specification, robust Trusted Computing technologies based on the TCG’s core concepts of the hardware root of trust can be added to existing virtual machine managers (VMMs), allowing virtual machines (VM) on the same platform to share hardware roots of trust.

A trusted virtual platform presents some unique challenges when compared to trusted physical platforms. These challenges occur when the Trusted Platform Module (TPM) is implemented in software in the VMM layer, but the TPM is still expected to provide the core security protections as if it was implemented in hardware. For example, all of the TPM’s private data may be present inside the VMM software layer, creating the opportunity for customers to backup/restore the TPM or migrate the TPM to a new platform along with its VM. TPM migration and restore usages present some new potential threats that need to be addressed.

The new TCG Virtualized Trusted Platform Architecture Specification defines how a virtual TPM will behave and how it can be used with a physical TPM to allow remote parties to evaluate the level of trust offered by the overall platform (VM and its underlying VMM). The specification defines terminology, component features, and the virtualization layering design blueprint to ensure a common approach, as well as security requirements and implementation considerations for a TCG-compatible trusted platform. However, it does not specify how virtual or physical machines are specifically implemented by vendors.

“With the rapid adoption of virtualization in client and server systems, it’s time to incorporate Trusted Computing into this model to ensure that the software and trust properties of both the virtual and physical environments are the same,” notes Lee Wilson, chair, TCG Virtualized Platform Work Group and IBM. “Without the foundation of trust properties, virtualized systems with their software-based hypervisors remain vulnerable to a variety of attacks and will not offer the level of security required for enterprise and government computing.”

On Thursday, Sept. 22 here at the NSA (National Security Agency) Trusted Computing Conference and Expo, virtualization specification editor and TCG work group co-chair Paul Sangster of Symantec will present “Virtualized Platform Security - Using Trusted Computing to Protect the Foundation of the Cloud” that includes a discussion of the Virtualized Trusted Platform Architecture Specification.

To get more information on the NSA Trusted Computing Conference and Exposition or to register, go to http://www.ncsi.com/nsatc11/index.html. TCG also has information and more details at http://www.trustedcomputinggroup.org/media_room/events/102.

Trusted Computing Group

The Trusted Computing Group (TCG) provides open standards that enable a safer computing environment across platforms and geographies. Benefits of Trusted Computing include protection of business-critical data and systems, secure authentication and strong protection of user identities, and the establishment of strong machine identity and network integrity. Organizations using built-in, widely available trusted hardware and applications reduce their total cost of ownership. TCG technologies also provide regulatory compliance that is based upon trustworthy hardware. More information and the organization’s specifications and work groups are available at the Trusted Computing Group’s website, www.trustedcomputinggroup.org. Follow TCG on Twitter and on LinkedIn.

Brands and trademarks are the property of their respective owners.


Contact:

PR Works, Inc.
Anne Price, 602-840-6495
anne@prworksonline.com

http://www.teletrader.com/_news/newsdetail.asp?id=13951755

Trusted Computing Group Reports on InformationWeek Webcast

Sep 22, 2011 (Close-Up Media via COMTEX) -- Trusted Computing Group announced an InformationWeek Webcast, Hardening Private Keys with Less Hassle, Less Cost and More Security: A Case Study in Authentication, featuring Karl Wagner, Director of Global Networking, PwC Mark Lobel, Partner, PwC Apurva Bhansali, CEO and CTO, Softex Kirk Laughlin, Contributing Editor, Information Week on Tuesday, Oct. 27, 11 a.m. Pacific / 2 p.m. Eastern.




According to a release, in this webcast, presented by InformationWeek and moderated by PwC and Softex, attendees will learn how to leverage existing industry solutions and industry standards in deploying a low-cost solution for authentication.

Use cases including leveraging the Trusted Platform Module built into most enterprise PCs will be reviewed with specific steps on setting up the TPM, the role of tokens versus the TPM, the strategies for deploying the TPM, and cost analysis of the TPM and software versus other options.

Event information: techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1003550&K=CAA1CC ((Comments on this story may be sent to newsdesk@closeupmedia.com))


http://www.mobilitytechzone.com/news/2011/09/22/5796749.htm

Data Protection and Security Issues Drive Adoption of Widely Available Self-Encrypting Drives Based on Industry Standards


http://www.trustedcomputinggroup.org/files/resource_files/8C99C3CF-1A4B-B294-D0560A492604CEF2/SED%20Data%20Protection%20and%20Security%20Issues%20Drive%20Adoption.pdf

NIST guidelines seek to minimize risk of BIOS attacks


Eric B. Parizo, Senior Site Editor

Published: 21 Sep 2011


ORLANDO – In light of emerging attacks against system BIOS, the government’s top IT standards organization is promoting guidelines for securely building and maintaining the key firmware component of client computers.

Tuesday at the NSA Trusted Computing Conference & Exposition, Andrew Regenscheid, a mathematician with the computer security division of the National Institute of Standards and Technology (NIST), detailed Special Publication 800-147 (.pdf), recommendations released in April outlining how computer manufacturers and enterprises should build, update and manage BIOS securely and avoid exploitations.

BIOS, which stands for basic input/output system, is the fundamental firmware used to boot or initialize nearly all computers. Legacy machines used BIOS to as the go-between to help hardware and software communicate, but Regenscheid noted today’s systems use BIOS strictly as a means to boot the operating system.

Despite its limited role in contemporary computing, Regenscheid said BIOS represents an increasingly worrisome threat vector for enterprises. Improvements in operating system security have forced attackers up the stack in search of vulnerable applications, he said, but BIOS has long been forgotten from a security perspective, meaning creative attackers could just easily find success exploiting vulnerable firmware.

In fact, BIOS attacks are already happening. Just this month, Chinese researchers discovered the Mebromi rootkit, the first instance of malware in the wild that attempts to plant itself inside BIOS. Once installed, Mebromi uses BIOS to corrupt the system’s master boot record and make the target system inoperable.

“If you can get in and modify the BIOS,” Regenscheid said, “you can bring down a system, prevent it from booting, or get malware running at very high privilege levels on a system.”

BIOS 2.0: UEFI BIOS
Complicating the BIOS security threats landscape further is the recent emergence of the Unified Extensible Firmware Interface, or UEFI BIOS, a next-generation system BIOS specification with added features, most notably the ability to boot from multi-terabyte hard drives.

Unlike the limited role of traditional BIOS, UEFI BIOS handles more than just the boot process. Regenscheid said it includes a set of runtime services that might be called upon even when the OS has control of the system. These and other UEFI BIOS features, he said, serve to enlarge the attack surface.

Additionally, Regenscheid said the UEFI BIOS standard is more documented than the previous BIOS specifications, and when combined with the likelihood that it will need to be updated more frequently, it sets the stage for malicious exploits.

“NIST saw an opportunity to influence products before [UEFI BIOS] attacks became widespread,” Regenscheid said.

NIST SP 800-147: Advice for enterprises
The NIST guidelines, which Regenscheid co-authored, address security for what’s called system BIOS, the type used to boot client computers. Regenscheid said future NIST guidance will address other types of BIOS that have their own, more complex intricacies, such as those on controller cards and on servers.

The document has two parts: guidelines on BIOS implementations for computer manufacturers, and recommended practices for managing BIOS for system administrators.

Key among the specifications for computer makers is protections to lock down BIOS. This is done via authenticated BIOS updates using digital signatures to verify that new versions of BIOS are authentic before allowing them to be flashed. In addition, integrity protections thwart unauthorized modifications to BIOS already installed on client systems. Safeguards to ensure BIOS protections can’t be circumvented, Regenscheid said.

For enterprises, the key NIST recommendation is to ensure newly purchased computers adhere to SP 800-147 guidelines, which he said computer makers and other hardware vendors have already begun supporting.

“Once you have such a system, NIST would like you to treat the BIOS like any other system component,” he said. “Just as your OS and applications have a platform lifecycle, you should think about managing BIOS in the same way.”


Related news
NSA: Growing cybersecurity threats demand defenders think like attackers
A top NSA cybersecurity official says the growing cybersecurity threat landscape requires that good guys think like attackers.
More specifically, Regenscheid said that means tracking BIOS changes along with other system changes, and maintaining a known good BIOS backup repository. Prior to deployment, the system BIOS version should be verified and approved. During operation and maintenance, apply existing change management practices to BIOS so updates are managed similarly to software patches. NIST also recommends continuous monitoring to spot attempted BIOS exploits or unauthorized updates.

In reference to the Mebromi rootkit, Regenscheid said if the SP 800-147 guidelines had been in place, they would have thwarted the attack.

“The attack attached malware to BIOS by including a malicious option ROM into the BIOS itself,” Regenscheid said. “If only authorized BIOS updates were allowed to be implemented, protecting the integrity of the flash memory, they wouldn’t have been able to do that attack.”

Rian Quinn, an attendee with the Air Force Research Lab in Rome, N.Y., said while today it’s unlikely an attacker would seek to exploit a vulnerable system BIOS, the issue of BIOS security is important because a successful attack it could essentially make an entire system or network vulnerable.

“BIOS plays a huge, key role in security because if it ever gets exploited, your whole house comes down,” Quinn said. “If you’re trying to build a computer based on Trusted Computing principles, you have to have BIOS secured.”

