Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
24601 - That's why it's important to have standards making all the parts interoperable, but each with its own set of security applications. The network-centric approach has limitations, one of which is, I think, that encryption at that level is a much bigger target than billions of secured individual endpoints and maybe worth a very sophisticated hack. The whole premise of Cisco's current initiative rests, it seems to me, on an absurd premise: for all of it to be entirely effective, businesses and ultimately consumers have to accept a global Cisco monopoly. The idea may seem appealing to boardroom megalomaniacs looking for a kind of Windows repeat, but it's just not going to happen in my mind. Even Microsoft has started to see the wisdom of making its NAP environment run with Wave NAC stuff. Of course, Microsoft would like to dominate the net environment like it dominated the PC, but the other big players (national and commercial) are not going to let it happen (just like they won't let Cisco do it). It will be good when TC handsets engage because we will then have yet another digital environment engaging in the trusted network and it will all start becoming too big for any one player to seize and hold the whole "prize" with their eager little proprietary digits!!
Cheers, Foam
Alternative Encryption plan from CIsco (Seagate mention)
http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/07/05/18/21OPstorinside_...
Built-in encryption is the key to protecting against information leaks
Cisco offers a preview of its upcoming switch-based approach to data encryption
By Mario Apicella
May 18, 2007
It hasn’t happened to me so far (fingers crossed), but I imagine there are very few things more disturbing than having your personal information put at risk because someone lost or misplaced a tape cartridge or a laptop.
The remedies when something like this happens — and unfortunately, it happens often — have so far been inadequate, to say the least. Quite frankly, a year of free credit watch service wouldn’t do much to appease me if my Social Security number had been thrown to the dogs.
How big is this data-breach phenomenon? It's hard to put it into some kind of metric, but to get a feel for its breadth, take a look at this chronological table of past data breaches.
I don’t know if that is an all-inclusive list, and it really doesn’t matter — there are more than enough incidents reported on that page to make anybody’s blood boil with indignation. What’s more irritating is that almost all of those disclosures could have been prevented by using data encryption on sensitive data, especially when that data flows to mobile devices or removable media.
Why, then, are companies not implementing encryption whenever possible and appropriate? Is it because they can get away with just having their hands slapped when a disclosure occurs? Perhaps, but it’s also true that implementing and managing encryption is a big pain in the neck.
Software encryption tools abound, but they add an overhead in processing time and human labor that many companies just can’t absorb. Thankfully, the previously rare solutions that implement encryption via hardware chips are becoming more numerous, which should help make your encrypted data fly as fast as clear data. For example, vendors such as Seagate and, more recently, Hitachi Data Systems have started to include encryption technology in their disk drives.
Why is that good? Let me answer by quoting the blog of Chris Parkerson, senior product marketing manager for RSA:
“I personally believe that the best security for businesses is going to come from a security infrastructure that is built right into the devices, computers, and major software applications that they buy. It just makes sense!”
Indeed it does, but what happens when you have tens — if not hundreds — of devices in your datacenter, each with its own proprietary encryption system? How many touchpoints will you have to manage to encrypt data on every tape drive, library, and storage device? Probably too many to keep your sanity.
To be clear, I like having devices that deliver data encryption right where it’s needed, but you would gain a lot more flexibility and scalability if you could centralize those tasks if and when necessary. Considering that most of the customers who need more protection for their data are on a SAN, why not make encryption a network service, delivered from the far-reaching but easily managed fabric switch?
If you follow our Test Center Daily blog, you may already know that CipherMax was the first vendor to come to market with a flexible line of products that can either combine switching and encrypting services in the same box or complement existing fabrics with encryption alone.
I like the concept of switch-centric encryption, and if you do as well, knowing that Cisco is also headed in that direction should be reassuring. There is no product announcement quite yet, but judging by a conversation I had this week with Doug Anderson, software product manager at Cisco, encryption modules for the MDS 9000 line should become available before year's end.
The name of the new technology is may be a predictable acronym (SME, for storage media encryption), but it should deliver wire-speed, strong encryption for data traveling between any server port-LUN pair that you choose. The new features will be fully integrated with existing management tools, including Fabric Manager and CLI.
In a first release expected in the next semester, SME will focus on tape encryption. Disk encryption, an extension that should help close the door on many of the security breaches in that list I mentioned earlier, should follow shortly.
According to Anderson, adding the magic touch of encryption with SME will not require much change, if any at all, in network topology or configuration. It should also work seamlessly across VSANs (virtual SANs).
Together with tape encryption, Cisco will also make its API for key management available to third parties, a not-so-subtle invite to key management solution providers to embrace SME. Obviously, Cisco's expectations are that SME will have to coexist with other encryption products in the datacenter, including, as RSA’s Parkerson suggests, computers and major software applications.
Solutions such as SME may help reduce the encryption burden, but a universal, standards-based approach to managing encryption keys becomes more necessary every day. Have you seen one yet? I haven’t, but I’ll keep looking.
Join me on The Storage Network with questions or comments.
Looks like trusted handsets coming next and that development will really make the TC market explode and trusted hard drives will look modest in comparison (of course, they all work together so no real comparisons to be made here). I see Nokia re-emerging on this issue and no doubt there will be some initial noise in the autumn and a real launch in 2008. Wonder where Wave is positioned in all of this? SKS mentioned warm-up relationships with Nokia and ARM, maybe they're still active on backburner. The Intel Identity Capable Platform is a good fit for Wave as are any other Liberty Alliance initiatives for identity/handsets. Interesting to see Wave doing a demo with Microsoft at Interop, wonder what's cooking on that end (guess Awk was right about Microsoft eventually going the way of hardened endpoints). Juniper is an excellent partner to have in this area and will be a good channel for Wave products once they launch their TNC offerings. Let's see let's see how it all pans out. Cheers to all, Foam
Nokia/MobileTrustedModule back on radar
(coming to your neighborhood to ferment things even more after Seagate FDE)
http://www.ixconference.com/ix2007/conf_prog.htm
Security in a Mobile World
• Mobile trusted module - World’s first open mobile security standard
• TCG mobile phone work group and cross-industry collaboration as the cornerstone of interoperability
• Enabling trusted value-added services in the customer interface
• The door for secure m-banking, mobile ticketing, user data protection and other opportunities finally opened
• Impact in the market place: Creating business opportunities and putting thieves out of business?
Janne Uusilehto, Chairman , (Mobile Phone Work Group) Trusted Computing Group & Head of Nokia Product Security
Excellent piece on SIM/Trustzone/Intel's ICP in handsets
http://www.telco2.net/blog/2007/05/death_of_the_sim_card.html
Death of the SIM card?
