Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Didn't listen to the CC, anyone care to explain the 60,000 seats? Do these involve server upgrades and if not why did they order just the client software on such a large scale? Thanks and best to all, Foam
Snackman,
With HP on the horizon, Apple, Google and the U.S. govt. all moving towards trusted computing (not to mention all the other gorillas) you kind of have to wonder what is going on behind the scenes right now!!??!!?? - when the match hits the powder it's gonna be a pretty sight, in my opinion!
cheers, Foam
Quite a few Wave people working the HP account now
http://www.wave.com/about/sales_regions.asp
Andrew Avery
HP Director of Sales
281-550-4894
aavery@wavesys.com
Ray Mitchell
Partner Business Mgr — HP
402-290-6978
rmitchell@wavesys.com
Nikki Anderson
Partner Business Mgr — HP
773-606-8603
nanderson@wavesys.com
So Apple now also going the way of TCG
(First Google now Apple, this field is truly going to be explosive!! The only part I don't like is the "reverse engineering bit...)
http://www.linkedin.com/jobs?viewJob=&jobId=950544
Full-time
Experience:
Mid-Senior level
Functions:
Information Technology, Management
Industries:
Computer Hardware, Computer Software
Posted:
May 4, 2010
Compensation:
TBD
Employer Job ID:
4579523
Job Description
The Core OS group is looking for a talented and inspired manager to lead a team focused on the platform security of iPhone OS. The team is responsible for secure booting and installation of the OS, partitioning and hardening of security domains within the OS, cryptographic services, and risk analysis of security threats. The team is made up of a variety of security experts with backgrounds in system security and reverse engineering.
This position requires a very technical and hands-on leader, someone with a passion for understanding security exploits and coming up with innovative methods to create secure platforms. You must be a highly self-motivated individual who seeks to create a dynamic and creative team environment in which old problems are solved in new and innovative ways.
Job responsibilities include:
• Leadership and management of a team of talented security engineers in a fast-paced and demanding software development environment
• Setting the roadmap for the iPhone OS platform security with an emphasis on hardware support and trusted computing methods
• Creating and promoting a development environment that encourages innovation and sets high standards for quality and productivity
• Driving a methodology for proactively finding security vulnerabilities
• Working cross-functionally with other software, hardware, marketing, and support teams to provide the best platform security solutions for Apple’s products
Skills
Required Skills and Experience
• Minimum of 3 years experience managing a software development team
• Direct experience with cryptographic or security related technologies
* Expertise in system design as related to hardware and software security exploits
• Direct experience with developing on and for the Unix operating system
• Evidence of driving technical innovation
• Strong communication skills
• Bachelor’s degree in computer science or related field
Desired Skills and Experience
• Cross-platform project development experience is a big plus
• Experience with Mac OS X and iPhone OS is a big plus.
Company Description
There's the typical job. Punch in, push paper, punch out, repeat. Then there's a career at Apple. Where you're encouraged to defy routine. To explore the far reaches of the possible. To travel uncharted paths. And to be a part of something far bigger than yourself. Because around here, changing the world just comes with the job description.
Some Speakers for Trusted Infrastructure Workshop
TIW Sponsors
- Carnegie Mellon CyLab
- NSF (pending)
- AMD
- HP Labs
- Wave Systems
Contact:
http://spaf.cerias.purdue.edu/ias-opportunities/msg01007.html
Confirmed Speakers
Boris Balacheff, HP Labs
David Challener, Johns Hopkins APL
George Coker, NSA
Paul Congdon, HP
Anupam Datta, CMU
Paul England, Microsoft
Virgil Gligor, CyLab/CMU
Ken Goldman, IBM Research
David Grawrock, Intel
Trent Jaeger, Penn State
Jonathan McCune, CyLab/CMU
Ron Perez, AMD
Adrian Perrig, CyLab/CMU
Stan Potter, NSA
Bob Thibadeau, Wave Systems
My mistake-here are the testimonials regarding Bluerisc
http://www.bluerisc.com/index.php?option=com_content&view=category&layout=blog&id=16&Itemid=37
Testimonials
"In my view, BlueRISC's security approach is truly unique and extremely innovative. .... [S]ecurity is not added as an afterthought, as is the case with so many products today, but rather as part of an integrated, well-thought-out approach at both the software and hardware levels."
Dr Elena Trichina, Security Expert, Senior Member of Technical Staff System Hardware, Spansion International Inc.
"As the need for secure processing will only continue to increase ..., we believe that if BlueRISC continues its progress this technology could become very important in this segment."
Rob Scott, Manager New Technology Sourcing, Nokia
"The company's ability to offer complete solutions, including the firmware and tools, is impressive.”
Dr Elena Trichina, Security Expert, Senior Member Technical Staff System Hardware, Spansion
"It is our organizations belief that [BlueRISC] solutions will have significant positive impact on the security market by enhancing and expanding on the functionality and features currently defined by the Trusted Computing Group standards."
Sheila M Walker, VP of Business Development, Ntru Cryptosystems
"I have been very impressed with the solution... Delivering products across both software and hardware abstractions is very challenging and resource demanding but it is also an opportunity for strong differentiation. ... The combination of security services, unique security processor and software protection approach... makes BlueRISC's platform applicable in many possible directions."
Len Veil, CTO, Wave Systems
"Overall, the [Freescale] team was very impressed by the BlueRISC compiler-driven low-power approach ... and the company has made great additional progress, their solution has been complemented with a compiler-driven security technology. The combination of low power, security, and focus on a complete solution for content protection, securing DRM and financial applications is an attractive value proposition."
Mike Conroy, Strategy and Business Development, Freescale
This is very interesting (Bluerisc development-Wave,Nokia mention) Is this some indication of things to come? There was some previous post a few years back mentioning that Wave, Bluerisc, and Nokia had been in talks regarding some government business (can anyone find it?).
1) New website for Bluerisc with complete product offering that is trusted computing compliant
http://www.bluerisc.com/index.php?option=com_content&view=article&id=4&Itemid=25
The root of trust builds on BlueRISC's security processor, TrustGUARD, developed from the
ground up with many industry-unique security-compilation, instruction-set, and security-
architecture innovations. It provides chip-unique execution and random, fluid instruction sets. It
has support for many unique trust transfer techniques as well as Trusted Computing-compliant
protocols and security services. Unique mechanisms are supported for trusted debug,
installation, and firmware upgrade. All BlueRISC hardware platforms build on it.
The TrustGUARD processor is dual-issue and has sophisticated cryptographic acceleration,
trusted execution, trusted co-execution, virtualization with multiple layers of security for
isolating applications, and support for multiple peripherals. It has intrinsic protection against
physical attacks, side-channel attacks (fault injection, DPA, and EMA) and protection against
reverse engineering of any software it runs.