Related Topics:Configuration Management Planning, Emerging Information Security Threats, Client security, VIEW ALL TAGS

http://searchsecurity.techtarget.com/news/1280089766/NIST-guidelines-seek-to-minimize-risk-of-BIOS-attacks

Trusted Computing: Still Waiting For The Big Dance

Technology now built into more than 500 million PCs, but most enterprises still don't use it
Sep 20, 2011

By Tim Wilson
Dark Reading


ORLANDO, FLA. -- NSA Trusted Computing Conference 2011 -- In a room packed full of implementers and proponents of the industry's Trusted Computing technology, a speaker asked the conference's central question: Stand up if you believe Trusted Computing technology is ready to deploy.
No one stood up.

The idea of PCs with built-in cryptography has been around for nearly a decade, and computers containing the Trusted Platform Module (TPM) encryption chip have been widely available for more than five years. Yet despite built-in support from virtually all of the world's PC makers, most enterprises still haven't turned on the TPM capability on their machines, and only a few are using those built-in TPM chips as a primary means of authenticating users or securing PC data.

Could this be the year that Trusted Computing technology takes off? With so much history behind the concept, many of the faithful here at this year's Trusted Computing Conference still believe with the fervor of Chicago Cubs fans. But as the roomful of still-seated experts suggests, there aren't a lot of advocates who are betting the ranch.

"We can reach the point where the cost of data theft outweighs the rewards," said Michael Lamont, chief of the Network Solutions Office at the National Security Agency's Central Security Service, which was the chief sponsor of the Trusted Computing Conference. "But we're not on a path to get there yet. We need to make some improvements."

"For the enterprises that turn it on, [Trusted Computing technology] achieves much more than they expected," said Steven Sprague, CEO of Wave Systems, which offers turnkey solutions that enable OEMs and enterprises to take advantage of TPM. "But a lot of people in IT don't understand it yet. It's not a pizza box that you can just plug in and it works without configuring it."

Neil Kittleson, Trusted Computing portfolio manager at NSA/CSS, offered an update on the development of Trusted Computing technology over the past year, including the addition of the ability to encrypt data on virtualized devices and the ability to manage TPM-secured PCs from off-the-shelf enterprise management systems.

In order to be adopted, Kittleson said, the industry needs to recognize that there is a requirement for Trusted Computing, that the technology is ready, and that the cost is affordable.

While TPM is available in most PCs, some enterprises may still feel it is not ready for prime time because of the proliferation of new devices such as smartphones and cloud technology, Kittleson acknowledged. "Enterprises need to know how these same technologies can be used to secure the rest of our devices," he said.

On the affordability front, there are very few actual deployments of Trusted Computing technology, so there are not many enterprises to attest to its cost efficiency, Kittleson stated. Sprague said that a Trusted Computing-enabled PC might cost around $300 more than an off-the-shelf machine.

While TPM is supported in many devices, most vendors don't offer adequate instruction on how to use it, Sprague said. "There's no technical guide for using TPM as a token on a Cisco or Juniper switch," he observed. "We are having to build templates that walk users through [implementation] step by step."

There are some large deployments of Trusted Computing technology beginning, Sprague said. Price WaterhouseCoopers has an 85,000-seat implementation, he said, and BASF is using TPM to provide self-encryption in about 80,000 devices.

"This is starting to happen in a lot of places," Sprague said. "The technology is there. The value is there. The history is unimportant."

But Kittleson acknowledged that after so many years of discussing Trusted Computing technology, it can be hard to get enterprises excited again.

"After six years, there's a bit of fatigue around the program," Kittleson said, speaking about the federal government's High Assurance Platform, which features Trusted Computing technology as a key component. "It hasn't gotten the traction it needed."

Sprague said TPM's development is moving forward with the same slow-but-steady adoption path as Ethernet or USB technology did in the past. "In those cases, the technology wasn't perfect, but the adoption continued. And now look where those technologies are."

Maybe this will be the year, Cubs fans. It could happen.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.


http://www.darkreading.com/authentication/167901072/security/client-security/231601787/trusted-computing-still-waiting-for-the-big-dance.html

Advanced Network Defense


http://www.comat.com.sg/Portals/0/Advanced%20Network%20Defense%20(Low).pdf

TPM Suite



http://origindownload.advantech.com/ProductFile/PIS/TPM%20SUITE/Product%20-%20Datasheet/TPM%20Suite_DS20110920151023.pdf

Trusted Computing Group Enables True Machine Identity In Systems With Trusted Platform Module

Date Published: September 20, 2011


Second new specification enables attestation via trusted network connect protocols



ORLANDO, Fla., Sept. 20, 2011 - Trusted Computing Group (TCG) today announced it has released new specifications that will make the Trusted Platform Module easier to deploy and will enable attestation of a platform via existing Trusted Network Connect network protocols.

The first specification, the CMC Profile for Attestation Identity Key (AIK) Certificate Enrollment) provides a standard way to request a TCG AIK certificate from a Certificate Authority (CA). The new protocol is built upon an existing IETF standard certificate enrollment protocol known as CMC, adding support for issuance of TPM-resident keys used for attestation. By residing in the TPM, the key is made resistant to common software-based attacks, such as theft by malware.

Attacks or theft of keys stored in software is a leading contributor to compromised systems. With the TPM, keys are protected even in use and are not accessible via the operating system, at boot-up or while the system is otherwise in use.

The second new specification layers upon existing network security protocols in the Trusted Network Connect (TNC) architecture from TCG. The specification, called the TCG Attestation - Platform Trust Services (PTS) Protocol: Binding to TNC IF-M, allows remote parties to obtain TPM-based attestation information using the TCG Platform Trust Services (PTS) software on the system being assessed.

The resulting information, signed by the TPM, can prove that the platform has not been changed or is not under the influence of malware. Combined with existing TNC assessment capabilities, the new PTS protocol increases the level of trustworthiness of a TNC assessment.

The strongSwan open source IPsec VPN software includes an implementation of the new PTS protocol to augment their TNC assessment of the VPN client platform. This assessment leverage the TNC protocols carried within an Extensible Authentication Protocol (EAP) tunnel as part of the Internet Key Exchange (IKE) version 2 protocol. The inclusion of the PTS Protocol allows both TNC software and TPM-based measurements of the client system to be obtained and verified during the establishment of the IPsec tunnel.

"TCG continues to integrate the TPM's hardware protected capabilities with software used to solve key customer problems. With the AIK enrollment specification, we make it simpler and faster for IT users to obtain certificates associated with TPM-protected keys in a scalable manner," noted Paul Sangster, co-chair, TCG Infrastructure Work Group.

"Also, the TPM can now play a key role, via the PTS Protocol specification, ensuring the TNC architecture can detect systems attempting to get on the network that are trying to misrepresent their software state, thereby preventing compromised systems from connecting."

On Thursday, Sept. 22, here at the NSA (National Security Agency) Trusted Computing Conference and Exposition, Sangster, a Distinguished Engineer with Symantec Corporation, will present "Attestation - Adding TPM-based Attestation to a TNC Assessment" in the Developing Trusted Computing Solutions track.

A number of demonstrations of the applications and benefits of the Trusted Platform Module and the Trusted Network Connect architecture will be shown here at the NSA Trusted Computing Conference and Exposition in Booth #401.

To get more information on the NSA Trusted Computing Conference and Exposition or to register, go to http://www.ncsi.com/nsatc11/index.html. TCG also has information and more details at http://www.trustedcomputinggroup.org/media_room/events/102.

Trusted Computing Group
The Trusted Computing Group (TCG) provides open standards that enable a safer computing environment across platforms and geographies. Benefits of Trusted Computing include protection of business-critical data and systems, secure authentication and strong protection of user identities, and the establishment of strong machine identity and network integrity. Organizations using built-in, widely available trusted hardware and applications reduce their total cost of ownership. TCG technologies also provide regulatory compliance that is based upon trustworthy hardware. More information and the organization's specifications and work groups are available at the Trusted Computing Group's website, www.trustedcomputinggroup.org. Follow TCG on Twitter and on LinkedIn



http://www.trustedcomputinggroup.org/media_room/news/218

Easing embedded processing development


http://www.eetindia.co.in/STATIC/PDF/201109/EEIOL_2011SEP20_EMS_MPU_TA_01.pdf?SOURCES=DOWNLOAD

Why SEDs Soon Will be the Defacto Drive: Industry Forecast and Predictions from Dr. Thomas Coughlin

October 5, 2011


Webcast

By 2017, it's expected that almost all hard disk drives will be self encrypting, which offers users highly secure data protection. What is driving this trend?

Dr. Thomas Coughlin, Coughlin Associates, has conducted an original new study forecasting the adoption of these new kinds of drives. In this free webinar/webcast Dr. Coughlin will discuss the hows and whys of self-encrypting drives (SEDs) and why your enterprise must be planning now for their deployment. Coughlin will also address key attributes of SEDs, their management and cost impact on your enterprise. He will reveal surprising insights from both makers of these drives and users. This valuable information, available for the first time from Dr. Coughlin and the Trusted Computing Group, will help your organization plan its near- and longer-term plan for migrating its data protection strategy. A short Q&A session will follow the presentation.

