Every year, computer security threats become more severe. Software alone can no longer adequately defend against them: what’s needed is secure hardware. The Trusted Platform Module (TPM) makes that possible by providing a complete, open industry standard for implementing trusted computing hardware subsystems in PCs. Already available from virtually every leading PC manufacturer, TPM gives software professionals powerful new ways to protect their customers. Now, there’s a start-to-finish guide for every software professional and security specialist who wants to utilize this breakthrough security technology.
Authored by innovators who helped create TPM and implement its leading-edge products, this practical book covers all facets of TPM technology: what it can achieve, how it works, and how to write applications for it. The authors offer deep, real-world insights into both TPM and the Trusted Computing Group (TCG) Software Stack. Then, to demonstrate how TPM can solve many of today’s most challenging security problems, they present four start-to-finish case studies, each with extensive C-based code examples.
David Challener went to work for IBM in East Fishkill after graduating with his Ph.D. in Applied Mathematics from the University of Illinois, (Urbana-Champaign). After helping design the first TPM (representing IBM), he became chair of the TCG TSS committee. When the IBM PC division was sold to Lenovo, he became a Lenovo employee, where he has represented the company on the TCG Technical Committee, TPM workgroup, and many other groups, while continuing to chair the TSS committee. Currently he is the Lenovo Board Member for TCG.
Kent Yoder has been working for the IBM Linux® Technology Center since graduating from Purdue University with a degree in Computer Science in 2001. He has represented IBM on the TCG TSS committee and has helped write and maintain TrouSerS, an open-source TSS library that implements the TSS software specification for the TCG TPM hardware.
Ryan Catherman was a member of the Trusted Computing Group, including active memberships in the TSS and TPM working groups while employed at IBM. He was also coauthor of the IBM implementation of Trusted Computing software at its inception and originator of Unix versions of this software. Currently, he works for Opsware Incorporated, a recent HP acquisition, and holds a masters degree in Computer Engineering.
David Safford is a researcher at IBM’s T. J. Watson Research Center in Hawthorne, New York. There he has led security research in numerous areas, including ethical hacking, threat analysis, security engineering, intrusion detection sensors, vulnerability scanning, cryptography, and operating system security. Prior to coming to IBM in 1996, he was Director of Supercomputing and Networking at Texas A&M University, and an A-7 pilot in the United States Navy.
Leendert van Doorn is a Senior Fellow at AMD where he runs the software technology office. Before joining AMD he was a senior manager at IBM’s T.J. Watson Research Center, where he managed the secure systems and security analysis departments. He received his Ph.D. from the Vrije Universiteit in Amsterdam where he worked on the design and implementation of microkernels. Nowadays his interests are in managed runtime systems, accelerated computing (AMD’s name for heterogenous and homogenous manycore computing), security, and virtualization. In his former job at IBM he worked on FIPS 140-2 level 4 physically secure coprocessors, trusted systems, and virtualization. He was also actively involved in IBM’s virtualization strategy, created and lead IBM’s secure hypervisor and trusted virtual data center initiatives, and was on the board of directors for the Trusted Computing Group. Despite all these distractions, he continued to contribute code to the Xen open-source hypervisor, such as the integrated support code for AMD-V and Intel®VT-x. When conference calls and meetings are getting too much for him, he is known to find refuge at CMU.
First, a flexible policy management framework must be in place to achieve alignment with business goals and consistent security implementation. Second, common re-usable security services are foundational building blocks for SOA environments, providing the ability to secure data and applications. Consistent IT Security Services that can be used by different components of an SOA run time are required. Point solutions are not scalable, and cannot capture and express enterprise-wide policy to ensure consistency and compliance.
In this IBM® Redbooks® publication, we discuss an IBM Security policy management solution, which is composed of both policy management and enforcement using IT security services. We discuss how this standards-based unified policy management and enforcement solution can address authentication, identity propagation, and authorization requirements, and thereby help organizations demonstrate compliance, secure their services, and minimize the risk of data loss.
This book is a valuable resource for security officers, consultants, and architects who want to understand and implement a centralized security policy management and entitlement solution.
The IBM® Security zSecure suite consists of multiple components designed to help you administer your mainframe security server, monitor for threats, audit usage and configurations, and enforce policy compliance. Administration, provisioning, and management components can significantly reduce administration, contributing to improved productivity, faster response time, and reduced training time needed for new administrators.
This IBM Redbooks® publication is a valuable resource for security officers, administrators, and architects who wish to better understand their mainframe security solutions.
With the current business, government, and institutional focus on security, organizations are scrambling to make their networks more secure. Although encryption is nothing new to Windows, recent advances in Microsoft® Windows 2003 and Microsoft® Windows XP have drastically simplified the support of encryption technologies in Windows environments. Delivered in Adobe PDF format for quick and easy access, Encryption in a Windows Environment: EFS File, 802.1x Wireless, IPSec Transport, and S/MIME Exchange, 1/e covers the installation and operation of EFS file encryption, IPSec communications encryption, 802.1x wireless encryption, L2TP mobile encryption, as well as the auto-enrollment of certificates that drastically simplifies the administration of encrypted communications. The encryption technologies addressed in this digital Short Cut are included in all copies of Microsoft® Windows 2003 and Microsoft® Windows XP.
Table of Contents
Section 1 What This Short Cut Will Cover
Section 2 Security the Manual Way
Section 3 Installing a Windows Certificate of Authority Server
Section 4 Implementing Encrypted File System (EFS)
Section 5 Implementing IPSec-Encrypted Transport Communications
Section 6 Implementing 802.1x Wireless Encryption
Section 7 Implementing Secured Email Communications with Exchange 2003
Section 8 Summary and Other Resources
In this IBM Redbooks® publication, we discuss the business context of security audit and compliance software for organizations and describe the logical and physical components of IBM Tivoli Security Information and Event Manager. We also present a typical deployment within a business scenario.
This book is a valuable resource for security officers, administrators, and architects who want to understand and implement a centralized security audit and compliance solution.
Simply put, this book is designed to empower and excite the programming community to go out and do cool things with the TPM. The approach is to ramp the reader up quickly and keep their interest.A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security explains security concepts, describes the TPM 2.0 architecture, and provides code and pseudo-code examples in parallel, from very simple concepts and code to highly complex concepts and pseudo-code.
The book includes instructions for the available execution environments and real code examples to get readers up and talking to the TPM quickly. The authors then help the users expand on that with pseudo-code descriptions of useful applications using the TPM.
After reading this book, you should be able to use these tools to do some testing and even working on penetration projects. You just need to remember not to use these techniques in a production environment without having a formal approval.