2) Wave, NTRU, Nokia testimonials:
http://www.bluerisc.com/
index.php?option=com_content&view=category&layout=blog&id=16&Itemid=37
Rui De Sousa
Cloud Computing and Security – A Natural Match
http://www.trustedcomputinggroup.org/.../cloud_computing_and_security__a_natural_match
Interesting General Dynamics job ad
http://jobview.monster.com/Hardware-Design-Engineer-Job-Detroit-MI-US-87694782.aspx
Background in the following areas desired: Virtualization technology (such as Intel VT-d), Trusted Execution Technology (TXT), trusted boot technology (such as Trusted Platform Manager), Xilinx single chip crypto (SCC), hypervisors, software separation kernels, NSA's High Assurance Platform and it's G.H.O.S.T. implementation, Green Hills Integrity, Wind River MILS, Experience with successfully leading a product NSA certification (emphasis on Army), red/black data separation, data encryption, cryptography, cross domain guards, KVMs, intrusion detection, multi-level authentication, Knowledge of DOD regulatory policies relating to Information Assurance (IA), Public Key Infrastructure (PKI), DoD Information Assurance Certification and Accreditation Process (DIACAP)
General Dynamics Secure Virtual Environment/TVE(hosted by Dell)
Dell | Integrity Secure Client Solution
(Pretty enticing offering!!!)
http://content.dell.com/us/en/fedgov/fed-solutions-dell-integrity-secure-client-solution.aspx?~ck=mn
Today, many federal agencies that need to work with information of varying security requirements are forced to use multiple systems and resort to physical separation as the only option to keep data completely safe. This results in:
* Very complex infrastructure
* Extremely inefficient computing
* Multiple different platforms
* Increased staffing and maintenance
* Bigger footprint
* Higher energy consumption
* Circumvention of security policies just to simplify day-to-day operations
Dell is committed to helping its customers achieve the highest level of protection using multi-network and multilevel security* (MLS), to enable them to focus on their mission and goals. In line with this commitment, Dell has teamed up with INTEGRITY Global Security to combine its core strengths — IT simplification, world-class services and support — with INTEGRITY Global Security’s separation kernel technology and expertise. This alliance aims to deliver a highly secure, easily manageable and readily supportable solution to customers.
The Dell™ | INTEGRITY Secure Consolidated Client Solution helps simplify complex secure environments by letting users access multiple network domains and levels of secure data from a single computing device, while preserving a high level of assurance that the data is securely separated.
The solution was designed with top-level security in mind. The Dell | INTEGRITY Secure Consolidated Client Solution brings the same INTEGRITY separation kernel technology that has protected the world’s high-value data and provided a high-assurance platform in military-embedded systems for over 10 years. This technology is now available for general computing platforms.
Multi Level Security
The Dell | INTEGRITY Secure Consolidated Client Solution is composed of Dell OptiPlex™ systems with Intel® vPro™ technology, the INTEGRITY-178B Separation Kernel, and a suite of services and support offerings.
This solution uses the INTEGRITY separation kernel technology to provide isolation between processing domains on a single physical platform. Each domain consists of a virtual machine and a guest OS, such as Microsoft® Windows®, executing within the virtual machine, and can be set to different security sensitivities. Users can easily toggle between domains with a keystroke.
This multi-wire solution supports both a thick-client processing (full OS on the client) with direct connectivity to the server environment and simultaneous thin-client processing. This enables customers to optimize server-side virtualization offerings, such as VMware® or Citrix®. You can address requirements for robust desktop capability for one security level or network domain, while providing lighter weight functionality in others.
The Dell | INTEGRITY Secure Consolidated Client Solution is designed to plug and go, integrating seamlessly into the existing infrastructure with almost no administration requirements. It also retains the familiarity of the existing user interfaces, so end users and help desk personnel need minimal learning.
The solution has design parameters intended to meet stringent requirements used by the government for data separation and is based on proven technology:
* INTEGRITY-178B separation kernel — Certified by NIAP to EAL6+ and High Robustness¹
* Dell OptiPlex platform — A popular and widely used platform in the government space
In addition to simplified infrastructure and improved securability, Dell| INTEGRITY Secure Consolidated Client Solution delivers a high level of supportability to customers in this market. Almost all the services that Dell provides through Dell ProConsult™, ProManage and ProSupport offerings will be available as part of this solution. And when required, the services personnel supporting the customer (whether Dell or its partners) will have designated government security clearances at a level commensurate with those of the supported customer.
“It has been called the Holy Grail... now security used by the military is for the first time, available to the enterprise. Instead of having four computers for a user, you only need one, and you only need one wire. When we are deploying forward, it reduces our air-lift requirements, it reduces our power requirements, it reduces our staff costs.”
— Elwood “Bud” Jones, Program Manager for Multinational Information Sharing, CENTCOM
Benefits of the Dell | INTEGRITY Secure Consolidated Client Solution
With the Dell | INTEGRITY Secure Consolidated Client Solution, users in an organization can use a single physical system to access data of varying security sensitivities. They can work on publicly accessible documents, or access the Internet on the same system where they work on classified or other security-sensitive documents — but have the sessions securely separated from each other.
Dell believes that in complex environments, high-level security requires more than just data separation. It needs to include improving the manageability of the secure environment, as well as simplifying the infrastructure to help reduce the possibility of human error and inadvertent breaches. It needs, in a word, securability.
The Dell | INTEGRITY Secure Consolidated Client Solution offers securability, simplicity and supportability. Together they help IT professionals lower total cost of ownership (TCO) with:
* Reduced hardware through client system consolidation — Simplified infrastructure
* Reduced support staff and labor required — Less hardware to manage
* Reduced client footprint — Recaptures valuable workspace
* Reduced power and energy consumption — Fewer systems required
* Easy and fast network setup and administration — No separate user interface
* Minimal training — The end-user environment is already familiar
Dell streamlines product and software support with this solution by providing a suite of services and support offerings — ProConsult, ProManage and ProSupport — that helps organizations simplify IT.
Why Dell?
Dell uses its core strengths — IT simplification, services and an OEM support model — to offer end-to-end solutions, including software, hardware, services and support. The Dell | INTEGRITY Secure Consolidated Client Solution is an opportunity to modernize your IT environment and make it more secure.
The Dell | INTEGRITY Secure Consolidated Client Solution is currently available from Dell. Contact your Dell sales representative at 888-375-9863 if you are interested in knowing more about this solution or other Dell MLS portfolio offerings.
* (Multilevel security (MLS) refers to the ability for multiple users with different levels of security requirements to simultaneously access resources of different network domains and security levels on a single system — while preventing them from accessing any information for which they lack proper authorization.)