Date: Wednesday, October 5, 2011

Time: 10:00 AM PDT/1:00 PM EDT


http://www.trustedcomputinggroup.org/media_room/events/110



Thomas Coughlin, President, Coughlin Associates

Tom Coughlin, President, Coughlin Associates is a widely respected storage analyst and consultant. He has over 30 years in the data storage industry with multiple engineering and management positions at high profile companies. Tom is a frequent presenter at trade shows and technical conference and an organizer of several industry events. Dr. Coughlin has many publications and six patents to his credit. Tom is also the author of Digital Storage in Consumer Electronics: The Essential Guide, which was published by Newnes Press in 2008. Coughlin Associates provides market and technology analysis (including regular reports on digital storage technologies and applications such as professional media and entertainment and consumer electronics and a newsletter). His company, Coughlin Associates also provides consulting services. Tom is active with SMPTE, IDEMA, SNIA, the IEEE Magnetics Society, IEEE Consumer Electronics Society, and other professional organizations. He is currently marketing director for the SNIA SSSI. Tom is the founder and organizer of the Annual Storage Visions Conference (www.storagevisions.com), a partner to the annual Consumer Electronics Show as well as the Creative Storage Conference. Tom is also the chairman of the annual Flash Memory Summit. He is a Leader in the Gerson Lehrman Group Councils of Advisors and a member of the Consultants Network of Silicon Valley (CNSV). For more information go to www.tomcoughlin.com. Coughlin Associates can be contacted at 408-978-8184 or by email at tom@tomcoughlin.com.

http://www.snia.org/events/storage-developer2011/speakers

Trusted Infrastructure at NSA’s Trusted Computing Conference
Written by jj on September 16, 2011 – 9:49 pm

Next week, I’ll be presenting on trusted infrastructure at the 2nd Annual NSA Trusted Computing Conference in Orlando. This year’s focus is Using COTS technologies to deliver decisive defensive advantage.

Although a seemingly unlikely venue for this talk, it actually fits in quite nicely, adding a touch of network and infrastructure to a mostly platform-centric security topic. The presentation I’m delivering is centered on a topic I haven’t written or blogged about much so far - the IEEE 802.1X standard, specifically the new 802.1X-2010 (formerly referred to here as 802.1X-REV).



During this discussion, I’ll guide attendees through changes in the 1X standard that add a host of innovative and desirable features to a standard that has, thus far, been a great concept, but lacking in grandeur. I’m finding myself getting keyed up again at the prospect of this new revision taking off. Also included are some parallels and integrations between these standards and TPM.

Read more here about why I think 802.1X-2010 is the beginning of the next big thing!


Retaliation: Breaking Attack Vectors with a Trusted Infrastructure
Jennifer (Jabbusch) Minella, Carolina Advanced Digital
Examine new and emerging standards to build a trusted network infrastructure able to thwart spoofing, eavesdropping and malicious attacks that compromise integrity and availability of systems on local, wide area and wireless networks. Learn about the new MACSec encryption, key exchange, network advertisements and device identity (IEEE 802.1X-2010,AE/af/AR), plus TNC integrations.

Tuesday, 16:45, Developing Trusted Computing Solutions track

Along with my session (Tuesday afternoon) you’ll also find a slew of great talks from a variety of federal agency representatives and members of TNC/TCG. If you’re attending the conference, I strongly suggest you check out this list of talks on Trusted Computing Group’s event site. If you’re not sure what to attend, these are guaranteed to be winners. http://www.trustedcomputinggroup.org/media_room/events/102 .

Visit the NSA Trusted Computing Conference event site at http://www.ncsi.com/nsatc11 .


http://securityuncorked.com/2011/09/nsa-trusted-computing-con/

Intel admits that cyberattacks will inevitably succeed – we are not safe

September 16th, 2011 by Tim Greenhalgh


Intel’s admission this week that it was not secure and safe from cyberattacks – and that it was “inevitable” that its network defences would be breached makes me want to weep.

The world’s premier computer chip brand and much more, says that it cannot defend itself against the well-organised criminal gangs (soon to be companies) that make a living from stealing data that gives them an immediate financial benefit, and access to the ideas that any organisation considers its lifeblood.

So, are we busted?

I think we are. Intel bought the security technology firm McAfee (for $7.7billion) a year ago. A year is not long and the challenges of integration are fully accepted. But for the biggest chip maker in the world to admit now it has no full answer to network defence is truly shocking.

But wait… two days ago, McAfee/Intel announced a development in security that could make our eyes water. DeepTHROAT - er - sorry - DeepSAFE makes bold claims of newness and next-generation solutions.

It’s partially formed and we are asked to wait for further news. Meanwhile, the company whose rainbow coat is being not-too-gently tugged at, Wave Systems, has been there, done that and is the global leader in device-hardware based security solutions.

It helped to write the book that defines new industry standards through the Trusted Computing Group. It has spent millions of research dollars and has assembled an extraordinary team over the past 10 years that has delivered the proven, trusted next-generation solution to network security and true compliance.

Wave Systems (full disclosure, no apologies - a new and very valued client) - has been a key part of an open development in the security sphere for years. Given that the means to deliver robust, unbeatable network security and compliance have been freely available since before hacking became a multi-million dollar business, outstripping that of the illegal drugs economy, I’d just ask - “Where were you, Intel/McAfee and the rest? Why did you not move to protect us before now?”

We may learn more from Intel/McAfee over the next quarter and maybe it will present a robust next-generation security solution. But that’s a big ask. From where I’m sitting, the network security terrain globally is still totally blasted.

That’s because the terrain itself is quicksand. It never has been secure and, if we keep going with current network security “strategies”, we’ll all be sucked down.

The sign at the border of this terrain now should be signalling that we are all not safe and everything we have believed about the essential safety of network engagement, when we take the prescribed precautions, is just bull.

It’s not just Intel. Norton (Symantec) said this week that 1 million people globally were victims of cybercrime every day and its research also gives a taste of the extent of commercial crime.

For sure, the Norton research is aimed at the businesses and groups and individuals who have few or no online defences. But the point I took from the research is that strong commercial organisations with strong defences have been breached, at a painful financial cost.

Why is data breach inevitable? According to Perry Olson, Intel’s senior director for strategic response and global activities at Intel, new attack methods, such as slow-burning advanced persistent threat (APT) targeting or the orchestration of network penetration by distributed, large-scale botnets, means the company cannot stop data leaking from its organisation, according to

He told ZDNet: “[Network] compromise is inevitable, data loss is inevitable, what do we do? The threat vectors we’ve seen have changed drastically.”

What do we do? That’s a good question. Maybe we’re looking in the wrong direction, Maybe software security is not the way forward. Maybe we got it wrong.

We need to get it right. Or this networked, global economy is well and truly busted.

http://www.liberatemedia.com/blog/intel-admits-that-cyberattacks-will-inevitably-succeed-%e2%80%93-we-are-not-safe/

Cyber Security Report Identifies Key Research Priorities

ScienceDaily (Sep. 13, 2011) — Developing self-learning, self aware cyber security technologies, protecting smart utility grids and enhancing the security of mobile networks are among the top research priorities needed to safeguard the internet of tomorrow, according to a report released September 13.



Published by the UK's National Centre for Secure Information Technologies (CSIT), the report represents the outcome of discussions held during the inaugural World Cyber Security Technology Research Summit hosted by CSIT earlier this year.

The Belfast 2011 event attracted international cyber security experts from leading research institutes, government bodies and industry who gathered to discuss current cyber security threats, predict future threats and the necessary mitigation techniques, and to develop a collective strategy for next generation research.

The collective research strategy contained in the report identifies four research themes critical to the ongoing creation of cyber security defences:
1.Adaptive cyber security technologies -- research objectives in this area will include the development of self-learning cyber security technologies; self-awareness in cyber systems; the establishment of feedback in cyber systems to learn from cyber attacks.
2.Protection of smart utility grids -- research aims in this field will comprise: smart grid requirements gathering methodology; protection technologies for smart grid components; secure technologies for smart grid communications; smart grid and home area network integration that provides privacy and security of collected information; development of smart grid standards.
3.Security of the mobile platform and applications -- research in this space will target not only malicious applications but also mobile cyber security problems introduced by the configuration and use of mobile networks, including network availability, mobile web browsers and caller authentication.
4.Multi-faceted approach to cyber security research -- research will take into account social behavioural norms and societal desires in cyber space, cyber space policies, the impact of cyber and other legislation and the economics of cyber space and cyber security.

"Belfast 2011 brought together a diverse range of talent and knowledge in the cyber security field from which we have developed this strategy for next generation research," says Prof John McCanny CSIT's Principal Investigator.