One of the topics which came up in the ‘Digital Worker’ stream at the recent Telco 2.0 event was the role of the mobile operator and their SIM card. We asked Colin Mallett, our ‘analyst-in-residence’ for that session, and who spent many years working in R&D for BT, to share his thoughts with us:
“10 years ago BT started looking at a new kind of player called the ‘SoftTelco’. Later, with a multi-million pound R&D budget, we tried to implement some of the ideas, eventually ending up in the Brightstar incubator. This included looking at MVNOs and how to by-pass the Mobile Operator’s SIM.
The GSM SIM card uses tamperproof silicon to provide the client for the mobile operator’s Home Subscriber Subsystem (HSS). It provides a strong authentication token which can be managed securely over the cellular channel. This is a powerful platform which binds the user subscription, handset and network together.
Unfortunately, as readers of this blog know all too well, this sort of tight commercial and technical integration is being ripped apart by IP. It’s happened in fixed telephony with VoIP and it’s soon going to come to mobile - by around 2010 or 2011 according to a recent Telco 2.0 survey - even if, in the short term, operators ban VoIP from their ‘unlimited’ data packages.
So, are SIMs really appropriate for supporting converged services, especially on laptops or on the new classes of Mobile Internet Devices?
SIM Is Good…
The beauty of SIM authentication is that you switch on and a few seconds later you have a connection - more or less anywhere in the world. The whole process is hidden from the end user and everyone takes it for granted. Only traffic over the cellular interface is encrypted, but that is optional for the local mobile operator. So, for end-to-end IP data traffic to remain fully secure, familiar techniques such as the Transport Layer Security protocol (TLS) are still needed. While automatic and secure WiFi authentication is more complicated, it can be achieved if an application is linked to a SIM card (and TLS or IPSec protocols are employed).
…But is Under Attack…
So if the SIM card is so effective, why is it threatened? Mobile operators don’t want to give up the tight control that SIM’s give them, especially in the face of a growing number of MVNOs in increasingly saturated markets. For the majority of operators, in voice and messaging in particular, their reaction to the developing Telco 2.0 trends is to defend against convergence rather than embracing it, which giving open access to WiFi via 3G and HSDPA implies.
…It Hasn’t Evolved…
Over the last 5 years, compared with on-line transactions, SIM based mobile-commerce has failed to take off, partly because the mobile operators and payment card issuers have not been able to agree on appropriate business models and partly because the payment companies have not been able to accept that their logo should not appear on the physical card.
As a result, multi-application SIM cards have never appeared and the SIM has been seen as a blocker to progress, stimulating multiple research projects to bypass it.
..But Other Technology Has…
DeviceDiagram.gif
For many years, handset manufacturers opposed the dual-slot phone - one for the SIM and one for the credit card. However, the battle is now lost. In the diagram above, the mobile handset looks remarkably like a computer with added Cellular and WiFi modules. A second slot was originally needed for removable media to store photographs or music. Now it can take a ‘secure’ MultiMedia Card (SMC) consisting of a flash memory device combined with Java Card™ smart card silicon.
This, of course, could include banking credentials with the SMC even bearing the financial card issuer’s logo. Although the SIM card is still required for access to mobile networks, the SMC can run all the added-value applications and the processor can run secure automatic WiFi authentication processes and banking applications using SSL.
So, in this scenario, the poor little SIM card supports its original function, but is surrounded by modules and connections that bypass it for everything except connection to a mobile network. The cellular data connection is merely one channel through which servers can be reached securely.
SIM cards are fighting back by adding large amounts of flash memory (512 Mbytes), a high-speed USB interface and a Web server. In all these scenarios, the card manufacturers will grow their businesses.
Gorillas Entering the Fray
Compounding the issues, Intel is working on an Identity-Capable Platform (ICP). The ICP will be a secure hardware area in a processor which supports future converged mobile wireless security and high-value, trusted services including secure access to any device, network or service.
For mobile handsets and possibly other devices such as home gateways, ARM has an equivalent technology called TrustZone. This provides a secure hardware execution zone and memory partitioning. Many silicon vendors are licencing TrustZone. These innovations make possible the advent of downloadable SIM-style applications that could replace the need for a physical SIM card.
What Does the Future Hold?•
- The SIM: will co-exist with its cousin the ‘softSIM’. New items will appear, like the ‘secure’ MultiMedia Card (SMC).
- The SIM vendors should do well: They will broaden out and embrace convergence. They have huge experience in securely issuing and managing trusted silicon devices. There is no reason why they should not turn their attention to provisioning and OTA (Over-The-Air) management of secure solutions, such as credentials on ‘soft SIMs’ or trusted platforms like the Intel Identity-capable Platform.
- The SIM card: will continue to be made and used, but will become a low value commodity item, always competing against managed secure intelligence in the mobile device.
- The mobile operator: will no longer be ‘in control’. They must embrace convergence fast.
The SIM is a wonderful platform, why restrict it to mobile operators!”
Sorry to belabor the point but...
And while I was looking more deeply at the messages I thought I would add a few things to note:
* Ian seemed to connect this work to Cardspace, Higgins, and OpenID. I am not aware of this connection. The Identity Capable Platform is a research project at Intel, the Advanced Client work is a set of specifications being developed by the Liberty Alliance, the proof-of-concept was a joint effort by HP, BT and Intel. Of course, since the result of the Liberty work is open specifications, any party can make use of these protocols in their implementation.
* Ian seemed to think that this provisioning was just about provisioning a credential. That isn't the case. The proof-of-concept involved provisioning functionality that included a credential (as well as the functional means to use that credential in EAP-SIM protocols), this isn't a restriction on the protocol and we expect that many different kinds of functionality will be provisioned this way -- not just credentials.
* I don't think that the ICP would be within a TPM (although I would expect that the ICP would make use of the TPM to establish the ICPs secure environment).
All of that said, I should point out that the specs are currently an early draft release and any and all feedback is welcome. So if you look though what we've done and have suggestions for how we could do it differently (hopefully better), we are all ears.
Bit more on Liberty's Advanced Client Trusted Module
(From same blog)
Tuesday, March 27, 2007
Liberty's Advanced Client Trusted Module
Last week, the Liberty Alliance announced the release of the initial draft of the Advanced Client Technologies (ACT) specification set. I mentioned it as well last week.
One component of the Advanced Client Technologies that may be less than obvious is the Trusted Module (TM). The TM should not be confused with the Trusted Platform Module (TPM) whose specifications have been released by the Trusted Computer Group -- the two modules do very different things, although I expect that some TM implementations will make use of a TPM to enable their trustedness.