¹ INTEGRITY- 178B Separation kernel was granted EAL6+ and High Robustness certification by the National Information Assurance Partnership, overseen by the National Security Agency and the National Institute of Standards and Technology to Green Hills Software, parent company of INTEGRITY Global Security, September 2008. For more information please visit
http://www.niap-ccevs.org/cc-scheme/vpl/
New Events posted for Wave
http://www.wave.com/news/tradeshows.asp
TechTarget MA 201 CMR 17 — Newton, MA
Wave Systems Corp. Tabletop
April 20, 2010
DISA
To Top
DISA — Nashville, TN
Wave Systems Corp. Exhibiting in TKC’s Booth
May 3-6, 2010
DISA
Technical Brief Elastic Computing Platform High Assurance Edition 3.2
http://www.enomaly.com/fileadmin/docs/Enomaly_ECP_HAE.pdf
Interesting topics at Trust2010(Google very present!)
http://www.trust2010.org/program.html
(Also a Google keynote in addition to the ones in bold below)
Conference Paper Sessions
Trustworthy Systems I (Attestation)
Monday 11:00 - 12:30
* Beyond Kernel-level Integrity Measurement: Enabling Remote Attestation for the Android Platform
Mohammad Nauman and Sohail Khan and Xinwen Zhang and Jean-Pierre Seifert (Institute of Management Sciences Pakistan and Samsung Information Systems America, USA and Technische Universität Berlin & Deutsche Telekom Laboratories)
* SBAP:Software-Based Attestation for Peripherals
Yanlin Li and Jonathan M. McCune and Adrian Perrig (Cylab, Carnegie Mellon University)
* Key Attestation from Trusted Execution Environments
Kari Kostiainen and Alexandra Dmitrienko and Jan-Erik Ekberg and Ahmad-Reza Sadeghi and N. Asokan (Nokia Research Center Helsinki, Finland and Ruhr-University Bochum, Germany)
Privacy Enhanced Trusted Systems
Monday 15:00 - 16:30
* Anonymous Authentication with TLS and DAA
Emanuele Cesena and Hans Löhr and Gianluca Ramunno and Ahmad-Reza Sadeghi and Davide Vernizzi (Politecnico di Torino, Italy; Ruhr-University Bochum, Germany)
* Group-Based Attestation: Enhancing Privacy and Management in Remote Attestation
Sami Alsouri and Oezguer Dagdelen and Stefan Katzenbeisser (TU Darmstadt)
* Escrowed Data and the Digital Envelope (Short Paper)
King Ables and Mark D. Ryan (University of Birmingham, UK)
* Engineering Attestable Services (Short Paper)
John Lyle and Andrew Martin (Oxford University Computing Laboratory)
Designing Trust
Monday 17:00 - 18:00
* Ignore These At Your Peril: Ten principles for trust design
Jens Riegelsberger and M. Angela Sasse (Google Research UK and University College London UK)
* Privacy Requirements Engineering for Trustworthy e-government Services
Nikos Vrakas and Christos Kalloniatis and Aggeliki Tsohou and Costas Lambrinoudakis (University of Piraeus and University of the Aegean)
Trustworthy Systems II (Applications)
Tuesday 10:30 - 12:30
* Towards A Trusted Mobile Desktop
Marcel Selhorst and Christian Stüble and Utz Gnaida and Florian Feldmann (Sirrix AG and Federal Office for Information Security (BSI), Germany)
* Application of Trusted Computing in Automation to Prevent Product Piracy
Nora Lieberknecht (Research Center for Information Technology, Embedded Systems and Sensors Engineering (ESS))
* Lagrangian E-Voting: Verifiability on Demand and Strong Privacy
Lukasz Krzywiecki and Miroslaw Kutylowski (Wroclaw University of Technology)
* microTSS - A Simplified Trusted Software Stack
Christian Stüble and Anoosheh Zaerin (Sirrix AG)
Trust in Network
Tuesday 15:00 - 16:30
* Can Competitive Insurers improve Network Security?
Nikhil Shetty and Galina Schwartz and Jean Walrand (EECS, UC Berkeley)
* Nudge: Intermediaries' Role in Interdependent Network Security
Jens Grossklags and Svetlana Radosavac and Alvaro Cardenas and John Chuang (Princeton University, DoCoMo USA Labs, Fujitsu Laboratories of America, University of California at Berkeley)
* How the Public Views Strategies Designed to Reduce the Threat of Botnets
Brent Rowe and Dallas Wood and Douglas Reeves (RTI International and NC State University)
Trustworthy Systems III (Integrity)
Tuesday 17:00 - 18:00
* Requirements for an Integrity-Protected Hypervisor on the x86 Hardware Virtualized Architecture
Amit Vasudevan and Jonathan M. McCune and Ning Qu and Leendert van Doorn and Adrian Perrig (CyLab/CMU and Nvidia Corp. and AMD)
* Dynamic Enforcement of Platform Integrity (Short Paper)
Martin Pirker and Ronald Toegl and Michael Gissing (Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Austria)
* An Improved Memory Integrity Protection Scheme (Short Paper)
Yin Hu and Berk Sunar (ECE Department, WPI)
Building Trust
Wednesday 10:30 - 12:30
* Axiomatic and Behavioural Trust
Clark Thomborson (University of Auckland)
* The Leap of Faith from Online to Offline: An exploratory study of Couchsurfing.org
Jun-E Tan (Nanyang Technological University, Singapore)
* The Role of Soft Information in Trust Building: Evidence from Online Social Lending
Stefanie Pötzsch and Rainer Böhme (TU Dresden and International Computer Science Institute Berkeley)
* Software on the witness stand: what should it take for us to trust it?
Sergey Bratus and Ashlyn Lembree and Anna Shubina (Dartmouth, Franklin Pierce, Dartmouth)
Anonymous Attestation Schemes
Wednesday 15:00 - 16:30
* A DAA Scheme Using Batch Proof and Verification
Liqun Chen (HP Labs)
* A Pairing-Based DAA Scheme Further Reducing TPM Resources
Ernie Brickell and Jiangtao Li (Intel Corporation)
* An Anonymous Attestation Scheme with Optional Traceability
Jiangtao Li and Anand Rajan (Intel Corporation)
Trustworthy Systems IV (Trusted Components and Primitives)
Wednesday 17:00 - 18:30
* Introducing the Trusted Virtual Environment Module (TVEM): A New Mechanism for Rooting Trust in Cloud Computing
F. John Krautheim and Dhananjay S. Phatak and Alan T. Sherman (UMBC)
* SegSlice: Towards a New Class of Secure Programming Primitives for Trustworthy Platforms
Sergey Bratus and Michael E. Locasto and Brian Schulte (Dartmouth College and George Mason University)
* Robust Combiners for Software Hardening - Extended Abstract (Short Paper)
Amir Herzberg and Haya Shulman (Bar Ilan University)
* The PUF Promise (Short Paper)
Heike Busch and Miroslava Sotakova and and Stefan Katzenbeisser and Radu Sion (TU Darmstadt and Stony Brook University)
Excellent find New Wave. Looks like those TPMs are finally going to light up the cyber-sphere, so to speak. It's about Time!!