"Our ambition is that this strategy will help to inform global cyber security research and act as a driver for cyber security roadmap definition over the coming year. We will hold future summits at which changes in cyber security will be discussed and the proposed collective research strategies will be reviewed and developed."

http://www.sciencedaily.com/releases/2011/09/110913103213.htm

A Privacy Preserving System for Cloud Computing


V. CONCLUSION
Data security and privacy is one of the biggest challenges
in Cloud Computing. Cloud data must be protected not only
against external attackers, but also currupt insiders. Our
proposed system follows the information-centric approach
which aims to make cloud data self-intelligent. In this
approach, cloud data are encrypted and packaged with a
usage policy. The data when accessed will consult its policy,
create a virtualization environment, and attempt to assess
the trustworthiness of the data environment (using Trusted Computing)

http://www.its.fh-muenster.de/greveler/pubs/privacyCloud.pdf


Mutual Remote Attestation: Enabling System Cloning for TPM based Platforms

Discussion and Conclusion
Our contribution in this paper is the proposal of a mutual attestation protocol
for identical TPM based platforms. We also provide source code and bootable
prototypes on our project website2.
Trusted Platform Modules are deployed in many PC clients (especially laptop
computers) since 2006 and they can be therefore viewed as commodity goods.
However, software applications using the TPM attestation functions are still rare
and to our knowledge limited to project prototypes.
While the ability of attesting a remote platform is supposed to be one of the
main functionalities of the Trusted Platform Module, TPM based remote at-
testation is still no ready-to-use technology. Real-world attestation applications
require not only that the system architecture to have a ready-to-implement TCG
Software Stack, but it must also have compatible hardware to support the rele-
vant TPM operations.
The hardware issues we have identied in section 3.4 require us to use two
identical hardware for the purpose of cloning TPM based systems, taking into
account the fact that the BIOS machine code needs to be part of the trusted
boot chain. Though hardware equivalence is rather a strong requirement for the
cloning procedures, it is still insucient in the following sense: We were unable
to add security relevant BIOS settings to the veriable state of the system in
an appropriate way. The activation of the extended reporting options results
into dierent PCR values for identical systems. Only by rigorously testing the
undocumented options in the BIOS setup submenu, we were able to derive a
BIOS conguration from which our mutual attestation scheme can be carried
out: i.e. the cloned system has the same PCR values and a change of security
relevant BIOS variables (e.g. DMA activation) is detected.
Our results show that the specied requirement [16] that \platform congura-
tion information being unique or automatically updated must not be measured"
is apparently violated. The full activation of extended security reporting options
results in dierent values on identical systems.
Note that the situation for TPM-Sealing is quite dierent from attestation
since there are ready-to-use software libraries and only one TPM platform is
involved per sealing or de-sealing procedure. An application architecture making
use of this TPM-based function would run on any compatible hardware since
sealed les are not to be migrated to dierent platforms in any case.
The purpose of Trusted Computing is to enable each endpoint to make a
trusted decision about the other endpoint, regardless of hardware background
and software congurations. Indeed in reality, it is hard to expect a homogeneous
enterprise with identical hardware, and completely synchronized BIOS settings,
and globally veried Service Packs installed. Future research in trusted comput-
ing should focus on more robust and
exible mechanism for trust establishment
and infrastructure. In the meantime, we will require from the system vendors a
well documented TPM platform together with a full disclosure of BIOS internal

http://www.its.fh-muenster.de/greveler/pubs/STM11paper.pdf

Transglobal Secure Collaboration Program Members to Speak at 2nd Annual NSA Trusted Computing Conference & Exhibition


Panel Discussion with The Boeing Company, Northrop Grumman, Raytheon, and Wave Systems Executives to Discuss “Securing the Supply Chain with Trusted Computing”

HERNDON, Va.--(BUSINESS WIRE)--The Transglobal Secure Collaboration Program (TSCP), the only government-industry consortium focused on secure collaboration in aerospace and defense (A&D), today announced that TSCP members from The Boeing Company, Northrop Grumman, Raytheon, and Wave Systems will participate on a panel discussion titled, “Securing the Supply Chain with Trusted Computing” at next week’s NSA Trusted Computing Conference & Exhibition in Orlando, Florida. This panel, part of the “Real World Examples” track, will provide attendees with insights into the catalysts behind secure collaboration and improved cyber security within the A&D sector. Topics will include the challenges facing federated identity and encrypted email, the role of device identity, and examples of successful adoption of trusted computing security within the supply chain.


“Securing the Supply Chain with Trusted Computing”


WHAT:

TSCP Panel: Securing the Supply Chain with Trusted Computing


WHO:

Moderator: JP Calderon, TSCP


Panel Members:



-- Eric Fleishman, The Boeing Company


-- Russell Koste, Northrop Grumman


-- Michael Daly, Raytheon


-- Steven Sprague, Wave Systems




WHERE:



2nd Annual NSA Trusted Computing Conference & Exhibition


Caribe Royale All-Suite Hotel and Convention Center in Orlando, Florida

WHEN:

Tuesday, September 20, 2011 (2:15pm – 3:00pm)


For more information about the 2nd Annual NSA Trusted Computing Conference & Exhibition go to: http://www.ncsi.com/nsatc11/index.html

About Transglobal Secure Collaboration Program (TSCP)

TSCP is the only government-industry partnership specifically focused on designing solutions to address the most critical issues facing the A&D industry: mitigating the compliance, complexity, cost and IT security risks inherent in large-scale, multi-national collaborative programs. TSCP was founded in 2002, and has delivered several specifications and guidance documents on securing A&D supply chain data. The group today focuses on identity federation policies and governance. TSCP is open to government organizations, prime contractors, integrators, suppliers and member trade groups. For more information, please visit www.tscp.org.




Contacts


Welz & Weisel Communications
Wayne Schepens, 410-533-9708
wayne@w2comm.com



http://www.businesswire.com/news/home/20110912005315/en/Transglobal-Secure-Collaboration-Program-Members-Speak-2nd

Finishing Off Summer with Trusted Platform Modules

Posted by Nathan Scott in C | cryptography | Work

After finishing my robotics work this summer, I wrote code to use Trusted Platform Modules (TPMs). They’re a unique piece of hardware because of the pre-boot feature. Usually, when a computer starts, it can’t run any sort of antiviral or hashing algorithm until you’re into operating system space. A TPM attempts to address that concern, as well as give a secure way to store RSA keys that has hardware guarantees past the typical public key crypto guarantees.

For the uninitiated, the OS only loads after the boot loader itself, which comes after the BIOS. This usually coordinates with the BIOS and does what my OS professor so aptly put as “black magic”. It’s code we don’t touch unless absolutely necessary. I’ve looked at it, and seriously, the people that develop GRUB must be masochists (GRUB is a bootloader typically used in Linux installs and has the ability to boot any OS).

The TPM gives us two great features: it’s hardware based, so it cannot be easily modified without exchanging the kernel modules that talk to it (or physically modifying the wafers… good luck), and it can hash the BIOS and bootloader. This means once the OS does start, we have the ability to check if the BIOS and bootloader are in a state in which we can say, “Yeah, that’s safe. That was the same state it was in last time we started the machine.” I should also mention that even if you DO replace the kernel modules that talk with the hardware, there’s this operation that deals with hashing components called an extend operation. Simply put, you need to know data that needs to be physically extracted from the chip in order to emulate the proper hashing. Even if that module gets replaced, when you ask the TPM “Hey, have things changed?” it should still report YES! even if just the module is replaced.

This part is manufactured at about 50 cents each. It’s extremely cheap, tiny, and soldered directly to the motherboard. It’s also in most computers now. The problem is the software implementation. The TPM spec is currently at 1.2, and version 2 should be coming out some time relatively soon. 1.1 legacy support really makes it difficult to support an over arching TPM API though.

I worked with TrouSerS, which was developed by IBM. It interfaces with most modern TPMs, but often code is outdated, undocumented, or poorly written (I encountered at least 100 goto statements in C code – please, let us leave that back in Assembly). Point is, I re-wrote some of tpmtools (which includes seal and unseal operations). You can make a hardware-ensured 2048-bit RSA key that can run over data to guarantee that data can ONLY be accessed if the machine (bootloader, BIOS, any OS modules, and arbitrary file hashes) are in a trusted state. That makes it EXTREMELY resilient to say, rootkits and low-level attacks. It’s a root of trust.

The drawback is that it DOES only cost 50 cents. It’s tiny and slow. However, you can use full cryptographic techniques in OS space to encrypt say, entire hard drives, and then make sure those crypto keys are stored securely with a TPM-based RSA key. It’s a giant daisy chain, but it does afford you a very real ability to guarantee your keys, hardware, and software have not been compromised since you obtained the machine.

That was six weeks of my life.

http://www.proelium.net/2011/09/finishing-off-summer-with-trusted-platform-modules/

Seagate has sent 1 million self-encrypting drives

Wednesday, September 7th, 2011 | News Hardware


Seagate announced Monday that it is more than 1 million self-encrypting hard drives (SEDs) is sent, and that they have a major government safety rating for the top four lines of laptop and enterprise-class products has received.


The company said the Cheetah, Savvio and constellation, the Momentus SEDs have secured FIPS 140-2 certification of the National Institute of standards and technology.


FIPs 140-2, one of the four levels of 140 certification, means a station has encryption plus some physical security, such as tamper-evident coatings or seals that must be broken in to access the cryptographic keys.


Seagate’s have tripled in the last two shipments of SEDs quarters, said Teresa Worth, a Seagate senior product marketing manager.


A reason for the boost in SED shipments, Worth said, is that if companies retire of hard drives, they are automatically opt for safer technology to replace them. They also noticed that original equipment manufacturers increasingly SEDs use in products.


“A [OEM] is leaning toward taking only self-encrypting drives,” said the host. “It really raises the bar in saying that you should have a safe system even play in the enterprise space.”


In the Cheetah, Savvio and Seagate hard drive SEDs families are used in storage, server and PC products sold by Dell, Fujitsu, Hitachi, IBM, LSI and NetApp constellation.


Most of the Seagate drives using the 128-bit AES encryption algorithm. As of last year the company began a renewal of the stations using the more advanced 256-bit AES algorithm, with its line of 7200 rpm which constellation drives.


“We will roll-out of 256-bit AES on other products this year,” said the host.

http://www.jomhardware.com/seagate-has-sent-1-million-self-encrypting-drives

Enabling Secure Collaboration and Implementing Cybersecurity Strategies Between Industry and Governments


You're Invited!


The Transglobal Secure Collaboration Program (TSCP) invites you to attend the TSCP Secure Collaboration Conference and EXPO on October 12 & 13, 2011 in The Hague, Netherlands - the only event that delivers the information and expert insights to help tackle today's pressing secure collaboration and interoperability requirements.