The TM doesn't stand out so well since there is no "Trusted Module" specification in the specification set, although there is discussion about the TM in the Advanced Client Technologies Overview. That is, in part, because the TM isn't a service itself (although it does make use of other services such as the IdP service).
However, the TM is one of the more useful components included in the Advanced Client Technologies specs and was driven by a number of valuable (from a personal and a business sense) use cases which called for the following capabilities:
* The TM can act in the name of the (Identity Provider) IdP for SSO and Web Services transaction identity assertions.
* The TM can locally validate user credentials (username/password, smartcard, biometric, etc.) and assert the identity of the user based on the local validation (to the IdP and/or to relying parties (RPs)).
* The TM can perform these tasks when "offline" or otherwise disconnected from the IdP (sometimes out of a choice for privacy reasons).
* The solution must allow for, document, and support a model that does not inadvertently require the creation of a correlation handle for the user's identity across multiple providers. This requires interesting solutions when you take into account that an entity that is likely to be per-user will be participating in signed transactions.
Essentially in this model, the TM is a local beachhead for IdP delegated functionality. The reasons why an IdP might want to support this model include (in no special order, nor intended to be totally inclusive):
* Security - allowing verification of credentials locally, without the need for network transmission nor network storage of the credential verification data decreases the likelihood that such data will be stolen (especially an issue when considering biometric data given that the user typically can't change their biometric data).
* Load distribution - the identity related transactions are distributed out to end-user systems rather than having to rely on a central server for every transaction.
* Privacy - allowing the TM to perform SSO operations reduces the visibility of the IdP into exactly what the user did when since the TM can do so without involving the IdP (assuming, of course, that the IdP has allowed the TM to do so).
* Availability - the user is able to actively assert their identity, even when the IdP is not available (e.g. because of maintenance downtime, connectivity issues, or even remote site access).
All-in-all, this TM provides a substantial package of powerful technology that will improve the overall identity meta-system. I look forward to seeing some of this stuff hit the street.
Nokia and Liberty Alliance Web Services
http://www.kuppingercole.de/sessions/157
Donnerstag, 10.05.2007, 09:00-12:30
Workshops Track III
Implementing Secure Liberty Alliance Web Services
Conor P. Cahill, Intel Corporation
Sampo Kellomaki, Symlabs
John Kemp, Nokia
This workshop will introduce the architecture of the Liberty Alliance Identity Web Services Framework (ID-WSF). We'll describe a typical web services example, and during the workshop implement a client for that service, using an open-source toolkit. Along the way we'll show some of the features of ID-WSF used to secure the service, and protect individuals' privacy. Truly committed audience members might like to write their own client software for our example service during the workshop!
C.Cahill(Intel)blog on Liberty Advanced Client
http://conorcahill.blogspot.com/search?updated-min=2007-01-01T00%3A00%3A00-08%3A00&updated-max=2...
Today, the Liberty Alliance announced the availability of the public draft release of the Advanced Client Technologies specification set.
This is personally pretty important for me because:
* it is closely related to the Identity Capable Platform research work that I'm doing at Intel (which we demonstrated at the RSA Security Conference in a joint proof-of-concept with British Telecom & Hewlett-Packard)
* I was the editor of each of the specifications (with lots of great contributions from several other Liberty members -- even Paul, if you can believe that)
* I was quoted in the press release
The advanced client work is some pretty cool stuff where we are taking the next step in the evolution of powerful client capabilities including:
* Trusted Module - the IdP can extend itself onto the user's device in a trusted way so that the user's device can act as an extension of the IdP and assert the user's identity independently of an active session with the IdP (for privacy and/or connectivity reasons).
* Provisioning - functionality can be provisioned over-the-air (or over-the-wire) in a trusted fashion with full life cycle support. So Trusted Modules can be provisioned to devices already in the field.
* Service Hosting/Proxying - enabling connectivity challenged devices to be the primary host of services (such as my PDA being my "official" contact book service) while providing a more stable network visible proxy to provide access to that service's data through either local hosting or proxying request to the client service.
This draft release is being done much earlier in the spec evolution process than Liberty has typically done in past specification releases as part of our attempt to be much more open in our specifications development process. I hope that you take some time to look at the specs and provide feedback and/or input. I would recommend starting with the Advanced Client Technologies Overview before digging into the other specifications.
The only negative in all of this is, as Paul surmised, I was unable to figure out a way to insert my blog url (http://conorcahill.blogspot.com for those few that don't know) into either the specs or the press release. I'll have to see if I can get that error fixed in the next release.
Tags : identity / Liberty / Liberty Alliance / Advanced Client / Intel / HP / BT
Speakers for DIDW are not yet listed but curious to know who will be talking TC-LibertyAlliance-Banking. The whole TC based Web Services thing has seemed like a no-brainer for some time and it has benn quite a while coming. Not for the immediate future, but Wave certainly has been ahead of its time on this front. Regards, Foam
Very Interesting Info re:Intel Identity Capable Platform
(From last year but looks like it's getting closer to reality)
INTEL IDENTITY PLATFORM AND THE METASYSTEM
Posted on Saturday 24 June 2006
Here’s an encouraging story by Martin Banks of Britain’s The Register. If Shelagh Callahan of Intel Systems Technology Lab has her way, we will have another stream of energy powering the Information Card paradigm and underlying Identity Metasystem.
If your digital identity is going to mean anything, it has to be secured, and Shelagh Callahan of Intel’s Systems Technology Lab thinks that has to start on your PC. She compares the state of identity today to early car designs, each with a different way of starting the engine; today every car has a key and you just have to find the ignition.
“With identity, not only do we not know where to put the ignition key, we don’t even know there is a key. We want to make the platform understand what a key is and how you can use it. The intent is to make platforms as capable to understand identities in the future, as they are currently able to understand devices - to know what they are, how to ‘load’ them, how to find and associate resources, how to delete them, how to establish policy for them and so on.”
Too many passwords, over-used identifiers that quickly lose any security they had (how hard is it to find your mother’s maiden name?), poor privacy; the way we work with identity on our PCs is full of problems and it isn’t flexile enough to actually do what we want it to. “I must know exactly who you are and how to find you but you must be able to be anonymous and I must be able to prove I’m not snooping. How can you be both strongly authenticated and anonymous?”
Single sign-on doesn’t solve things, Callahan says. “With most solutions I have to give up control to get sanity.” And you’ll never get one single sign-on. “Intel won’t federate with Amazon or with my local utility company.” The only things all the services and suppliers have in common are you - and the devices you use.
The idea of the identity-capable platform is to authenticate to the platform itself on your device, rather than to a remote service. That avoids interception problems; you aren’t broadcasting your biometrics or your smartcard authentication. You can prove who you are without handing over the credentials you use to prove it.