Good GD article on government priorities in cyber security
http://www.nationaldefensemagazine.org/archive/2010/May/Pages/ShareandProtectSensitiveData.aspx
Is It Possible to Both Share and Protect Sensitive Data?
May 2010
By Scott Dunderdale and Stan Tyliszczak
Cyberthreats to the nation’s critical infrastructure make it tempting to lock down buildings, networks and data, thus, limiting access to mitigate risks. However, completely restricting data access can impede mission-critical communication.
The Defense Department must be able to communicate critical intelligence across agencies and geographic boundaries quickly and securely.
Deputy Defense Chief Information Officer David Wennergren said in a February 2010 interview that two top priorities are information sharing and information security. In the past, the Pentagon treated these issues as two separate disciplines. But Wennergren noted that today, information sharing and information security must be managed together.
Information assurance is used to ensure the availability, integrity, authentication, confidentiality and non-repudiation of information systems and critical data, both classified and unclassified
Information assurance is fundamentally about protecting information. Where “walled gardens” and information silos might have been acceptable in the past, today’s missions require sharing information across dynamic and cross-functional organizations. More sophisticated techniques are needed to provide mission assurance while still maintaining necessary information assurance.
Protection begins with evaluating the sensitivity of the data. It is imperative to determine which parties can access information, whether that information is law enforcement data or classified national security intelligence. Policies and procedures, as well as technology solutions — from CAC (common access cards) to secure ID tokens to biometric scans and other tools — verify access for authorized individuals and keep others out.
Information integrity is another component of the information assurance approach. Beyond information access, users need to know that the information is accurate and unaltered. Data that is corrupted can seriously impede an agency’s ability to meet its mission, whether that is national defense or public safety. Technology tools can monitor and audit who is accessing data, how long they are accessing it and whether they are editing it, intentionally or unintentionally. The monitoring and the associated audit logs support forensic analysis and law enforcement activities.
A third element of information assurance is network security. Network security is not just about keeping bad actors out; it is about enabling information sharing across, within and among U.S. agencies and mission partners. Skilled systems analysts use technology solutions to monitor networks 24/7, where they watch for unusual patterns. Completely locking down devices containing secure information or, in some cases, opening a trail leading back to the cyberattacker are achievable in the case of a security breach.
Often, agencies believe that the best protection is to put all of their valuable information in a “walled” environment. The challenge, then, is allowing access to that information. Many entities build virtual fortresses that house packages of sensitive data.
In the intelligence and defense sectors, sharing legitimate information while simultaneously denying unauthorized access is a delicate balance. New initiatives, such as the Intelligence Community Information Integration Program (ICI2P), have lowered technological and policy barriers that formerly prevented intelligence analysts from sharing information and accessing all available data.
Individuals with varying clearance levels need access to information simultaneously. Authorized access needs to be quick and seamless. Many systems incorporate “multi-level security” capabilities, which permits simultaneous access by users with different security clearances. It also allows higher-cleared individuals to easily share sanitized documents with lower clearance individuals.
Further, multi-level security can leverage virtualization software, allowing a user to view multiple security domains simultaneously on a single display. So-called “high assurance platforms” provide a secure computing environment that can host multiple domains.
Defending sensitive network assets means securing communication and computing devices that interface with local, deployed, strategic and tactical networks. Multi-level and cross-domain computing safeguards information while optimizing the ability to access information from multiple sources. Securing communications devices with data-in-transit and data-at-rest encryption allow immediate access to mission-critical information to authorized parties without opening the door to external threats.
While collaborative information sharing tools continually advance to offer improved security measures, collaboration solutions should mirror the high levels of reliability and information assurance that missions require. Adopting ITIL (Information Technology Infrastructure Library) practices will help ensure that operational processes meet the reliability standards that the missions require. It will also help ensure that agencies stay within mandated security regulations. Investing in work force training, in both ITIL and information assurance disciplines, and automated service management tools will ensure proper support of demanding mission requirements.
Cordoning off network and data in order to protect national interests is no longer a viable solution. Controlling access to sensitive data, ensuring information integrity, protecting the network and enabling collaboration will make it possible to share intelligence across agencies and with coalition partners.
Scott Dunderdale is director of information assurance strategic planning at General Dynamics C4 Systems. Stan Tyliszczak is senior director of technology integration at General Dynamics Information Technology.
More On High Assurance (via TPM) Cloud Environments
April 11th, 2010 beaker
http://www.rationalsurvivability.com/blog/?p=1809
Back in September 2009 after presenting at the Intel Virtualization (and Cloud) Security Summit and urging Intel to lead by example by pushing the adoption and use of TPM in virtualization and cloud environments, I blogged a simple question (here) as to the following:
Does anyone know of any Public Cloud Provider (or Private for that matter) that utilizes Intel’s TXT?
Interestingly the replies were few; mostly they were along the lines of “we’re considering it,” “…it’s on our long radar,” or “…we’re unclear if there’s a valid (read: economically viable) use case.”
At this year’s RSA Security Conference, however, EMC/RSA, Intel and VMware made an announcement regarding a PoC of their “Trusted Cloud Infrastructure,” describing efforts to utilize technology across the three vendors’ portfolios to make use of the TPM:
The foundation for the new computing infrastructure is a hardware root of trust derived from Intel Trusted Execution Technology (TXT), which authenticates every step of the boot sequence, from verifying hardware configurations and initialising the BIOS to launching the hypervisor, the companies said.
Once launched, the VMware virtualisation environment collects data from both the hardware and virtual layers and feeds a continuous, raw data stream to the RSA enVision Security Information and Event Management platform. The RSA enVision is engineered to analyse events coming through the virtualisation layer to identify incidents and conditions affecting security and compliance.
The information is then contextualised within the Archer SmartSuite Framework, which is designed to present a unified, policy-based assessment of the organisation’s security and compliance posture through a central dashboard, RSA said.
It should be noted that in order to take advantage of said solution, the following components are required: a future release of RSA’s Archer GRC console, the upcoming Intel Westmere CPU and a soon-to-be-released version of VMware’s vSphere. In other words, this isn’t available today and will require upgrades up and down the stack.
