Intel Trusted Execution Technology for Server Platforms : : A Guide to More Secure Datacenters.
Saved in:
| : | |
|---|---|
| TeilnehmendeR: | |
| Place / Publishing House: | Berkeley, CA : : Apress L. P.,, 2013. ©2013. |
| Year of Publication: | 2013 |
| Edition: | 1st ed. |
| Language: | English |
| Online Access: | |
| Physical Description: | 1 online resource (149 pages) |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| LEADER | 07315nam a22004213i 4500 | ||
|---|---|---|---|
| 001 | 5006422761 | ||
| 003 | MiAaPQ | ||
| 005 | 20240229073838.0 | ||
| 006 | m o d | | ||
| 007 | cr cnu|||||||| | ||
| 008 | 240229s2013 xx o ||||0 eng d | ||
| 020 | |a 9781430261490 |q (electronic bk.) | ||
| 020 | |z 9781430261483 | ||
| 035 | |a (MiAaPQ)5006422761 | ||
| 035 | |a (Au-PeEL)EBL6422761 | ||
| 035 | |a (OCoLC)1113481075 | ||
| 040 | |a MiAaPQ |b eng |e rda |e pn |c MiAaPQ |d MiAaPQ | ||
| 050 | 4 | |a QA76.9.A25 | |
| 100 | 1 | |a Futral, William. | |
| 245 | 1 | 0 | |a Intel Trusted Execution Technology for Server Platforms : |b A Guide to More Secure Datacenters. |
| 250 | |a 1st ed. | ||
| 264 | 1 | |a Berkeley, CA : |b Apress L. P., |c 2013. | |
| 264 | 4 | |c ©2013. | |
| 300 | |a 1 online resource (149 pages) | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 505 | 0 | |a Intro -- Contents at a Glance -- Contents -- Foreword -- About the Authors -- Acknowledgments -- Introduction -- Chapter 1: Introduction to Trust and Intel ® Trusted Execution Technology -- Why More Security ? -- Types of Attacks -- What Is Trust? How Can Hardware Help? -- What Is Intel® Trusted Execution Technology? -- Static Chain of Trust -- Dynamic Chain of Trust -- Virtualization -- Measured Launch Environment -- Finding Value in Trust -- Cloud Computing -- Attestation: The Founding Principle -- Value to System Software -- Cloud Service Provider/Cloud Service Client -- What Intel TXT Does Not Do -- Enhancements for Servers -- Including BIOS in the TCB -- Processor-Based CRTM -- Trusting the SMM -- Other Differences -- Impact of the Differences -- Roles and Responsibilities -- OEM -- Platform Owner -- Host Operating System -- Other Software -- Chapter 2: Fundamental Principles of Intel ® TXT -- What You Need: Definition of an Intel ® TXT-Capable System -- Intel® TXT-Capable Platform -- Intel TXT Platform Components -- Processor -- Chipset -- Trusted Platform Module (TPM) -- BIOS -- Authenticated Code Module (ACM) -- The Role of the Trusted Platform Module (TPM) -- TPM Interface -- Localities -- Control Protocol -- Random Number Generator (RNG) -- SHA-1 Engine -- RSA Engine and Key Generation -- Platform Configuration Registers (PCRs) -- Nonvolatile Storage -- Attestation Identity Key (AIK) -- TPM Ownership and Access Enforcement -- Cryptography -- Symmetric Encryption -- Asymmetric Encryption -- Cryptographic Hash Functions -- Why It Works and What It Does -- Key Concepts -- Measurements -- Secure Measurements -- Static and Dynamic Measurements -- The Intel TXT Boot Sequence -- Measured Launch Process (Secure Launch) -- Protection Against Reset Attacks -- Launch Control Policy -- Platform Configuration (PCONF). | |
| 505 | 8 | |a Trusted OS Measurements (MLE Element) -- Protecting Policies -- Sealing -- Attestation -- Summary -- Chapter 3: Getting It to Work: Provisioning Intel ® TXT -- Provisioning a New Platform -- BIOS Setup -- Enable and Activate the Trusted Platform Module (TPM) -- Enable Supporting Technology -- Enabling Intel® TXT -- Summary of BIOS Setup -- Automating BIOS Provisioning -- Establish TPM Ownership -- What Is TPM Ownership ? Why Is This Important? -- How to Establish TPM Ownership -- Pass-Through TPM Model -- Remote Pass-Through TPM Model -- Management Server Model -- Protecting Authorization Values -- Install a Trusted Host Operating System -- VMware ESXi Example -- Linux Example (Ubuntu) -- Create Platform Owner's Launch Control Policy -- How It Works -- What LCP Does -- Specifying Platform Configuration: The PCONF Element -- Specifying Trusted Operating Systems: The MLE Element -- Specifying Trusted ACMs -- Specifying a Policy of "ANY" -- Revoking Platform Default Policy -- Why Is PO Policy Important? -- Prevent Interference by the Platform Supplier Policy -- Establishing Trusted Pools -- Reduce the Need for Remote Attestation -- Reset Attack Protection -- Considerations -- Summary -- Chapter 4: Foundation for Control: Establishing Launch Control Policy -- Quick Review of Launch Control Policy -- When Is Launch Control Policy Needed? -- Remote Attestation -- What Does Launch Control Policy Deliver? -- PCR0: CRTM, BIOS, and Host Platform Extensions -- PCR1: Host Platform Configuration -- PCR2, 3: Option ROM Code and Configuration Data -- PCR4, 5: IPL Code and Configuration Data -- PCR6: State Transition and Wake Events -- PCR7: Host Platform Manufacturer Control -- Platform Configuration (PCONF) Policy -- Specifying Trusted Platform Configurations -- Tools Needed for Creating a PCONF Policy -- Difficulties with Using PCONF Policy. | |
| 505 | 8 | |a Specifying Trusted Host Operating Systems -- Tools Needed for Creating MLE Policy -- Options and Tradeoffs -- Impact of SINIT Updates -- Impact of Platform Configuration Change -- Impact of a BIOS Update -- Impact of OS/VMM Update -- Managing Launch Control Policy -- Think Big -- Use a Signed List -- Make Use of Vendor-Signed Policies -- Use Multiple Lists for Version Control -- Using the Simplest Policy -- Other Tips -- Strategies -- Impact of Changing TPM Ownership -- Decision Matrix -- Chapter 5: Raising Visibility for Trust: The Role of Attestation -- Attestation: What It Means -- Attestation Service Components -- Endpoint, Service, and Administrative Components -- Attestation Service Component Capabilities -- Administrative Component Capabilities -- Attestation in the Intel TXT Use Models -- Enabling the Market with Attestation -- OpenAttestation -- Mt. Wilson -- How to Get Attestation -- Chapter 6: Trusted Computing: Opportunities in Software -- What Does "Enablement" Really Mean? -- Platform Enablement: The Basics -- Platform Enablement: Extended -- Provisioning -- Updates -- Attestation -- Reporting and Logging -- Operating System and Hypervisor Enablement -- Enablement at Management and Policy Layer -- Provisioning -- Updates -- Attestation -- Reporting and Logging -- Enablement at the Security Applications Layer -- Chapter 7: Creating a More Secure Datacenter and Cloud -- When Datacenter Meets the Cloud -- The Cloud Variants -- Cloud Delivery Models -- Intel TXT Use Models and the Cloud(s) -- The Trusted Launch Model -- Trusted Compute Pools: Driving the Market -- Extended Trusted Pools: Asset Tags and Geotags -- Compliance: Changing the Landscape -- Chapter 8: The Future of Trusted Computing -- Trust Is a Foundation -- More Protections and Assurance -- Is There Enough to Trust? -- Measures at Launch Time. -- What Intel TXT Measures. | |
| 505 | 8 | |a The Whitelist Approach -- The Evolution of Trust -- Trusted Guest -- End-to-End Trust -- Runtime Trust -- The Trust and Integrity "Stack" -- Index. | |
| 588 | |a Description based on publisher supplied metadata and other sources. | ||
| 590 | |a Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries. | ||
| 655 | 4 | |a Electronic books. | |
| 700 | 1 | |a Greene, James. | |
| 776 | 0 | 8 | |i Print version: |a Futral, William |t Intel Trusted Execution Technology for Server Platforms |d Berkeley, CA : Apress L. P.,c2013 |z 9781430261483 |
| 797 | 2 | |a ProQuest (Firm) | |
| 856 | 4 | 0 | |u https://ebookcentral.proquest.com/lib/oeawat/detail.action?docID=6422761 |z Click to View |