Callahan talks about a secure partition on your PC using the Trusted Platform Module chip. You authenticate yourself to the partition using a fingerprint reader, swipe card, mobile phone SIM or other secure methods and the partition provides your identity to remote sites and services, via web services being developed by the Liberty Alliance. There’s no need for a site to deploy a Liberty Federation infrastructure to use ICP identities.
As well as authenticating you to services that need to know who you are, the identity platform can authorise you for services that need to know what you’re allowed to do but not who you are. It can also introduce one person, service or device to another, again via web services.
If you travel, getting one bill for data connections from your mobile operator is simpler and often cheaper than paying for every hotspot individually - Callahan’s team has worked on a prototype system where your mobile phone SIM gives you access to hotspots on your laptop. So if you want to set up a Wi-Fi account using the same identity as your mobile phone, the identity provisioning system can create a new identity that corresponds to the existing identity, using the TPM to lock the credentials to the platform for security. There will also be tools for linking identities (you might want to link a credit card identity to a membership identity so it gets renewed automatically), deleting identities and transporting them to other devices you use.
Services trust the platform because they trust that it’s accurate and secure; the platform can assert how trustworthy it is by disclosing which secure method you’ve chosen to use. For users to trust it they have to be in control of where it identifies them, so there are policies for controlling who can use the authenticated identity claims you provide and what they can use them for.
“To the service providers the platform can act as a full partner in the infrastructure’s identity strategy. And for the end user, their platform can safely store their personal information and they can more easily choose what they wish to disclose and to whom,” Callahan says. The platform can also store preferences and metadata connected to an identity.
Callahan sees the identity platform inside the PC becoming part of the identity metasystem that Microsoft’s Kim Cameron and others are arguing for. Identity selection technologies like Microsoft’s CardSpace (formerly InfoCard) could use the platform as a way of storing and authenticating your Information Cards, as could the connection manager for your network association or an identity provider like your ISP, bank or enterprise IT team.
“The identity-capable platform is a strong complement to identity infrastructure, not competition for it,” she says. “It is not about providing applications and services, but it is about making sure applications and services (including operating system level applications and services) can depend on consistent, standards-based support of identity functions.”
Multi-core chips and virtualisation make it easier to switch from thinking about multi-tasking to envisioning a PC with different partitions and platforms providing secure, isolated services, whether that’s identity, the network connection or a third-party maintenance service. The combination of partitions and services is behind all of Intel’s current platforms like ViiV and vPro - although the identity platform is still a research project rather than something planned for a specific Intel release.
Identity Capable Platform from Intel
http://www.intel.com/technology/systems/stl/
From Liberty Alliance Spring Newsletter-(Intel)
http://www.projectliberty.org/liberty/resource_center/newsletters
"With the Identity-capable Platform, the platform itself responds to the user, rather than a remote service. This means the laptop owner is no longer broadcasting their biometrics or smart card authentication over an insecure WiFi network. It means a user can prove who they are without sending the credentials they currently use in most authentication scenarios.
Intel’s plan is to create a secure partition within a PC using what’s called a Trusted Platform Module. A laptop owner would authenticate him/herself to the partition using a fingerprint reader, a swipe card, a mobile phone. The platform would then speak to the remote service on the user’s behalf."
Interesting talks at DIDW!
http://conference.digitalidworld.com/2007/17.php
(Was wondering where the Mobile Trusted Module had gone)
-Mobile Transactions - The Convergence of Finance, Liberty Alliance Client Trusted Module, and Trusted Computing Group's Mobile Trusted Module?
-Integration of Trusted Drive Authentication with Identity Directories - Enabling Data Protection Compliance
Interesting Govt./TC job
NKI is a small business that specializes in providing Information Assurance consulting services to the DoD and NSA. Established in 1998, NKI has developed an outstanding reputation across DoD, NSA and SPAWAR System Center - San Deigo (SSC-SD) communities by providing senior system/security engineering services to various development efforts, most notably directly resulting in the successful NSA High Assurance Internet Protocol Encryptor (HAIPE) development effort.
This System/Security Engineer position involves working within a team which performs systems engineering on a range of network and security systems.
Tasks include but are not limited to the following:
(not listed in order of importance)
- Research networking protocols (IPv4, IPv6, IGMP, ICMP, routing protocols, BGP)
- Research IP Security Protocols (Encapsulating Security Payload (ESP), Internet Key Exchange (IKE), IETF RFCs)
- Research Trusted Computing concecpts such as the Trusted Platform Module (TPM), Secure OSes, Trusted Network Connect, Virtualization, etc.
- Assist in developing documentation (Concepts of Operation, White papers, Test Plans, and Interoperability Specifications.)
- Participate in development of future DoD capabilities.
- Sound problem solving, analysis capabilities a must.
- Must be able to work effectively both independently and in a group environment.
Position involves daily interfacing with US Government and other contractor personnel in a closely integrated team environment.
Limited travel.
This is an exciting position for a junior to mid-level engineer to work with NSA to design and implement new technologies before they are introduced into the DoD.
Experience with existing DoD Programs of Record (POR) development efforts (JTRS, Win-T, GIG, HAIPE, FCS, DDX, HAP, etc.) a plus.
The primary customer is the US Navy and NSA with the job location at SPAWAR/SSC-San Diego facility.
Current DoD Clearance is plus.
Ability to obtain a DoD Clearance is a must.
Helpful - Yes I remember it was on their old documents, but nice to see it reiterated on the new ones. Everything is updated on their site, so its either spring cleaning or they see things cranking up in the "not-so-distant-future-of-the-govt". At some point of the FDE rollout or thereabouts, one of these TPM matches has got to catch fire and light the whole pyrotechnics of trusted computing! The TC house just doesn't light up until the bricks (TPMs) and mortar (Server infrastructure) have been laid out first, but noone wants to fork it over for the unglamorous infrastructure projects. However modest, FIXS corroboration is still a good support beam to have in place. Cheers, Foam
Nifty new FIXS site up!
All documents updated to March 29, 2007. The below is especially interesting! From "FIXS Security Guidelines Document 2.0"
I. Key Management Backup/Recovery
1. Architecture
FiXs architecture should make use of a FiXs approved Security Solution, using Trusted
Platform Modules (TPMs) for key storage (see
https://www.trustedcomputinggroup.org/downloads/TCG_1_0_Architecture_Overview.pdf)
or better, ensuring that strong hardware based authentication of the platforms is used.