Sam Johnston today pointed me toward an announcement from Enomaly referencing the “High Assurance Edition” of ECP which laid claims of assurance using the TPM beyond the boundary of the VMM to include the guest OS and their management system:
Enomaly’s Trusted Cloud platform provides continuous security assurance by means of unique, hardware-assisted mechanisms. Enomaly ECP High Assurance Edition provides both initial and ongoing Full-Stack Integrity Verification to enable customers to receive cryptographic proof of the correct and secure operation of the cloud platform prior to running any application on the cloud.
* Full-Stack Integrity Verification provides the customer with hardware-verified proof that the cloud stack (encompassing server hardware, hypervisor, guest OS, and even ECP itself) is intact and has not been tampered with. Specifically, the customer obtains cryptographically verifiable proof that the hardware, hypervisor, etc. are identical to reference versions that have been certified and approved in advance. The customer can therefore be assured, for example, that:
* The hardware has not been modified to duplicate data to some storage medium of which the application is not aware
* No unauthorized backdoors have been inserted into the cloud managment system
* The hypervisor has not been modified (e.g. to copy memory state)
* No hostile kernel modules have been injected into the guest OS
This capability therefore enables customers to deploy applications to public clouds with confidence that the confidentiality and integrity of their data will not be compromised.
Of particular interest was Enomaly’s enticement of service providers with the following claim:
…with Enomaly’s patented security functionality, can deliver a highly secure Cloud Computing service – commanding a higher price point than commodity public cloud providers.
I’m looking forward to exploring more regarding these two example solutions as they see the light of day (and how long this will take given the need for platform-specific upgrades up and down the stack) as well as whether or not customers are actually willing to pay — and providers can command — a higher price point for what these components may offer. You can bet certain government agencies are interested.
There are potentially numerous benefits with the use of this technology including security, compliance, assurance, audit and attestation capabilities (I hope also to incorporate more of what this might mean into the CloudAudit/A6 effort) but I’m very interested as to the implications on (change) management and policy, especially across heterogeneous environments and the extension and use of TPM’s across mobile platforms.
Of course, researchers are interested in these things too…see Rutkowska, et. al and “Attacking Intel Trusted Execution Technology” as an example.
Full disk encryption isn't quite dead
April 13, 2010
http://www.infoworld.com/d/security-central/full-disk-encryption-isnt-quite-dead-359?source=footer
Basic security measures can thwart innovative attempts to crack hard-drive encryption
Thanks - Have been curious as to the specifics of this. Nice production, but very short on the nuts and bolts. Cheers, Foam
More Fujitsu and Trusted Cloud
https://www.cmpevents.com/CSISX10/a.asp?option=C&V=11&SessID=11171
Practical Applications of Trusted Computing in the Cloud
Speaker: Jesus Molina (co-chair, Authentication Work Group (AWG), Trusted Computing Group)
Date/Time: Thursday (May 27, 2010) 11:15am — 11:55am
Topic: Cloud Computing
Presentation Abstract
Trusted computing isn’t all about TPM chips. Learn how trusted computing’s wide variety of complementary, but independent, technologies and concepts can be used to build more secure cloud computing systems. This session will describe short-term solutions (like self-encrypting drives) that can be deployed today for immediate gain, mid-term solutions (like client separation) that require changes to cloud network architecture and long-term solutions (like self-protecting data) that provide more fundamental protections.
Cloud Computing: Opportunity for Trusted Computing
https://community.emc.com/blogs/WenboMao/2010/03/31/cloud-computing-opportunity-for-trusted-computing
Posted by Wenbo Mao on Mar 31, 2010 6:34:12 AM
March 2, 2010, San Francisco, RSA Conference: EMC (RSA, Archer Technologies), VMWare and Intel jointly announced a collaboration project for “Trusted Cloud Infrastructure” with a Proof-of-Concept demo show (EMC COLLABORATES WITH VMWARE AND INTEL TO DELIVER PROOF OF CONCEPT FOR BUSINESS-CRITICAL SECURITY, COMPLIANCE AND CONTROL IN THE CLOUD http://www.rsa.com/go/press/RSATheSecurityDivisionofEMCNewsRelease_3210.html ). This project aims to conduct the following measures at the deepest layer of the cloud server infrastructure in the next generation datacenters: (1) strengthening security and hardening the critical software, (2) providing the users with visibilities on the security strengthening and hardening measures, and (3) automation of the collecting, analyzing and reporting activities and events which occurs to the infrastructure layer.
Technically, this collaboration project combines technical strengths from each participant, as is showcased by the following use case (cut-and-paste from the above URL): The foundation for this new trusted computing infrastructure is a hardware root of trust derived from Intel® Trusted Execution Technology (TXT), which authenticates each and every step of the boot sequence, from verifying hardware configurations and initializing the BIOS to launching the hypervisor. Once launched, the VMware virtualization environment collects data from both the hardware and virtual layers and feeds a continuous, raw data stream to the RSA enVision® Security Information and Event Management platform. The RSA enVision solution is engineered to analyze events coming through the virtualization layer to identify incidents and conditions affecting security and compliance. The information is then contextualized within the Archer SmartSuite Framework™ solution, which is designed to present a unified, policy-based assessment of the organization's security and compliance posture through a central dashboard.
Here is a proposition I would like to observe.
Trusted Computing (of which TXT is an advanced embodiment), since its industry offer came into being in the final few years of the last century, has never found wide and valid applications. One might want to ask for an explanation, well, let me throw my 2 cents. Trusted Computing is a heavyweight security technology. A hardware root of trust (e.g., run TXT on a platform) alone, without also adding security mechanisms in various layers of the software stack to cooperatively use the protected capability from the hardware root of trust (as the above use case correctly does), is unfortunately useless. However to date, most of our commonly used computer platforms are client side personal computers. Also most Trusted Platform Modules (TPMs, the key element of the protected capability of the Trusted Computing technology) manufactured to date have also been shipped with personal computers. On such platforms, the user has to do all things as self service. Unfortunately, when self service involves Trusted Computing, the users of such platforms are inevitably pathetically incapable of installing, configuring, managing and using a security mechanism which starts from the bottom hardware, chained up through the software stack, till applications, way too complex and way too professionally demanding! No wonder nothing has seriously happened for Trusted Computing in past more than a decade, the Vista OS might be a heroic attempt, lying and bleeding in the trench.
Things would be quite different in datacenter server platforms. A datacenter (in particular a Next-Gen one) specializes expert services from hardware infrastructure, to platform, software, applications, through to business intelligence. From the EMC(RSA, Archer)+VMWare+Intel collaboration example we see that services are provided throughout the whole stack: Security as a Service. Very completed, yes, but not a problem for these expert solution providers and operators, and certainly practical if these experts collaborate! Moreover, cloud computing/storage give rise to new security problems and challenges, and thus invite strong solutions as services.