Hosted by The Netherlands Ministry of Defence, the conference will gather an unprecedented caliber of security leaders from government agencies, military departments, intelligence operatives and aerospace / defence and technology companies. Each will provide their own insights and experiences within critical areas of secure collaboration and interoperability, including information exchange, document labelling, Computer Intelligence and Security (CIS), cloud computing, and secure email encryption and much more.

Topics

--------------------------------------------------------------------------------
* Hear why TSCP members from both governments and industry have teamed to meet the challenges of secure information in the face of today's cyber threats.

* Experience live demonstrations of the secure collaboration capabilities that TSCP has developed in its on-going efforts to establish unified specifications at the highest levels of assurance within the public and private sector.

* Discuss and debate your secure collaboration and information sharing ideas with fellow attendees and subject matter experts – the last Expo had over 200 delegates in attendance.


Agenda at a Glance
WEDNESDAY, OCTOBER 12, 2011

8:30 am - 9:30 am Registration

--------------------------------------------------------------------------------

10:30 pm - 11:00 am Welcome and opening remarks
(agenda, logistics etc.)

--------------------------------------------------------------------------------

11:00 pm - 12:00 pm Secure Collaboration A&D, Gov, Tech and Supply Chain "360 Degree View"

--------------------------------------------------------------------------------

12:00 pm - 1:30 pm Keynote Speaker { NLMOD TBD} Lunch

--------------------------------------------------------------------------------

1:30 pm - 2:30 pm Document Labeling / Document Control Panel
2:30 pm - 2:40 pm Break / Refreshments

--------------------------------------------------------------------------------

2:40 pm - 3:40 pm
Break-Out Tracks
Legal Federation American Bar Association

PLM Panel (BAE Systems, NLR)

Public-Private Cyber Sharing Partnerships

Cyber Defence Capability Framework by NATO NC3A


--------------------------------------------------------------------------------

3:40 pm - 6:40 pm Expo tour and social event (Coffee etc available)
Expo Tour & highlight Capabilities overview


--------------------------------------------------------------------------------

THURSDAY, OCTOBER 13, 2011

9:30 am - 9: 50 am Welcome Day 2 opening remarks

--------------------------------------------------------------------------------

9:50 am - 10:45 am Cloud Computing Risks Panel (data protection) A&D, Gov, Tech and Supply Chain "360 Degree View"
10:45 am - 10:50 am Break

--------------------------------------------------------------------------------

10:50 am - 11:50 am Break Out Tracks
Legal Federation American Bar Association

APT Cyber security {Boeing Demonstration of Security Strategies and Industry Concerns}

PLCS and Share-A-space {Supporting Heterogeneous and Agile Supply Networks}


--------------------------------------------------------------------------------

11:50 pm - 1:20 pm Lunch and Keynote by Tim McKnight, NGC

--------------------------------------------------------------------------------

1:20 pm - 2:00 pm Computer Defence Architectural Framework
2:00 pm - 2:40 pm UKCeB SEEOTI {Signed and Encrypted Email Over The Internet}
2:40 pm - 2:50 pm Break

--------------------------------------------------------------------------------

2:50 pm - 3:30 pm In/Out sourcing of IT infrastructure service provisions By NATO NC3A

--------------------------------------------------------------------------------

3:30 pm - 6:00 pm Expo – Discover how technology member companies, Aerospace & Defence companies, and Governments are addressing complex cyber security.

Future Capabilities

Document Sharing through Federation 8130-3
Export Control using information Labeling Handling technics
Mobile emails (securing mobility)
Innovative Concepts
Web and IM Chat Guard
Trusted Platform Module
Physical Public Key Infrastructure Authentication
Secure communication using email extensions and labeling technics
6:30 pm End of the Conference

http://www.tscp.org/event/NL2011_invitation.html

Bridgeway Security Solutions Partner



Wave

A leading provider of software for hardware-based PC security to help solve critical enterprise PC security challenges such as data protection, strong authentication, network access control and the management of these enterprise functions.

The software enables organisations to identify who is connecting to their critical IT infrastructure, protect corporate data, and strengthen the boundaries of their networks.

Wave’s core products are based around the Trusted Platform Module (TPM), the industry-standard hardware security chip that is included as standard equipment on most enterprise-class PCs shipping today.

In 2007, the company expanded its presence in hardware security by joining forces with global hard drive manufacturer Seagate Technology, LLC. Wave is now the leading provider of support and management tools for Seagate’s full disk encrypting (FDE) hard drives.




BitLocker Management

Adds value to Microsoft's BitLocker, the industry's most advanced software-based full-disk encryption (FDE) solution, by providing a turnkey solution for the intuitive, centralised management of BitLocker clients across the enterprise.

More about BitLocker Management »



Embassy Remote Administration Server

Enables centralised IT administration to remotely deploy and manage PC clients that are secured with hardware or software encryption technologies.

More about Embassy Remote Administration Server »



Embassy Key Management Server

A server software product for the secure backup and restoration of protected keys from one TPM-enabled system to another according to security policies defined on the server.

More about Embassy Key Management Server »



Embassy Authentication Server

Provides centralised management, provisioning and enforcement of multi-factor domain access policies for a Windows environment. It achieves this using a combination of TPM credentials, smart card credentials, biometrics and passwords.

More about Embassy Authentication Server »




Partners
Wave


Get In Touch

Call: +44 (0)1223 97 90 90


http://www.bridgewaysecurity.com/partners/wave

KC Chiefs for me

Cryptographic / Trusted Computing Developer: Bloomberg

The Company

Bloomberg, the global business and financial information and news leader, gives influential
decision makers a critical edge by connecting them to a dynamic network of information,
people and ideas. The company's strength delivering data, news and analytics through
innovative technology, quickly and accurately - is at the core of the Bloomberg Professional
service, which provides real time financial information to more than 300,000 subscribers
globally. Bloomberg's enterprise solutions build on the company's core strength, leveraging
technology to allow customers to access, integrate, distribute and manage data and
information across organizations more efficiently and effectively. Through Bloomberg Law,
Bloomberg Government and Bloomberg New Energy Finance, the company provides data, news
and analytics to decision makers in industries beyond finance. And Bloomberg News,
delivered through television, radio, mobile, the Internet and two magazines, Bloomberg
Businessweek and Bloomberg Markets, covers the world with more than 2,300 news and
multimedia professionals at 146 bureaus in 72 countries. Headquartered in New York,
Bloomberg employs more than 13,000 people in 185 locations around the world.

The Role

Bloomberg is seeking a software engineer to work on next generation cryptographic and
trusted computing infrastructure. This position will require working as part of a team
responsible for the entire design and implementation from the hardware up. You will be
developing software at both low and high levels and helping with integration into the main
infrastructure. The ideal candidate will have expert level C skills, and have worked on
embedded platforms doing kernel level and device driver work.

Qualifications:
* 3 yrs + of expert level C development is required.
* A background in applied cryptography and security architecture (FIPS 140, Common Criteria,
MAC, etc.) is very helpful.
* Experience with embedded hardware design is also useful, although not strictly required.

Bloomberg is an equal opportunity/affirmative action employer and we welcome applications from all backgrounds regardless of race, color, religion, sex, national origin, ancestry, age, marital status, sexual orientation, gender identity, veteran status, disability, or any other classification protected by law.


Bloomberg

Bloomberg

Web: http://www.bloomberg.com

http://jobs.businessweek.com/a/all-jobs/list/q-Cryptographic+%2F+Trusted+Computing+Developer

Lead Cyber Trusted Computing Engineer-Booz Allen Hamilton

Description

Key Role:
Envision, develop, and implement trusted computing strategies, architectures, solutions, and standards for US Government and commercial clients. Improve the Cyber Security posture of the clients and leads to increased protection of the client's critical infrastructure and assets. Form and lead teams in the development of trusted computing solutions for critical clients. Expand the firm's capabilities and capacity in trusted computing through the oversight of hiring and training highly qualified staff, development of intellectual capital, and quality delivery to the clients. Enhance the firm's reputation by actively participating in trusted computing related conferences and events.

Qualifications

Basic Qualifications:
-10+ years of experience with implementation, configuration, and securing networks, systems, and applications
-5+ years of experience with operating system and application vulnerabilities, exploits, and remediation
-Experience with the Trusted Computing Group (TCG) standards and related products for the Trusted Platform Module (TPM) and Trusted Network Connect (TNC) specifications
-Knowledge of Information Assurance and System Security Engineering
-Ability to obtain a security clearance
-BA or BS degree

Additional Qualifications:
-Experience with Virtual Machine technologies, including Xen
-Experience with developing a highly-skilled workforce
-Possession of excellent entrepreneurial skills

Clearance:

Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.

Integrating the full range of consulting capabilities, Booz Allen is the one firm that helps clients solve their toughest problems, working by their side to help them achieve their missions. Booz Allen is committed to delivering results that endure.

We are proud of our diverse environment, EOE, M/F/D/V.

Job: Information Security Engineering
Primary Location: United States-Maryland-Linthicum
Travel: Yes, 5% of the time

Ad Code
, PR7, PR8

http://jobview.local-jobs.monster.com/Lead-Cyber-Trusted-Computing-Engineer-Job-Job-Linthicum-MD-US-102135428.aspx?ch=carbondale

VMware signs up more security vendors to vShield partner programme


McAfee, Symantec, Sophos and others promise virtual security protection

By Ellen Messmer | Network World US | Published 13:17, 01 September 11


VMware yesterday said it has added more security vendor partners to its vShield product development programme in which security firms work with the company to develop data protection specifically designed for VMware's flagship virtualisation platform, which today is vSphere 5.0.