2. Affected Platforms
Relevant platforms include, but are not limited to:
a. Enrollment stations
b. Authentication stations
c. FiXs Domain Servers
d. FiXs Trust Broker
3. Use of Keys and Backup
All data generated and stored on these platforms shall be encrypted, with corresponding
keys stored in compliance with DCCIS Software Specification 2.0. Keys shall be backed
up to external servers securely using secure SSL. The servers shall have access to a
domain management system (e.g., active directory) and keys stored on HSMs. (See IV
D.) Keys shall be recoverable with minimal disruption and effort. Keys shall be
migratable to replacement hardware with approval and key authorization of the Domain
Technical Administrator.
Cosign-Another factor might be new OEM partner(s):
http://www.tgdaily.com/content/view/31604/128/
Starting in June of every year, the PC landscape begins to get more exciting as vendors are releasing their new PC lines in that time frame. We have had a long dry run, largely because of the gap between the time that was needed to sync the lines in process with Windows Vista and the hardware that will make it sing...
GoKite- It's an interesting bunch of slides with some nuggets. Looks like new OEM partners will kick in soon enough and the second leg in the TC killer-app. tripod (i.e. TNC) is also looming on the horizon - I was pleased to see Nortel and Juniper listed under Partners/Customers. The "third leg", mobile handsets with TC, seems to be missing in action for the time being - looks like no traction on that front for now. Regards, Foam
CL - So far it has been Infineon with no Wave on Vaio Professional notebooks, but I'm wondering if that is going to change sometime soon. New Partner OEMs should be kicking in pretty soon according to one of the slides in the presentation. Regards, Foam
Slide 11 from yesterday's presentation lists "Vaio Professional" as a Wave customer/partner. Are we on the verge of an announcement?
Regards, Foam
Wave at InfoSecurity
http://www.wave.com/news/events/infosec07/index.html
Demonstrations of Wave's EMBASSY® software solutions for
data protection, network security and strong authentication at Stand D193.
Wave will demonstrate activating and using a fully encrypting laptop hard disk drive, the Seagate Momentus® 5400 FDE.2, and Trusted Drive Manager, the software that manages it. Trusted Drive Manager is a component of Wave's EMBASSY Security Center.
Also see demonstrations of Wave's EMBASSY Trust Suite software, which gives businesses the ability to protect data by using the Trusted Platform Module security chips, shipping on millions of PCs today. From safeguarding passwords and documents, to strengthening the Windows logon procedure, Wave software addresses the issue of using secure hardware to protect sensitive data and passwords.
Interesting TC remarks by EDS employee
http://www.eds.com/sites/cs/blogs/eds_next_big_thing_blog/archive/2007/03/15/a-different-approach-to...
Posted by Phil Bennett Monday, March 19, 2007 2:01 PM
Whitelists have been around for a little while. They have limitations because some technologies (like Microsoft's .Net) sometimes generate DLL files on the fly, which get blocked by whitelist systems. Also, it's difficult to deal with viruses in Office document files, which often don't have a fully trusted executable element to them.
In fact, trust is the real issue here - especially on the Internet. Whitelist systems and other technologies such as Trusted Computing (http://en.wikipedia.org/wiki/Trusted_Computing) are there to mitigate the risk of users browsing dodgy websites or running infected software. There are only three ways to heavily reduce virus risks:
1. Trust users (we know this doesn't work).
2. Build water-tight software (this doesn't work either - with millions of lines of code, it's just too hard right now).
3. Build systems that trust each other.
The last one is the interesting one. There aren't any Xbox live viruses because the systems are trusted, and this is what the Trusted Computing initiative is all about. And it's very controversial!
Interesting - Wave&Insight International at RSA Japan
https://ssl.cmptech.jp/rsacon2007/exhidir/en/company/exhibitor_33.html
Trusted Computing Group
Description
TCG group member companies (1Hewlett Packard, 2 Infineon Technologies, 3 Intel, 4 Wave Systems & Insight International) will present the newly developed TCG products .
STB with Trusted Computing?
Senior Windows Multimedia Software Engineers
Austin, TX USA
Morega Systems Inc. is an innovative software and systems company focused on the security, management and monetization of digital media content over closed or open networks and across various platforms.
Job Summary:
Successful candidates will be an integral part of a team of talented software and systems engineers committed to developing solutions for PC-based multimedia processing solutions. You will design, implement and test/debug new and innovative products.
There are multiple openings for Senior and Lead Windows Multimedia Software Engineers.
Job Responsibilities:
Develop world-class PC based system and software solutions for the digital-TV, consumer electronics, IPTV, cable and broadcasting industries, with emphasis on security, efficiency, high performance and high reliability
Create and implement system and software requirements, and debug and test the system through the product design/development lifecycle
Occasionally work with customers to explore product requirements and resolve challenging issues
Work with hardware vendors and technology partners during the technology integration process
Effectively communicate with other software developers in the engineering team
Requirements:
Bachelors degree in Computer Science or Electrical Engineering or equivalent - MS preferred
3+ years of established Windows Software experience in ActiveX, COM, DirectShow filters and FilterGraphs and UI Applications, TCP/UDP/RTSP/Streaming protocols, MFC, InstallShield, Visual Studio C++ and .NET
WMV/WMA and Windows Media Player development highly desired
DVD and HDDVD or BluRay authoring and navigation experience highly desired
Experience in DVR/PVR technologies, MPEG A/V and graphics algorithms desired
Working knowledge of digital TV related standards such as MPEG, ATSC, Open Cable, DOCSIS, and OCAP
Experience with Cryptographic systems and algorithms, Conditional Access, Trusted computing and DRM preferred
Experience with real-time development of time critical operations and synchronization with hardware and other software elements
Good SW debugging / troubleshooting skills
Excellent C/C++ coding skills, as well as development environment setups, toolchain configurations, makefiles, special compiler and linker command scripts, and cross-platform debuggers
Preferred, but not required - experience in Set Top Box or digital video development, as well as Video Processing Systems / Digital Watermarking
Experience with all development stages in the product development life cycle
Proven ability to work under pressure and meet deadlines with successful completion of deliverables
Analytical, thorough, resourceful and detail-oriented
Strong project management and communication skills
AMD/TC and WinHEC
http://www.microsoft.com/whdc/winhec/2007/trackdetail.mspx?track=14
Next-Generation AMD Virtualization Technology
Server virtualization is becoming a mainstream technology in the majority of enterprise data centers today. Server virtualization has delivered efficiencies and economies of scale to IT departments by consolidating and optimizing unused capacity and capitalizing on multiprocessor systems. Recent virtualization improvements have focused primarily on virtualizing the processor, but new technologies will drive the next phase of consolidation. This session discusses the required steps to prepare for the next phase of virtualization and shows how AMD is leading the implementation of these new technologies. The security and performance advantages of I/O virtualization, PCI-IOV, and direct device-assignment in many-core and heterogeneous-core systems are discussed. Virtualization of the desktop and client workloads will drive changes to graphics virtualization technologies. The session discusses the opportunities that virtualization presents for Secure Initialization and AMD's contribution to the Trusted Computing Group (TCG). Chipset, BIOS, platform, and peripheral vendors will all benefit from this session and gain valuable insight into the coming advances in server and client virtualization technologies.