Trusted Computing sees new opportunities to fledge in cloud computing.
(This is translated from my Chinese blog post in http://blog.csdn.net/wenbomao/archive/2010/03/29/5426094.aspx )
Gemalto, Texas Instruments team-up on secure mobile financial services
(Had no idea that Gemalto had acquired Trusted Logic)
http://www.intomobile.com/2010/03/30/gemalto-texas-instruments-team-up-on-secure-mobile-financial-services.html
During the CTIA Wireless in Las Vegas, Gemalto and Texas Instruments (NYSE: TXN) announced collaboration to enable Gemalto Mobile Financial Services on TI’s OMAP platform and M-Shield security technology for mobile devices. As a result, the two companies unveiled a new solution that integrates security platform for conducting mobile financial transactions.
Here’s how it works (from the press release):
Gemalto’s Mobile Financial Services runs on TI’s OMAP platform trusted execution environment, which includes Trusted Logic’s Trusted Foundations. This secure environment provides protection for financial based applications stored and used on leading smartphones built with the TI OMAP processor equipped with M-Shield security technology. Applications can be secured with strong two-factor authentication — verifying the user and the phone — which requires the user to enter securely a personal identification number (PIN) prior to gaining access to financial services applications.
And if you wonder, Gemalto acquired Trusted Logic in September 2009. The first deployments of Trusted Logic’s Trusted Foundations focused on enterprise security and DRM, and now this environment has been expanded to mobile financial services.
New Wave - Thanks, hadn't caught that. Let's hope there is more converging here than just Google and TPMs. Maybe Thibadeau will prove to be a good foot in the door on more fronts than one. Regards, Foam
Well, well-Google keynote at Trust2010 in Berlin
(Topic to be announced)
http://www.trust2010.org/yee.html
Practical Applications of Trusted Computing in the Cloud
http://www.cloudslamevent.com/practical-applications-trusted-computing-cloud
By Jesus Molina - Posted on 08 February 2010
Trusted computing is often considered to be limited to the Trusted Platform Module and its applications. Actually, trusted computing encompasses a wide variety of technologies and concepts with broad applicability to the cloud: trusted storage, trusted networks, trusted virtualization, and so forth. The common thread among these technologies is a belief that difficult security problems are best solved with a fundamental approach, not a patchwork of short-term measures. This talk will show how existing trusted computing technologies can be used to build more secure cloud computing systems.
The solutions described will run the gamut from short-term recommendations that can be deployed today for immediate gain (e.g. self-encrypting drives) to mid-term recommendations that require changes to cloud network architecture (e.g. client separation) and long-term recommendations that provide more fundamental protections (e.g. self-protecting data). All solutions can be deployed independently. The CSA Guidance will be employed in the talk as a common substrate of agreed-on terminology and analysis.
Interesting new language on Dell E6410
(oops seems it was used on earlier models, just hadn't noticed)
http://www1.euro.dell.com/content/products/featuresdetails.aspx/latitude-e6410?c=uk&l=en&s=bsd&cs=ukbsdt1
User & System Security:
Smart Card Reader and Contactless Smart Card Reader (optional)
Fingerprint Reader OR FIPS Fingerprint Reader (optional)
TPM 1.2
Optional Encrypted Hard Drive provides full disk encryption
ControlVault – secure credential management within a trusted boundary
Weby,
True enough and there seems to be a lot of deliberately distributed "fog" out there with regards to TC. However, we should nonetheless accept that other players are watching this space who are quite able and will eventually offer competitive products. I'm sure that RSA, for example, can build a credible key management product for TPMs and they may well do that eventually. Infineon probably already has such a product and claims interoperability, but how much of that is really the case is still unclear. All that being said, the obstacles for new entries will be tremendous - we have privileged insight into that fact, having watched Wave build up their solutions, alliances, bundlings etc piecemeal over so many years. Let see how it all plays out, but we should be clear-sighted about it all, I believe. Regards, Foam
Other companies claiming to support SEDs:
WinMagic
Secude
Mobile Armor
Crypto Mill
Credant
Softex
So far, only Wave bundled with an OEM for this purpose and only company to have sold management server seats. (as far as I know)
Other companies claiming centralized management of TPMs:
Infineon
RSA, EMC (coming soon or so it seems)
Softex
(anyone else??)
No real server seats sold yet (probably Wave has, but not sure).
According to Seagate, who supports their SEDs
http://www.seagate.com/staticfiles/support/.../MB595_1_0905US_SelfQual.pdf
Third-Party Security Management Software
The following companies have been certified by
Seagate for support of Momentus FDE Self-
Encrypting Drives via the DriveTrust Security
API. They have developed security management
software for single-user and enterprise-level
management of the Momentus FDE SEDs.
Contact them directly for software qualification
assistance and to obtain a trial version of their
software.
• Secude—FinallySecure:
http://trial.finallysecure.com
• Wave Systems Corp.—Embassy Security
Center: www.wave.com/products/tdm.asp
• WinMagic Data Security Inc.—SecureDoc:
www.winmagic.com/seagate
Note. For the most up-to-date list of software
providers who support the Momentus FDE SEDs,
go to www.seagate.com/security.
Seagate maintains a security software
compatibility lab to test the Momentus FDE SEDs
with each certified software vendor. This testing
has demonstrated broad compatibility across a
large number of systems while using the identified
third-party management software packages.
Refer to Appendix A for a complete list of systems
and software tested.