At a VMworld presentation, Allwyn Sequeira, VMware's chief technology officer of security and vice president of security and network solutions, announced that McAfee, Symantec, Sophos, Kaspersky Lab, BitDefender and Lumension Security were now signed as part of the vShield initiative. However, these new partners themselves made little fanfare about it and weren't represented on stage.



Agentless protection

So far, only Trend Micro has been a VMware partner for vShield, developing anti-malware specifically designed with VMware for virtual machines using the agentless approach proposed to try and avoid the performance issues traditional agent-based anti-malware can engender when scanning virtualised environments. HP TippingPoint and Sourcefire have developed VMware-specific intrusion prevention systems.

Cisco and VMware expand their partnership at VMworld 2011

McAfee begged off discussing vShield altogether but today, Sean Doherty, Symantec chief technology officer and vice president of the security group, said Symantec is looking at how it might leverage the vShield approach, but there were as yet no formal decisions about precisely what Symantec would do.

Symantec isn't totally in agreement with VMware's agentless approach. "We believe you can't totally do anti-malware without an agent," said Doherty, adding Symantec does expect to have something more decisive to say about vShield by the year's end.

Upsetting the ancien regime

Along with technical issues, there are political implications to the vShield approach for security vendors with a large installed base of customers, as the programme asks for considerable investment in time and money to develop new types of security products under VMware's oversight, plus sharing of threat detection information with vShield Manager.

Sequiera acknowledged the vShield programme in many respects "does represent a challenge to the status quo" and that sometimes new ideas may be "viewed with suspicion." He says it is up to VMware to prove its concepts about the agentless approach are viable, and Trend Micro, with its Deep Security product, "was the first to jump on this." But he said he expects the new vShield partners may end up with a different product outcome than Trend Micro.

The pressure to make vShield and its APIs a success is on VMware in some respects because VMware's earlier VMsafe APIs weren't that successful. Sequiera candidly acknowledges that, saying, "we got the APIs wrong the first time," adding that "the major security vendors have found it hard to integrate with VMsafe."

Register
Subscribe to Newsletters

There are a handful of security products besides anti-malware in the market based on the VMsafe APIs, which are expected to be phased out eventually. VMware is reluctant to pin down an exact date, though some vendors anticipate end of next year.

Product expansion

Because VMware has so far reserved the role of software-based firewalls and data loss prevention under vShield to its own products, that has also contributed to unease among security vendors. But Sequiera says VMware is in discussions with Cisco on a firewall role in vShield. And there could be many other changes that could perk vendor interest. VMware insists its vShield APIs are open but in the early days of vShield has taken the approach of working very closely with a few selected vendors.

In general, the potential for building a new generation of security products specifically designed for VMware's virtualisation software may be just beginning. Sequiera said there is work underway with Intel to make use of the security and encryption available in the Trusted Platform Module (TPM) hardware.

VMware may have more to say about that by year end, but bringing in TPM use into virtualisation could provide strong authentication and security in the future.


http://www.computerworlduk.com/news/it-business/3300644/vmware-signs-up-more-security-vendors-to-vshield-partner-programme/

Sole Source Notice of Intent- Hytrust Software

Solicitation Number: NB773020-11-05507

Agency: Department of Commerce
Office: National Institute of Standards and Technology (NIST)
Location: Acquisition Management Division

Sep 01, 2011

9:45 am

Solicitation Number:

NB773020-11-05507


Notice Type:

Special Notice



Synopsis:


Added: Sep 01, 2011 9:45 am
Notice of Intent - Sole Source


The National Institute of Standards and Technology (NIST) Acquisition Management Division, on behalf of the NIST Engineering Laboratories, intends to negotiate with Hytrust, Inc.; Mountain View, CA, on a sole source basis under the authority of FAR Subpart 13.106-1 (b), Soliciting from a Single Source, to purchase the Hytrust Hypervisor Protection Software licenses and maintenance for the licenses.


Background:
The NIST Computer Security Division is performing research to secure a VMware virtualized computing environment by collaborating with various vendors to build a proof of concept implementation (POC) that is composed of specific interoperable hardware and software components delivering different security capabilities. The Intel Trusted Execution Technology (TXT) provides a hardware measurement capability that reports back results that can be consumes by the VMware vSphere software via an Intel plug-in. The measurement results are also used by the Hytrust appliance to assess and enforce a security and access policy. In addition, the RSA Archer software leverages the measurement results to report on the governance, risk and compliance state of the virtualized infrastructure based on different security framework requirements such as FISMA, HIPAA, PCI, etc. This POC demonstrates how a VMware virtualized infrastructure can be secured and comply with a specific security policy such as geographic tagging of the VMware vSphere hypervisor so the virtual machines cannot be moved across an non-authorized geographical location. The measurement artifacts and evidences are collected dynamically at the hardware and software level.


NIST collaborated with the Intel team to identify the security appliance products that can integrate with VMware vCenter management console, support the Intel TXT measurement and trusted platform module (TPM) support, and provide security controls for the VMware infrastructure in the area of authentication, security baseline configuration, and understanding of the NIST POC implementation. The Tripwire, Catbird, and Hytrust products were the only products identified as potentially being capable, and were reviewed by NIST and the Intel team using the list of capabilities. Tripwire and Catbird do not support TXT measurement which is the key requirement. NIST has identified that the Hytrust security appliance is the only COTS product that meets the necessary requirements to enable us to implement our proof of concept to demonstrate hardware based security measurement, enforcement, and compliance to NIST security requirements on a VMware virtualized platform. The following bulleted list identifies the necessary requirements that make the Hytrust security appliance software solution technically acceptable:
• Compatibility with VMware: Support VMware vSphere and ESXi (ESX 3.5/4.0; ESXi 3.5/4.0) and integrate with vCenter Server 2.5 and 4.0.
• Compatibility with Microsoft Active Directory: Integrate with Microsoft Active Directory so that the existing Windows deployed in the testbed can leveraged to provide unified access across heterogeneous infrastructure.
• Root Password Vaulting: Lock down privileged host accounts and provides passwords for temporary use to enable time-limited privileged account access.
• Compatibility with Intel Trusted Execution Technology: Leverage the Intel TXT capability to perform measurement of the hypervisor.
• Virtual Appliance Form-factor: Provided as a standard VMware-compatible virtual machine, which allows for easy drop-in deployment into any existing virtual infrastructure. Takes advantage of benefits afforded to any virtual machine, including backup, disaster recovery and redundancy capabilities.
• Host Configuration Templates: Enables assessment of the security configuration of VMware vSphere hosts against pre-built templates for VMware Best Practices and NIST developed security configuration baseline. Enables instant, one-click remediation of problems, ensuring consistent security configurations of all virtualization hosts.


The applicable NAICS Code for this requirement is 511210. NIST anticipates negotiating and awarding a firm-fixed-price purchase order to Hytrust Inc. for the software licenses and maintenance.


Interested parties that believe they could satisfy the requirements listed above for NIST may clearly and unambiguously identify their capability to do so in writing on or before September 7, 2011 at 10:00 am EDT. This notice of intent is not a solicitation. Information submitted in response to this notice will be used solely to determine whether competitive procedures could be used for this acquisition. Any questions regarding this notice must be submitted in writing via email to Keith Bubar at keith.bubar@nist.gov.





Contracting Office Address:

100 Bureau Drive, Building 301, Room B129, Mail Stop 1640
Gaithersburg, Maryland 20899-1640



Primary Point of Contact.:


Keith Bubar

keith.bubar@nist.gov

Phone: 3019758329

https://www.fbo.gov/?s=opportunity&mode=form&id=2247114a4809aadc9aa6fb3a9336e743&tab=core&_cview=0

TSCP Opens Membership to Systems Integrators and Software Developers

(sorry if previously posted)

Government-Industry Partnership Takes Major Step Toward Speeding Time to

Market for Solutions for Secure Information Sharing


HERNDON, Va., Aug. 14 /PRNewswire/ -- In a move that reflects
significant progress in the development of requirements for
information-sharing among defense agencies and their providers, the
Transglobal Secure Collaboration Program (TSCP) opens membership
eligibility to technology companies and systems integrators.
The only government-industry partnership of its kind, the TSCP is
chartered with defining the specifications for online collaboration,
identity federation and digital rights management-related technologies in
mission- critical environments. The TSCP's invitation gives software
developers and consultants a unique opportunity to work directly with
global defense agencies and aerospace and defense companies on developing
information-sharing solutions.
"We've built a very workable model for identifying, prioritizing and
integrating the needs of multiple constituencies for the benefit of all
over the past five years," said Jeff Nigriny, outreach director of the
TSCP. "The next logical step is to engage with those tasked with executing
the requirements in the form of market-ready products -- we're excited to
take this step and look forward to the contributions of those who share our
commitment to truly protecting sensitive data on the internet."
As members of the TSCP, systems integrators and developers can
participate in the reference implementation of each new part of the
specification to prove technical feasibility. While all parts of the TSCP
specification are put into the public domain after significant testing,
partners are expected to benefit from early access to specifications and
requirements for product roadmaps and consulting services, with the
opportunity to have products tested to meet TSCP specifications, and on the
market as much as nine months before the competition.
This year, the TSCP is focused on two major initiatives: secure e-mail
and federated document sharing. These offerings address critical security
and compliance needs, especially as the A&D supply chain becomes
increasingly integrated and global with outsourced delivery and service
models.
Current TSCP members include the U.S. Department of Defense (DOD) and
General Services Administration (GSA); U.K. Ministry of Defence (MoD) and
Department of Trade & Industry (DTI); the Netherlands Ministry of Defence
(MoD); BAE Systems; The Boeing Company; EADS/Airbus; Lockheed Martin;
Northrop Grumman; Raytheon; and Rolls-Royce.
For more information on membership costs and the application process,
please visit http://www.tscp.org .
About TSCP
TSCP is the only government-industry partnership specifically focused
on designing solutions to address the most critical issues facing the A&D
industry: mitigating the compliance, complexity, cost and IT security risks
inherent in large-scale, multi-national collaborative programs. The TSCP
was founded in 2002, and has delivered several specifications and guidance
documents on securing A&D supply chain data. The group today focuses on
identity federation policies and governance. The TSCP is open to government
organizations, prime contractors, integrators, suppliers and member trade
groups. For more information, please visit http://www.tscp.org .