Level: 300
Session Audience: Driver Developer, Hardware Engineer, System Manufacturer
TCG at RSA Japan
SB-4. TCG as Emerging Trusted Computing Technologies
2007年04月25日 16:20〜17:10
Pay session
Naoto Onozuka
Ministry of Economy
Trade and Industry (METI) Office of IT Security Policy, Commerce and Information Policy Bureau
Deputy Director
Mark Schiller
Trusted Computing Group
Chairman
Brian D. Berger
Trusted Computing Group
Director
Seigo Kotani
Trusted Computing Group
Director
Abstract
TCG (Trusted Computing Group) technologies is used for PC and comes to popular for IT users. We will present the current status and activities related to TCG technologies, and show the perspective of the future of trusted computing.
Crazy story about bot armies running rampant on the net
http://redtape.msnbc.com/2007/03/bots_story.html
Thanks BerthaB - so much going on that it is hard to follow it all eom.
Wall Street Journal on Security Chips
(anyone have a subscription?)
Chips' Security Capabilities Expand
By Don Clark
Word Count: 719 | Companies Featured in This Article: Intel, Advanced Micro Devices, Hewlett-Packard, Microsoft, Symantec
A global battle against computer attacks is gaining potent new weapons: chips that offer built-in protections against malicious activity.
Intel Corp., Advanced Micro Devices Inc. and others have been racing to add security enhancements to popular chips for personal computers and server systems. When the chips are exploited by programmers, hardware and software can work together in new ways against computer viruses and other problems that cost businesses billions of dollars annually.
In another development, a start-up called Secure64 Software Corp. is utilizing security features in Intel's Itanium chips with new software for managing Internet directories known by the abbreviation ...
TC/Gov. Job
Software Developer/Researcher
Company: The Johns Hopkins Applied Physics Laboratory
Status: Full Time, Employee Job Category: Engineering
Relevant Work Experience: 5+ to 7 Years
Job Description
Description:
Work with a team of engineers and scientists in the development and prototyping of secure collaboration tools, secure authentication mechanisms, and trusted computing platforms for the nation's defense and intelligence communities.Research, analyze, and develop advanced software solutions. Design prototype applications, develop and test code, and produce technical documentation. Clearly articulate ideas in oral and written forms to technical staff, management, and sponsors including participation in working groups, sponsor presentations, and sponsor meetings. Participate in quality assurance, requirements, design, and other reviews.
Qualifications:
Required: BS in Computer Engineering, Computer Science, Electrical Engineering, or related field with 5 years experience in research of computer architecture, network, and operating system security. Possess strong coding skills including JAVA and C/C . Experience in integration of core IO and IA Open Source, COTS, and GOTS technology. Demonstrated excellent interpersonal skills, the ability to work independently and on a team, outstanding written and oral communications skills, and good organizational skills. Applicants selected will be subject to a Government security investigation and must meet the eligibility requirements for access to classified information. Eligibility requirements include US citizenship. Must be eligible for DoD clearance requiring background investigation and/or polygraph examination. Desired: MS in Computer Engineering, Computer Science, Electrical Engineering, or related field with 3 years experience in secure networking. Experience with virtual machine technology including VMWare and Xen. Kernel-level understanding of operating systems including Windows and Linux. Knowledge of additional coding languages and operating systems. Hold a current DoD clearance with prior experience working with intelligence community sponsors.
Salary/Benefits: Salary commensurate with experience
APL offers a comprehensive benefits package including a liberal vacation plan, a matching retirement program, significant educational assistance, a scholarship tuition program for staff with dependents, and competitive salaries commensurate with skills and experience. For more information about our organization, please visit our web site at http://www.jhuapl.edu/employment/benefits/benefits.html
Job Location: Laurel, MD
Company URL: http://www.jhuapl.edu/
Company Profile:
The Johns Hopkins Applied Physics Laboratory (APL) is a national leader in scientific research and development, located midway between Baltimore and Washington, DC.
Johns Hopkins University Applied Physics Laboratory is an equal opportunity/affirmative action employer that complies with Title IX of the Education Amendments Act of 1972, as well as other applicable laws, and values diversity in its workforce.
Microsoft piece on Trustworthy Computing
http://www.microsoft.com/mscorp/execmail/2007/02-06secureaccess.mspx
Enabling Secure Anywhere Access in a Connected World
Published: February 6, 2007
By Bill Gates, Chairman, Microsoft Corporation
•
During the last decade, digital technology has changed the world in profound and exciting ways. Today we communicate instantly with the people we care about without worrying about traditional limitations of time and location. At work, we collaborate with colleagues in distant cities. Global supply chains enable businesses to manufacture products and move them to market with incredible speed and efficiency. Mobile devices ensure that we are productive no matter where we are.
But these changes are just the beginning. As more and more of the world's information, commerce, and communications moves to digital form, it will open the door to a new world of connected experiences that link our interests and our communities into a seamless whole that extends across home, work, school, and play.
Already, a new generation of technology is transforming expectations for how we will conduct business, communicate, access entertainment, and much more. Increasingly, people envision a world of anywhere access - a world in which the information, the communities, and the content that they value is available instantly and easily, no matter where they are.
Of course we're not quite there yet. But whether we get there or not is no longer a question of the power of our devices and the speed of our connections. The real issue today is security. Ultimately, anywhere access depends on whether we can create and share information without fear that it will be compromised, stolen, or exploited.
The answer lies in trust - in creating systems and processes that are always secure so that people and organizations have a high degree of confidence that the technology they use will protect their identity, their privacy, and their information. This is an imperative that transcends any one company. Success will require hard work and extensive cooperation between companies, governments, and organizations from around the world.
Trust and security are critical priorities for Microsoft. I wanted to share my thoughts with you about the changing nature of security and the work that is being done at Microsoft to advance trust in computing and to help pave the way for future connected experiences based on secure and easy anywhere access.