Point
As this market evolves, it's important to have a clear vision of what each vendor is offering (strengths, weaknesses, one and all). Currently, bundling and SED management are Wave's bread and butter, so it's no waste of time to see what the other guys are doing. Softex recently announced support for SEDs as well; RSA, EMC, and Intel are talking up the use of TPMs for cloud security, etc. So far Wave seems to be the only vendor to get real contracts for SED deployment and maybe even TPMs, and that's definitely a good sign. Doesn't mean others won't get the same and that we shouldn't keep an eye on developments in that direction. Wave has other irons in the fire, of course, and, as one of the chief pioneers of Trusted Computing, no doubt enjoys one of the best vantage points for seeing where this market will be going and what kinds of real solutions for future needs will easily integrate into existing products. No doubt, why they're getting integrated at such a primary level and why the government has been knocking on their door. No good getting too cocky, though, when things start to heat up for real. Cheers, Foam
What WinMagic document claims
(no idea if it's up and running or a place marker)
http://www.winmagic.com/resource-centre/solution-briefs
"How it worksWinMagic has worked closely with Seagate to drive integration with Momentus FDE drives. WinMagic is also collaborating with the manufacturers of emerging self-encrypting drives to ensure this same sort of integration. In an enterprise deployment, SecureDoc collects encryption key information from the self-encrypted drive and provides the same central control, escrow and protection offered to its software-encrypted drives. Hardware encryption support is available with SecureDoc client installations on Windows and Mac OS platforms. Seagate’s Momentus FDE drives are currently supported.More rapid deploymentWhen installing SecureDoc, the software will automatically recognize a supported self-encrypted drive. SecureDoc can then make use of the hardware encryption (rather than using SecureDoc to encrypt the drive). This ability streamlines deployment, with no need to perform a ‘conversion’ of the drive.In cases where there is not a hardware-encrypted drive available, SecureDoc will use its own cryptographic module to protect the drive with a complete sector-by-sector encryption (also known as a ‘conversion’).Seagate is Qualified for Use by the NSAThe Seagate Momentus drives do not yet have FIPS certification, but Seagate received a letter from the National Security Agency. This letter qualifies Seagate Momentus drives for use in national security systems. With this qualification, the Momentus hard drive meets the requirements of the National Security Telecommunications and Information Systems Security Policy (NSTISSP) #11 and should be usable in typical encryption scenarios.SecureDoc’s cryptographic engine is FIPS 140-2, Level 2 certified, as well as bearing Common Criteria EAL-4"
Dept. of Energy looking for TC solutions
https://www.fbo.gov/?s=opportunity&mode=form&id=6702a90d6a2b391bee73c95044d366fb&tab=core&_cview=0
Computer Security Solutions
Solicitation Number: 10_337
Agency: Department of Energy
Office: Sandia Corp. (DOE Contractor)
Location: Sandia National Laboratories
Solicitation Number:
10_337
Notice Type:
Special Notice
Synopsis:
Added: Mar 30, 2010 12:29 pm
Sandia National Laboratories (SNL), operated by Sandia Corporation under contract with the U.S. Department of Energy, is seeking an industrial partner or partners to develop advanced computer security solutions.
Sandia is seeking partnerships with one or more industrial partners with proven experience in secure managed portable storage, authentication, and trusted computing.
Partners will collaborate with Sandia on the continued research and testing of advanced trusted computing solutions for national security applications, and provide a clear path to commercialization through refined product design, optimization for manufacturing, Quality Assurance, and related commercialization issues. Qualified partners will contribute resources, including staff and facilities toward this collaboration, and will be expected to enter into a Cooperative Research and Development Agreement (CRADA), and license Sandia's intellectual property, including copyrighted software.
At the conclusion of the collaboration, partners will offer products for sale including hardware, software or a combination of both, using the approach to DOD and DOE/NNSA markets that may result from federal procurements.
Companies interested in partnering with us on advanced trusted computing should provide a written statement of interest, which includes the following: 1. Company name and address; 2. The name, address, and telephone number of a point of contact; 3. A description of corporate expertise and facilities relevant to commercializing this technology, in response to the description provided above.
For more business and licensing information, please contact Laura E Santos, ph (925) 294-1214, fax (925) 294-1339, email: lesanto@sandia.gov.
Please respond by email or fax no later than April 30, 2010, at: Sandia National Laboratories, MS 9290, P.O. Box 929, Livermore, California 94551
Sandia is a multi-program laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy's National Nuclear Security Administration under Contract DE-AC04-94AL85000.
Contracting Office Address:
PO Box 5800
MS: 0115
Albuquerque, New Mexico 87185
Primary Point of Contact.:
Laura E. Santos
lesanto@sandia.gov
Phone: 9252941214
Fax: 9252941339
Winmagic is definitely competition
http://www.infosec.co.uk/page.cfm/action=Seminars/SeminarID=33
Comprehensive Enterprise Endpoint Encryption
Date/Time: 27 Apr 2010
14:40-15:05
Location: Technical Theatre
Speaker(s)
#
Mr Joseph Belsanti, Vice President, Marketing, WinMagic Inc.
Seminar Details
The ICO is promising a tougher stance in relation to data breaches. Therefore, losing your notebook along with sensitive data can always cause your heart to skip a beat. Join us in this session to learn more about laptop encryption, and encryption key management in providing end-user transparency and productivity. Learn about pre-boot authentication, AES encryption engines, and the management of everything data-at-rest related under one enterprise server. Learn how PC and Mac clients, removable media encryption, management of trusted devices, and all associated policies can be managed seamlessly and easily. This session will discuss differences in hardware versus software based encryption and provide a summary of the new Opal standard on self-encrypting drives.
Topics include:
• Pre-boot authentication and "activating" a self encrypting hard drive
• Hardware vs Software based encryption; which one to use?
• Support of Opal drives and Seagate drives; Is this a good thing?
• Dynamic provisioning of encryptions keys: No Password required!
• Encryption of removable media including USB thumb drives, CD/DVDs
• Encryption and dealing with heterogeneous nature of an IT environment
• Easy creation, distribution and management of user / group profiles
• Pass word recovery tools
• Support of Active Directory
Good Seagate piece on value of SEDs
http://enterprise.media.seagate.com/2010/03/inside-it-storage/overwriting-data-and-wiping-drives-is-not-the-best-way-to-protect-your-data/
Overwriting Data and Wiping Drives is NOT the Best Way to Protect your Data!
When hard drives are retired and moved outside your control, the data on those drives is put at significant risk. IT departments routinely retire drives for a variety of reasons, including:
• Returning drives for warranty, repair or expired lease agreements
• Removal and disposal of drives
• Re-purposing drives for other storage duties
Nearly all drives eventually leave their owners’ control. In fact, Seagate estimates that 50,000 drives are retired from data centers daily. Corporate data resides on such drives, and when most leave the data center, the data they contain is still readable. (Even data that has been striped across many drives in a RAID array is vulnerable to data theft, because just a typical single stripe in today’s high-capacity arrays is large enough to expose hundreds of names and social security numbers.)
Last week, Gizmodo published an article about how to wipe storage devices clean before letting these devices leave your control (Leave No Trace: How to Completely Erase Your Hard Drives, SSDs, and Thumb Drives). The article recommends a four step process to protect data on castoff drives from being retrieved:
1. Overwrite the data directly
2. Scramble the filenames (using a program such as SDelete)
3. Wipe the disk (using a disk wiper product such as Eraser or WipeDisk)
4. Evaluate the effectiveness of your data wiping procedures (using various editions of data recovery program such as Ontrack Easy Recovery Data Recovery, Disk Doctors Data Recovery for NTFS, FAT, and flash media)
The drawbacks of this approach are numerous. First, overwriting data is expensive. Why? It is manual in nature and very time-consuming – tying up valuable system resources for days. Additionally, this approach is subject to error and/or security gaps. For example, there is no notification of completion generated by the drive, so how do you know the overwriting process has been completed? Additionally, overwriting will not cover reallocated sectors, leaving that data exposed.