SOURCE Transglobal Secure Collaboration Program

http://www.prnewswire.com/news-releases/tscp-opens-membership-to-systems-integrators-and-software-developers-58090252.html

Hardware Based Full Disk Encryption Is Almost Here…Now what?


Kelvin_Kwan
Technical Support

As many of you know, the Trusted Computing Group (TCG) was an initiative started by some well-known technology companies to help standardize and implement Trusted Computing. One of the first “products” to come from this was the Trusted Platform Module (TPM). There are various vendors that take advantage of the TPM chip for security related functions. (Full disclosure: Symantec is a member of the Trusted Computing Group.)

The next significant “product” to come from TCG is the Opal standards for Self Encrypting Drives (SED). The Opal standard is an industry standard for any hard disk drive (HDD) manufacture to sell SEDs that would comply with these standards. Now what this means, is that these HDDs will have encryption already built into the hardware.

“Great! We won’t need to evaluate any of the software encryption vendors out there. We can simply just buy SEDs from the major HDD manufactures and deploy them to our users and be fully encrypted and compliant,” you say.

Well it’s never that simple…

Opal based HDDs have many advantages. These include “always-on encryption,” full data-bus performance, and the ability to do a NIST approved cryptographic disk erase instantly. These are all great reasons to move to an Opal based drive.

However, there are some disadvantages as well. Currently, one of the biggest disadvantages is that Opal based HDDs are difficult to procure. If you check your favorite retailer or distributor, you’ll be hard-pressed to find an Opal drive that can be purchased immediately. It is however expected that these drives will be much more available in the later half of 2012.

Depending on your company’s requirements, you may or may not have a need for FIPS validated HDDs. But, if you do need FIPS, then there’s a premium to pay for FIPS validated HDDs. There are essentially two premiums to pay. The first premium is the SED Opal compliant drive over a standard non-encrypting drive. The second premium then becomes the FIPS certification. If you really want to take advantage of the full data-bus performance for an encrypted HDD, then you’ll want a Solid State Drive (SSD), but you really will be paying a premium then! I have to believe that only the truly hardcore users can fully take advantage of the increased performance of a SED and SSD combination.

The next issue with SEDs is how do you physically roll out the new HDDs to your user population? For each user/endpoint, you would physically have to image their existing HDD to the SED HDD. After that, you would then have to properly and securely erase or dispose of the original HDD. If not, someone is going to have a field day dumpster diving. Also, with today’s HDD capacities, it might take quite a bit of time to image a user’s 250GB+ HDD. You multiply this by the number of users/endpoints you have and this could easily become a multi-year project. Remember, each HDD you are replacing becomes a liability unless it is properly disposed of. Time in this case, is not on your side since there’s always a probability that someone whose endpoint is not encrypted loses their device while waiting for the SED replacement.

The biggest issue for SEDs, however is the management. Or, I should say, the lack of management out of the box. How do you manage the users, the recovery keys, policies, and reporting? You see, the HDD manufactures followed the Opal standard for software to interface with the HDDs. They, however, do not provide any type of software to manage these HDDs at all. This is where the various software vendors come into play. You will still need the ability to manage these SEDs. You will need the ability to recover the keys should the user forget their passphrase or need access for forensics. You will need to enforce security policies. You will need to be able to do reporting for compliance. Merely having built-in encryption on the HDD that is Opal compliant will not pass an auditor’s audit. You need to prove that the endpoint was properly encrypted at the time it went missing. Saying it was encrypted will not be sufficient. Per the various laws, you would then need to disclose the breach to the public and have your company’s reputation tarnished by the media and the public.

Now you might be trying to figure out what my agenda is. To be honest, there is no agenda; this is really just food for thought. I believe in playing devil’s advocate and always looking at things from both sides – is the glass half empty or half full? With that said, the release of Symantec Endpoint Encryption Full Disk Edition will be able to manage Opal compliant hardware. Thus, I have every reason to be pointing out the strengths of Opal and none of its weaknesses since Symantec sells the software to help manage, store recovery keys, enforce policies, and report on the status of the endpoints. I should also point out that if absolute speed is not your first priority, then PGP Whole Disk Encryption (WDE) might be of better value. You would really need to do a cost benefit analysis to see if SEDs are worth it for your company. I will say that when PGP WDE is on hardware that has AES NI, the performance “hit” is not perceptible by users at all. The only way to see the difference in performance would be to use performance-measuring software. If you’d like even more performance, you can also choose the cipher bit strength. By default, PGP WDE uses AES 256. PGP allows the InfoSec admins (via policy) to use AES 128 as an option. The combination of AES NI and AES 128 cipher on an SSD would satisfy even the most demanding SSD users. (AES 128 can also be used on standard spindle HDDs.)

Don’t forget, you will have to pay for the SEDs (more if it’s FIPS validated), and also the management of the SEDs regardless of which software vendor you choose. What is the true total cost of the increased performance?

http://www.symantec.com/connect/blogs/hardware-based-full-disk-encryption-almost-here-now-what

NSTIC: 'We're trying to get rid of passwords'

$17.5 million in strong-authentication pilot projects coming, if budget holds

By Ellen Messmer, Network World
August 18, 2011 12:24 PM ET

The federal government's National Strategy for Trusted Identities in Cyberspace (NSTIC) program, set up this spring, is making progress against its goal of identifying and supporting more secure alternatives to simple passwords that the government as well as anyone else might use in authenticating to online applications.

"We're trying to get rid of passwords. It's time for something better," says Jeremy Grant, senior executive adviser at the National Program Office for NSTIC, located at the National Institute of Standards and Technology. The federal government, he says, can lead in working with industry on better types of authentication for large-scale use that may be deemed preferable to passwords. The next step in this project involves setting up a steering committee with industry to foster consensus on standards and guidelines, with a slew of pilot projects expected next year, based on current budget expectations.

IN DEPTH: Can the Obama administration fix your identity-management problems?

Though the budget process is not complete, the Obama administration has $25 million allotted for the NSTIC program, and out of that, "$17.5 million is for pilots," says Grant, adding, "We haven't published yet what the criteria will be." However, the idea at present is to conduct about half a dozen pilot projects for strong authentication, making the funds available perhaps through a grants process.


The ambitious NSTIC program envisions an "identity ecosystem" of the future where there will be established ways to clearly assess identity in issuing credentials through approved assessors. Grant says the government is looking to private industry to take the lead on that in general. And though there will likely need to be standards and specifications for any identity ecosystem, especially in order to foster interoperability, Grant says NIST won't be writing these standards but trying to play the role of "facilitating the creation of consensus-based standards."

Grant says "the government is uniquely qualified to tackle the problem" of ushering in ways citizens could use stronger authentication than passwords not only in their necessary interactions online with the government but also perhaps in business as well. But the private sector is being given the lead in technologies for this because under NSTIC, "we're trying to get the government out of the identity business." But he says the government does want to make sure whatever comes about is done with suitable privacy safeguards -- plus complex legal and policy issues may well have to be sorted out.

Grant acknowledges that in trying to find common ground on which the high-tech industry and privacy advocates such as the Center for Democracy and Technology can all somehow stand together isn't necessarily easy, noting it can feel like "one of the largest cat-herding challenges of all time." He adds "there will be no central database under NSTIC," though if the government adopts NSTIC-approved services in the future for its own use, there would probably be a need to keep an audit trail for purposes of security.

"We can be an early adopter," he says, noting this would help the government bring online applications to the public that it can't do today because a password is simply not strong enough authentication.

"Passwords not only don't help provide much security, in many cases they can put the consumer at risk," says Don Thibeau, chairman of the Open Identity Exchange (OIX), whose membership -- which includes Google -- interacts with the federal NSTIC program. (OIX was set up as a sister organization to the OpenID Foundation, for which Thibeau serves as executive director.)