Connectivity and the Evolving Threat Landscape
Today, connectivity - the basic foundation for anywhere access - can be a double-edged sword. Connectivity that streamlines the flow of information and communications can also open the door to malicious users. Meanwhile, where publicity once motivated many digital attacks, criminal financial gain is behind most security threats today. So in addition to viruses and worms, we must contend with spyware that logs keystrokes; rootkits that are used to hijack computers; and social engineering threats where criminals try to trick people into divulging the personal data needed to exploit digital information.
How widespread is the problem? In the United States last year, security breaches - some inadvertent, some purposeful and criminal - exposed the personal information of more than 100 million people. In 2005, 46 percent of fraud complaints filed with the U.S. Federal Trade Commission were Internet related. A 2006 report from the Cyber Security Industry alliance noted that 50 percent of Internet users are afraid their credit card information will be stolen. No company is immune to the danger. Malware targets products from virtually every software vendor. Every business is vulnerable to the risks that come with unauthorized access to corporate information.
In this changing threat environment, striking the right balance is extremely difficult. Easy access speeds communications but increases the danger that confidential information will be exposed. Stringent security measures reduce risk, but can make it too difficult for employees to access information or communicate with customers and partners and too complex for IT professionals to deploy and manage solutions.
The Road to Trust
Achieving the levels of trust needed to make connected experiences based on anywhere access possible will require an industry-wide effort to change the way we approach digital identities, build networks, and protect information.
The evolution of identity: The proliferation of identities and identity systems is a significant problem and a difficult challenge. We all struggle to remember an ever-growing number of user names and passwords as we move between systems at work and home. Because it is unlikely that a single digital identity system or technology will be universally adopted, a different approach is required - an approach based on creating a system of systems that provides the interoperability needed to link all identity solutions and technologies. This "identity metasystem" will be able to take advantage of the strengths of existing and future identity technologies while enabling the creation of a consistent and straightforward user interface. Solutions built on top of this metasystem will enable digital identities to be managed and protected effectively and easily.
The evolution of networks: To resolve the tension between providing access and maintaining security, new technologies for managing the way people and information move between corporate networks and the Internet are essential. In the face of a rapidly evolving threat landscape, the firewall - the fundamental tool for managing network security today - is no longer adequate. A better approach is security that is based on policy. With policy-based security, the rules that govern access to networks, resources, and information can be enforced seamlessly across platforms and devices.
The evolution of protection: It is impossible to overstate the importance of providing the right levels of privacy and information protection so that users can trust that their information is secure. To achieve this, we must be able to protect information not only when it is in transit, as we do today through encryption, but also on the server, the desktop, mobile device, and wherever else it may reside. Policy will also play an important role in the evolution of protection. By applying policy when information is created, we can enable information to flow freely and safely across systems and networks while maintaining appropriate control over how it is used, and by whom.
Security, Reliability, and Privacy: Trustworthy Computing at Microsoft
At Microsoft, Trustworthy Computing provides the foundation for the work we do to create trusted computing experiences. Announced five years ago, Trustworthy Computing is a core principle that places security, reliability, and privacy at the center of all of our efforts. One example of the impact of Trustworthy Computing is the Secure Development Lifecycle, a rigorous software development process that makes security a critical focus for every line of code that we write.
Trustworthy Computing is an important reason why Windows Vista is the most secure operating system that Microsoft has ever delivered. Developed from the ground up using the Secure Development Lifecycle process, Windows Vista includes new security features that help computer users protect sensitive information and give IT administrators new ways to protect corporate networks and preserve data integrity and confidentiality.
Windows Vista also offers new controls that enable parents to manage exactly what their children can do on the computer. These controls allow parents to restrict computer use to specific times and determine which games their children can play, which programs they can use, and which Web sites they can visit.
The 2007 Microsoft Office system and Microsoft Exchange Server 2007 were also built using the Secure Development Lifecycle, and they include a wide range of new security features that help protect against phishing scams and other threats to privacy and information security.
Together, Windows Vista, the 2007 Office system, and Exchange Server 2007 represent an important step forward in Microsoft's efforts to deliver tools to help protect information and privacy. And we continue to focus on developing comprehensive security solutions for consumers and businesses that provide more secure, controlled access to information and network resources. Examples include:
Windows Live OneCare: A comprehensive service for consumers, Windows Live OneCare automatically manages important PC maintenance and security tasks.
Microsoft Forefront: Designed for businesses, Microsoft Forefront is a family of security products that provides advanced protection against the latest threats and enables secure access across client operating systems, application servers, and the network edge, with a focus on simplified management and integration with existing IT infrastructure.
Identity Lifecycle Manager 2007: Building on Microsoft Identity Integration Server, Identity Lifecycle Manager 2007 adds new capabilities for managing strong credentials such as smart cards while providing an integrated approach that links certificate and password management and provisioning across Windows and enterprise systems.
Windows CardSpace: An important component of Microsoft's efforts to create an identity metasystem, Windows CardSpace enables any Windows application to provide users with a common way to work with digital identities so that people can use their digital identities on any machine, running any operating system.
Achieving Trust Through Industry Partnership and Collaboration
Before trust can become a reality, systems, processes, programs, and applications must work together reliably and securely. That is one important reason why Microsoft is committed to interoperability: before digital identities and information protected by policy-based security can move seamlessly between platforms and devices, systems must be able to interoperate. Today we are working closely with governments, organizations, and partners to create and implement industry-wide standards that will enable systems and applications to work together so that connectivity can be seamless and pervasive, and people can access digital information more securely no matter where they are or what device they have at hand.
Examples of industry partnerships and initiatives aimed at enhancing interoperability and improving trust and security include:
Interop Vendor Alliance: Launched in November, 2006, this global group of software and hardware vendors is working together to enhance interoperability through scenario-based testing and by sharing information about interoperability solutions with customers.
Microsoft Network Access Protection (NAP): This policy enforcement platform built into Windows Vista and Windows Server "Longhorn" helps ensure that only safe devices can access networks. More than 100 technology partners in the networking and security industry have joined the NAP ecosystem and have products that work with NAP.
SecureIT Alliance: This Web-based community was created to enable companies across the industry to develop, enhance, and promote applications that interoperate with the Microsoft platform. A central clearinghouse for security technology professionals, the SecureIT Alliance includes more than 100 members from countries around the world.
In addition, during the development of Windows Vista, Microsoft worked closely with leading security companies including Symantec and McAfee to provide technical support resources, access to application testing and compatibility labs, and developer training. Our goal is to ensure that our partners have the information they need to provide consumers with a broad range of security and safety software and services that can help to make computing experiences safer from the moment they begin using Windows Vista.
Today, nearly 1 billion people use digital technology in their day-to-day lives to communicate, connect, and create. As we continue to work together as an industry to create trust, we will be able to deliver incredible new connected experiences that transform the way people explore ideas, exchange goods and services, teach and learn, and share experiences with the people they care about. In the process, we have the opportunity to bring new levels of value and excitement to each of those 1 billion people, and hundreds of millions more.