Want an easier way? Self-Encrypting Drives like the Seagate Momentus (for notebooks) and the Seagate Cheetah, Savvio, and Constellation (for servers and storage systems) automatically encrypt and decrypt data as it is written to the drive. When you’re ready to re-purpose or retire your device, rather than overwriting the drive, you simply delete the password and “Poof” all data on the drive is rendered unintelligible – in less than a second (whether the drive is 500GB or 2T!)
Seagate calls this Instant Secure Erase, and it’s included in every Self-Encrypting Drive.
And there is no performance impact due to encryption, because it’s all done in hardware. Want to learn more? Check out the Seagate Secure Disk Drive Performance Video (look in the Useful Links section on the right) or visit the Seagate website yourself.
March 24, 2010 - 2:15 pm
Thibadeau busy on Wave's behalf
1.May 19–20, 2010
ABA Section of Science & Technology Law
e-Discovery and Digital Evidence (EDDE) Committee
Module 3: Emerging Technologies—Real Technology Addressing Real Problems
ESI Discovery technologies are rapidly emerging and the sector is commoditizing, resulting in
substantial cost reductions and smaller resourcing overhead. This panel will discuss usage models
for ESI technologies now available, in development undergoing refinement.
Co-Moderators:
Eric Hibbard
Hoyt L. Kesterson II
Hitachi Data Systems
Terra Verde Systems
San Jose, CA
Glendale, AZ
Panelists:
Deborah Baron
Lisa Habbeshaw
Autonomy, Inc.
FTI Technology
San Francisco, CA
San Francisco, CA
Jon Stanley
Robert Thibadeau
Law Office of Jon Stanley
Wave Systems
Cape Elizabeth, ME
Pittsburgh, PA
K. Krasnow Waterman
LawTech Intersec
New York, NY
2. S26 - Painting the Future of ERM: Perspective and Proportion
Wellington
10:45 AM to 12:00 PM Wed, May 19, 2010
Robert Thibadeau , Ph.D. [View Bio]
Wave Systems Corp.
Kenneth Withers , Esq. [View Bio]
The Sedona Conference®
Stroll around any good, comprehensive art museum and you will see the evolving ways human have recorded and portrayed their life, their thoughts, and their surroundings, from the simple but elegant petro glyphs of Native Americans, to the two-dimensional representational art of the ancient near east, to the breakthroughs in perspective and proportionality of the Renaissance masters, to the invention of photography and motion pictures, to today’s real-time conceptual art.
Each stage in the evolution of art is the product of the interplay of social, technological, and environmental developments. Each stage in the evolution of records management is the product of a similar multi-faceted dialectic. To understand how we got to where we are and where we are going, we need to break the linear, two-dimensional mold and – like the Renaissance masters – adopt perspective and proportion.
In this final session of MER 2010, we’ll look ahead at the future of ERM, particularly as we address legal and regulatory challenges, and explore such issues as:
* The evolving ERM landscape
* The evolving legal and regulatory landscape
* The internationalization of ERM
* Evolving technological concepts in ERM
* The challenges of long-term preservation and access
* Achieving perspective and proportion in ERM planning, execution, and response
RSA sees need for TPM in the Cloud
They talk about the need for TPM in establishing chain of trust for the cloud. Don't know when, but this will be competition in some form or other. Good thing is that more and more people now seem to be pretty well in agreement that TCG framework will be critical for future computing needs.
http://www.rsa.com/innovation/docs/CCOM_BRF_0310.pdf
With the govt. driving adoption, those TPMs will eventually start lighting up like bulbs on a Christmas tree. So many converging points in this sector, that it is only a question of time and seeing who get's what. Cheers, Foam
Vega Deutschland Case Study also new on Wave Site
http://www.wave.com/collateral/
Oh, this is new from Wave website
Ensuring Identities in a Digital World — Solution Brief
http://www.wave.com/collateral/
Interesting GD TVE desktop features:
http://www.gdc4s.com/tve.
TVE Desktop
Multiple Levels of Security on a Single Computer
Integrating High Assurance Platform® (HAP) Technology
* Certified and Trusted Data Separation
* Reduces Network and Computing Costs, Space, Weight and Power (SWaP)
* Commercial Off-the-Shelf (COTS) Hardware and Operating Systems
* Eliminates “Swivel Seat” Problem
* Easily Integrates into Existing Infrastructures
Overview
TVE is a software application that allows users to view and access multiple operating systems, security levels and domains from a single computer. TVE, a General Dynamics High Assurance Open Scalable Technology, eliminates the need for multiple computers and workstations, resulting in significant IT cost savings as well as decreased costs associated with space, weight and power. The solution improves operational efficiencies as information is more readily available for timely mission-critical decisions.
TVE Desktop - multiple levels of security on a single computer
Note: security classification labels shown on this equipment are for example purposes and do not reflect any actual classification; all information shown is unclassified. CNN web image courtesy CNN.
Trusted Data Separation
TVE creates Virtual Machines (VMs) within a single computer. Each virtual machine can run different operating systems or security levels and appear in separate windows on a shared computer and monitor. The separation between each virtual machine is trusted — ensuring that the data in each virtual machine cannot pass through to another virtual machine. This trusted security is certified by the DoD.
User Scenarios
Browsing the open internet puts your computer at risk of getting hacked or infected with a virus. TVE’s separation eliminates that risk by containing the risk to one virtual machine.
When deploying or portability is a requirement, TVE saves space, weight and transportation costs because you’re eliminating the need for multiple workstations.
TVE allows you to share information and network access with specific communities of interest whether it be coalition partners or in an emergency situation such as disaster relief where first responders need to communicate with multiple organizations at multiple levels.
Click here for ordering information
Certifications and Accreditations
Incorporates certified High Assurance Platform® (HAP) technology:
* TVE R1.0.2.1
o IC TSABI (DCID 6/3) Certified and Accredited
o DoD SABI (8500.2) Certified (Accreditation Pending)
o UCDMO Approved Product
* TVE R1.1.2.2
o IC TSABI (DCID 6/3) Certified and Accredited
o DoD SABI (8500.2) Certification (Testing in Progress)
o UCDMO Approved Product (Expected 1Q 2010)
Network Management
A large network of TVE Desktops can be managed centrally with a standards-based Enterprise Management System. Current capabilities include centralized user management and attestation. Enhancements will include software and audit management as well as VM provisioning.
Availability
TVE is a standard product offering from Dell®, allowing users to take advantage of purchasing and volume discounts agreements. Visit the General Dynamics premier webpage at www.gdc4s.com/tve. The TVE software can also be purchased separately.