EMB304 Building Trustworthy Windows CE Embedded Devices and Applications Ganapathy Raman Program Manager Windows CE Security Team Microsoft Corporation MEDC DevCon 2005
EMB304 Building Trustworthy Windows CE Embedded Devices and Applications Ganapathy Raman Program Manager Windows CE Security Team Microsoft Corporation
Microsoft MEDC Mobile Embedded DevCon 2005 May9-12,2005 Las Vegas Microsoft
Windows Mobile Windows CE50 Windows Hardware/privers OEM/HV Supplied BSP OEM Hardware and Standard PC (ARM,SH4,MIPS) Standard Drivers Hardware and Drivers Windows XP DDK Platform Builder Windows Embedded Studio Lightweigh EDB SQL Server 2005 Express Edition Relational SQL Server 2005 Mobile Edition SQL Server 2005 Native Win32 MFC 8.0,ATL 8.0 Managed .NET Compact Framework .NET Framework server side ASP.NET Mobile Controls ASP.NET Windows Media Multimedia DirectX Location services MapPoint Development Tools Visual Studio 2005 Internet Security and Acceleration Server communications Exchange Server Messaging Live Communications Server Speech Server Device Update Agent Management Image Update Software Update Services Tools Systems Management Server Microsoft Operations Manager
Management Tools Communications & Messaging Device Update Agent Software Update Services Live Communications Server Exchange Server Internet Security and Acceleration Server Speech Server Image Update Location Services Multimedia MapPoint DirectX Windows Media Development Tools Visual Studio 2005 MFC 8.0, ATL 8.0 Native Win32 Managed Server Side Lightweight Relational EDB SQL Server 2005 Express Edition Data Programming Model Device Building Tools Hardware/Drivers Windows XP DDK Windows Embedded Studio Platform Builder OEM/IHV Supplied BSP (ARM, SH4, MIPS) OEM Hardware and Standard Drivers Standard PC Hardware and Drivers SQL Server 2005 Mobile Edition SQL Server 2005 ASP.NET Mobile Controls ASP.NET .NET Compact Framework .NET Framework Microsoft Operations Manager Systems Management Server
Introduction Microsoft committed to helping you meet your security goals Secure Devices Secure Applications Demonstrate rich set of security features ⊙ Share best practices,processes,tools
Introduction Microsoft committed to helping you meet your security goals Secure Devices Secure Applications Demonstrate rich set of security features Share best practices , processes, tools
Code Execution Security Questions Control over code execution Control over code rights Answer Windows CE Trust Model Every exe/dll assigned trust level Trust level 0-Don'trun 1-Run normal(restricted rights) 2-Run trusted
Code Execution Security Questions Control over code execution Control over code rights Answer Windows CE Trust Model Every exe/dll assigned trust level Trust level 0 – Don’t run 1 – Run normal (restricted rights) 2 – Run trusted
Code Execution Security Normal mode(restricted rights) Protected registry keys(write) Protected system files Protected API's You can extend trusted boundary How does OS determine trust level? It does not;You do Implement secure loader Trust based on signatures
Code Execution Security Normal mode (restricted rights) Protected registry keys (write) Protected system files Protected API’s You can extend trusted boundary How does OS determine trust level? It does not; You do Implement secure loader Trust based on signatures
Code Execution Security exe OS Secure Check File system Loader Loader Signature Don't Run /Normal/Trusted exe Registry Check Trusted/Normal Subsystem Trust Level Normal Registry Trusted
Code Execution Security
Code Execution Security demo MEDC DevCon 2005
Code Execution Security
Secrets Storing secrets in software is DIFFICULT It's best to not store the secret itself Think of key hierarchies Leverage secure storage in hardware Whom are you protecting the secret from 'Normal'processes on same device Theft of offline storage(CF card) Communication network ·User
Secrets Storing secrets in software is DIFFICULT It’s best to not store the secret itself Think of key hierarchies Leverage secure storage in hardware Whom are you protecting the secret from ? ‘Normal’ processes on same device Theft of offline storage (CF card) Communication network User
Data Protection API(DPAPI) ⊙API CryptProtectData CryptUnProtectData Easy to use Don't have to create or manage keys Highly leveraged by OS components Does not deal with storage ⊙System flag support Restrict access to trusted code Can provide additional entropy (application specific information)
Data Protection API (DPAPI) API CryptProtectData CryptUnProtectData Easy to use Don’t have to create or manage keys Highly leveraged by OS components Does not deal with storage System flag support Restrict access to trusted code Can provide additional entropy (application specific information)