Bill Gates
Re: Insight International
It is listed officially on Wave's website as the official contact in Japan for Wave.
Alexander Koehler for Germany. Nice find by the way - just what is going on in Japan? Maybe we'll find out something soon with RSA Japan on the horizon. Cheers, Foam
http://www.wavesys.com/about/contact.html
Winbond TPM reference on Fujitsu site
http://jp.fujitsu.com/group/fdi/downloads/overseas/winbond/apc-superi-o.pdf
Interesting Winbond TPM presentation (Feb. 2007)
Wave mention on slides 21 and 38. Interesting that Wave/NTRU is assumed to be the working solution for Winbond TPMs, including the Vista solution.
http://webcourse.cs.technion.ac.il/236350/Winter2006-2007/en/ho_Lectures.html
NTT Data doing Device Authentication at IC Card World
Dates: March 6 - 9, 2007
http://www.shopbiz.jp/pages/t_index_e.phtml?PID=0001&SID=07IC006600&TCD=IC&proctime=2007...
We exhibit the latest smartcard solutions for multi-payment, touch point marketing, security, utilization of government-issued card, and device authentication.
Booth No : IC2103
Strange TC job at BAE Systems
* Candidate will be the lead conference coordinator and the emerging technology analyst.
* As the lead conference coordinator, the candidate will be the main point of contact and lead coordinator of all logistics for the clients annual, high profile, Emerging Technology Conference.
* Provide oversight to conference planning staff and conference workforce.
* Manage master schedules for all conference planning activities.
* Closely interface with client conference program directors.
* As the emerging technology analyst, the candidate will be responsible for evaluating "trusted computing" technologies.
* Focus on operating systems, OS security features, and OS internals, specifically Microsoft Windows Vista.
* Other technologies include the Trusted Platform Module (TPM), Extensible Firmware Interface (EFI), and virtualization technologies.
* Main activities include technology analysis, presentation of findings, some written reports and the possibility of software development and reverse engineering.
* Qualifications:
* Years of work experience should include 5-8 years of experience working in systems engineering and project management fields required working in systems engineering and project management fields required.
* Knowledge of the Intelligence Community's mission, vision, goals, and values.
* Possession of excellent oral and written communications skills.
* Superior organizational skills.
* Good people management skills.
* Prior event planning experience desirable.
* Knowledge of computer security fundamentals.
* Knowledge of operating system internals.
* Software development experience.
* Reverse engineering experience desirable.
Must Have the Following:
* US Citizenship
* Hardware: Various types of computer hardware.
* Software: Windows XP/Vista.
* Educational: BSCS.
About BAE Systems:
BAE Systems is an international company engaged in the development,delivery, and support of advanced defense and aerospace systems in the air,on land, at sea, and in space. The company designs, manufactures, and supports military aircraft, combat vehicles, surface ships, submarines, radar, avionics, communications, electronics, and guided weapon systems. It is a pioneer in technology with a heritage stretching back hundreds of years and is at the forefront of innovation, working to develop the next generation of intelligent defense systems. BAE Systems has major operations across five continents and customers in some 130 countries. The company employs nearly 100,000 people and generates annual sales of approximately $25 billion through its wholly owned and joint-venture operations.
BAE Systems Information Technology (BAE-IT) is a full-service provider of information technology solutions with capabilities spanning a full suite of managed network services, IT applications, full-service systems integration and independent testing, and information assurance solutions for the Intelligence Community, the Department of Defense and its Military Services, and federal agencies and departments, including Homeland Security, Justice, Treasury and State. Additionally, BAE-IT s Global Analysis division serves as a key provider of skilled and experienced intelligence and geospatial analysts to a wide range of Government agencies and US military commands. In addition to on-site support, Global Analysis offers outsourced studies and assessments. Through its own group of in-house senior analysts, Global Analysis is prepared to provide the Intelligence Community and broader US Government with customized strategic assessments and analysis on political, economic, and security issues. Policymakers, intelligence officers, war fighters, and law enforcement officers have come increasingly to rely on the sophisticated intelligence analysis provided by Global Analysis to help them understand the threats, risks, and opportunities generated by today s rapidly evolving international environment.
BAE Systems is an Equal Opportunity Employer and supports a drug free environment.
Interesting Hitachi Job
Security SW Research Engineer - H1374
Hitachi Global Storage Technologies
Job Description
Pursue innovative research projects in the area of security architecture.
Explore and develop new security architectures and protocols for data storage systems, DRM systems, content protection systems, traditional desktop and mobile PCs and consumer electronics devices.
Develop new security solutions for hard disk drives. This includes designing new architectures and interfaces and security software for both consumer storage applications and enterprise class storage applications, and participating in industry initiatives and standardization activities on security and digital rights management.
Work as part of a research team to generate new ideas, publications and patents in the area of secure storage architectures.
Job Requirements
MS or PhD in Computer Science or Electrical Engineering or a closely related field
Demonstrated ability to perform high quality innovative research work in the area of system security, secure storage, digital rights management, content protection, or cryptography through a strong record of publications or through a record of contributions to system security projects.
Outstanding programming and software architecture skills.
Experience in multimedia systems architecture, storage systems, hard disk drive interfaces and protocols, file systems, trusted computing architecture (TCG), Wintel security architecture, and/or Linux kernel would be very desirable.
Apply Now
Weby, Think you just got your answer on Roger Kay's about-face (cf. Vacationhouse's nice find!!). Whew, things are really heating up and it isn't even spring yet. Regards, Foam
SteveHanna/Juniper on Trusted Storage
https://www.cmpevents.com/CSINS7/a.asp?option=G&V=3&id=514075
CRT-6] Extending Trust to Storage: Protecting Data at Rest
Speaker: Steve Hanna (Juniper/Trusted Computing Group)
Date/Time: Tuesday (June 12, 2007) 1:15pm — 2:30pm
Track: Critical Decisions
Presentation Format: 75-minute Session
Presentation Abstract
The Trusted Computing Group (TCG) Storage Workgroup is extending the trust boundary into storage by proposing a standard system for access control over features and properties of the internal storage device computing environment. This session will address the role of the Trusted Platform Module (TPM) is a root of trust that extends to trusted applications running on the host. The TPM securely manages storage resources in the internal storage computing environment. It is essential that one application not affect storage device resources that another application depends upon, except in predictable ways. Therefore the system of access controls may be divided among applications that run on the host. The speaker will discuss applications of such storage and implementation as well as concepts of trust and security.