There's a need for "Internet identity standards on an Internet scale," says Thibeau. OIX is presenting its ideas related to OpenID and OAuth specifications, and its membership is interested in participating in pilot projects under NSTIC. But Thibeau also expects to see the private sector doing a few of its own pilot projects later this year with OIX sponsoring some interoperability and security pilots between Google, AOL and Hotmail email systems. The goal is to try to "define best practices for security on a cross-platform basis." He adds: NSTIC is "challenging security architects to come up with new thinking."

http://www.networkworld.com/news/2011/081811-nstic-future-249865.html

Cyberaware: Global Question Time

Fri 09 Sep 2011 - Teleconference


Topics will include:

DNS Security

SCADA

Trusted Computing

Cyber Law

Privacy



Guests include US Government, Academics and Experts including:

Ed Gibson; FBCS, PWC, ex FBI, ex Microsoft Chief Security Officer

Tim Roxy; NERC ICSJWG

Mark Fabro; LoftyPerch, SCADA Security Expert

David Lacey; ISACA, UK Research Director, ex UK FCO, ex Shell CSO

Adele Carter; Kiteway, PHD Researcher on CPNI

Brian Berger; Wave, Trusted Computing Group TCG


David Spinks; CSIRS, ex UK Nuclear Regulator

Bill Woodcock; Packet Clearing House, Research Director, DNS SEC Expert

Karen Lawrence Oqvist; HP, Senior Architect & Privacy Expert, MBCS CITP

Nigel Titley; RIPE NCC, Chairman of the Executive Board

Immo Huneke; MBCS, CITP, BCS Software Practice Advancement SG



https://ktn.innovateuk.org/web/4970551

(TSCP) response to the National Strategy for Trusted Identities in Cyberspace

http://www.nist.gov/nstic/governance-comments/Transglobal-SCP-NSTIC-NOI-7-22-11.pdf

YouProve: Authenticity and Fidelity in Mobile Sensing


http://www.cs.duke.edu/~lpcox/youprove-sensys11.pdf

Wave Still Hiring


Technical Support Analyst Positions based in Lee, MA Wave Systems Corp., a developer of information...

Source: Berkshires Marketplace

Ad Details:

Ad ID:

19438864

Created:

Aug 14, 2011

Expires:

Sep 12, 2011


Technical Support Analyst Positions based in Lee, MA Wave Systems Corp., a developer of information security software for hardware-based security platforms, needs an experienced Technical Support professional to provide support to Wave's growing customer base. Primary Responsibilities of the Technical Support Analyst: Provide technical expertise and support to our customers. Provide technical guidance and instruction on the use of computer technologies. Communicate technical information to non-technical personnel. Oversee desktop and server support problems and resolutions to determine trends, as well as ensuring that support procedures are being followed. Follow standard Help Desk operating procedures; accurately logging all customer contacts using call-tracking software. Monitor Customer Support operations and escalate help-tickets to ensure clients' problems are handled as expeditiously as possible. Follow up on support issues with customers to ensure that problems are resolved. Assist in the creation of online tools and documents to support customers. Minimum Qualifications: Experience with Windows XP/Vista/Windows 7. Familiar with Windows Server 2003/2008. Knowledge of a broad range of relevant multi-user computer systems, applications and/or equipment. Minimum of one year technical experience. Strong written and verbal communications skills. Ability to plan, organize and adapt within a multitasking environment. Strong computer application skills including Microsoft Word, PowerPoint, Excel and Outlook. Ability to work as part of a team. Preferred Qualifications: Bachelor's Degree in Computer Science or Information Technology (or equivalent). Detailed knowledge of, and experience with, Active Directory, network security, biometrics, cryptography, smart cards and public key infrastructure (PKI). Experience with Trusted Platform Module (TPM) and disk-encryption products. Experience with Microsoft CRM. An Equal Opportunity Employer, Wave offers competitive salary and benefits. Please email resume and salary history requirements to recruiting@wavesys.com or fax to (413) 243-7095

http://southernmaryland.kaango.com/ads/viewad/print?adid=19438864

Wave EMBASSY® Remote Administration Server (ERAS)

http://www.wave.com/dell/partner/03-000183_ERAS-DELL.pdf


Built-in Encryption: Military-Grade Data-at-Rest - Wave


http://www.wave.com/dell/partner/Dell-Federal_postcard.pdf

Software Development Engineer Microsoft



Software Development Engineer in Test II - Windows Security & Identity Job

Microsoft - Redmond, WA, US (United States)


Job Description
Job Category:
Software Engineering: Test
Location:
Redmond, WA, US
Job ID:
760502-47852
Division:
Windows Division

Specialized security hardware such as the Trusted Platform Module (TPM) technology is making data more secure than ever before. By leveraging the capabilities of trusted hardware to strengthen software, the Platform Integrity team is exploring cutting-edge innovations in computer security and helping provide solutions that even the best software can never do on its own.


Shipped software applications such as BitLocker(tm) Drive Encryption are great examples of the value trusted hardware can provide, but even great products like this are barely scratching the surface of what such hardware can do. Further securing the kernel, defending against rootkits, viruses, and malware, even protecting information from attackers with actual physical possession of a system is finally within reach when software solutions are integrated with trusted hardware. Join one of the most innovative teams in Windows Core Security, and help us improve the future by securing civilization!


We are looking for a highly motivated SDET with strong programming and testing skills. You will have opportunities to work across the entire spectrum from firmware to pre-OS to kernel mode to user mode.


Responsibilities:

- Partner with program managers and developers to ensure that functional specification and design specification are solid and effective.

- Create thorough test plans and comprehensive feature test specifications.

- Develop test automation and tools for owned features.

- Work with both internal and external partners to identify defects and drive quality into software, firmware, and hardware

- Develop and test automation for the Windows Logo Kit (WLK)

- Manage and track bugs


Qualifications:

- Strong C/C++ programming skills

- Solid test aptitude and good understanding of test methodologies

- Great problem solving, debugging, and troubleshooting skills

- Good understanding of operating system

- A degree in Computer Science or related field, or equivalent industry experience

- A background in security, experience with security hardware, exposure to BIOS/firmware concepts, or experience with UEFI a plus.

Additional Information
Posted:August 11, 2011Type: Full-time Experience: Not Applicable Functions: Other Industries: Computer Software Employer Job ID:760502-47852Job ID:1836306

http://www.linkedin.com/jobs/jobs-Software-Development-Engineer-1836306

TPM Case Study RADISYS


http://www.radisys.com/Documents/solutions/RAD_WearableComputer_CS.pdf

EMBASSY® Protector Datasheet




http://www.wave.com/collateral/03-000291_DataSheet-Protector.pdf

EMBASSY® Protector Centralized Removable Media Encryption, Port and Device Control

Despite advances in network security, it is still surprisingly easy to access sensitive data by simply connecting a memory stick or smart phone to an enterprise laptop, or to bridge private internal networks via a WiFi or 3G modem connection.

EMBASSY Protector defends your organization from the risks associated with endpoint data leakage. It’s simple and intuitive architecture provides centralized control and management over encryption of all data on removable storage devices, along-with every physical and wireless port across your enterprise. Plus, EMBASSY Protector comes with pre-configured security policies for regulations like PCI, HIPAA and SOX — so you don’t have to be a compliance expert:

Granular, Centralized Manageability and Encryption

Port Control: EMBASSY Protector lets you intelligently allow, block or restrict the usage of any or all computer ports across the enterprise according to the computer on which they are located, the user who is logged in and/or the type of port. Specifically, EMBASSY Protector controls USB, PCMCIA, FireWire, Secure Digital, Serial, Parallel, Modem (e.g., dialup, 3G, etc.), WiFi, IrDA and Bluetooth ports. For control of wireless ports and interfaces, EMBASSY Protector lets you specify which networks or ad hoc links are allowed access. You can specify the MAC address of the access points, SSID of the network, authentication method and encryption methods to define approved links.

Storage and Device Control: EMBASSY Protector also detects and allows the restriction of devices by device type, model and even by specific device serial number. EMBASSY Protector offers security administrators the option of completely blocking use of all storage devices or permitting read-only access. Additionally, EMBASSY Protector allows administrators to mandate the encryption of all data transferred from organization endpoints to approved removable media devices, such as USB flash drives, Disk on Keys, memory sticks and SD cards, as well as CD/DVD and external hard disks.

File Control: EMBASSY Protector further enhances endpoint security by monitoring and controlling file transfers to/from external storage devices, enabling you to selectively allow or block specific file transfers, generate logs and send real-time alerts about information written to or read from removable media devices or a CD/DVD. This ensures an audit trail of what data is transferred in and out of the organization, and may be used to analyze security incidents, keep track of users’ activity and help you better comply with security regulations.



Key Features:
•Granular control: Detect and restrict devices by type, model or unique serial number. Control WiFi access by MAC address, SSID or the security level of the network
•Data awareness: Control the transfer of files both to and from external storage devices according to file type
•Removable media encryption: Encrypt corporate data in motion on removable storage devices, external hard drives, and CD/DVDs
•Track offline usage of removable storage: Track file transfers to/from encrypted devices on non-corporate computers
•Built-in compliance policies: Establish security policies built from detailed configurations pre-mapped to specific regulatory compliance standards, such as PCI, HIPAA and SOX
•Anti-bridging: Prevent hybrid network bridging by blocking WiFi, Bluetooth, modems or IrDA while a computer or mobile device is connected to the wired corporate LAN
•Anti-hardware keylogger: Detect and block both USB and PS/2 hardware keyloggers
•U3 and autorun control: Turn U3 USB drives into regular USB drives when attached to organization endpoints, protecting against auto-launch programs by blocking autorun
•Flexible and intuitive management: Automatically synchronize with Microsoft Active Directory




To purchase or for more information, please email us at sales@wavesys.com or call us at (877) 228-WAVE.

http://www.wave.com/products/protector.asp