EMB423 Creating A Trusted Environment For Windows CE 5.0 Nat Frampton President Real Time Development nat@realtimeonline.com MEDC DevCon 2005
EMB423 Creating A Trusted Environment For Windows CE 5.0 Nat Frampton President Real Time Development nat@realtimeonline.com
Microsoft MEDC Mobile Embedded DevCon 2005 May9-12,2005 Las Vegas Microsoft
着Windows Mobile Windows CE5.0 Windows Windows Hardware/privers OEM/HV Supplied BSP OEM Hardware and Standard PC (ARM,SH4,MIPS) Standard Drivers Hardware and Drivers Windows XP DDK Platform Builder Windows Embedded Studio Lightweigh EDB SQL Server 2005 Express Edition Relational SQL Server 2005 Mobile Edition SQL Server 2005 Nativ Win32 MFC 8.0,ATL 8.0 Managed .NET Compact Framework .NET Framework server side ASP.NET Mobile Controls ASP.NET Windows Media Multimedia DirectX Location services MapPoint Development Tools Visual Studio 2005 Internet Security and Acceleration Server communications Exchange Server Messaging Live Communications Server Speech Server Device Update Agent Management Image Update Software Update Services Tools Systems Management Server Microsoft Operations Manager
Management Tools Communications & Messaging Device Update Agent Software Update Services Live Communications Server Exchange Server Internet Security and Acceleration Server Speech Server Image Update Location Services Multimedia MapPoint DirectX Windows Media Development Tools Visual Studio 2005 MFC 8.0, ATL 8.0 Native Win32 Managed Server Side Lightweight Relational EDB SQL Server 2005 Express Edition Data Programming Model Device Building Tools Hardware/Drivers Windows XP DDK Windows Embedded Studio Platform Builder OEM/IHV Supplied BSP (ARM, SH4, MIPS) OEM Hardware and Standard Drivers Standard PC Hardware and Drivers SQL Server 2005 Mobile Edition SQL Server 2005 ASP.NET Mobile Controls ASP.NET .NET Compact Framework .NET Framework Microsoft Operations Manager Systems Management Server
Overview Inside Loader Authentication Implementation Example Implementation Scenerios Conclusions
Overview Inside Loader Authentication Implementation Example Implementation Scenerios Conclusions
Locking Down App Execution Trusted Model Application execution control via Trusted Model OEM option to assign trust levels to processes Protections Prevents unauthorized modules from being loaded Restricts access to certain system APls Prevent registry WRITE access to certain root and sub-keys: HKEY LOCAL MACHINE\Comm,Drivers,Hardware,Init, Services,SYSTEM,WDMDrivers Prevents WRITE access to files with SYSTEM attribute READ access granted,by default.Can be changed via [HKLM\System\Objectstore]\AllowSystemAccess
Locking Down App Execution Trusted Model Application execution control via Trusted Model OEM option to assign trust levels to processes Protections Prevents unauthorized modules from being loaded Restricts access to certain system APIs Prevent registry WRITE access to certain root and sub-keys: HKEY_LOCAL_MACHINE\Comm, Drivers, Hardware, Init, Services, SYSTEM, WDMDrivers Prevents WRITE access to files with SYSTEM attribute READ access granted, by default. Can be changed via [HKLM\System\ObjectStore]\“AllowSystemAccess
Locking Down App Execution When do I implement the Trusted Model? 1-tier (all code runs as Trusted) Prevent unknown code from executing on device Trust all code running on device (to same extent) 2-tier (code can run as Trusted or Untrusted) End users can run any code on device Protect from malicious code,such as worms, viruses,trojan attacks,etc. Restrict capabilities of certain processes
Locking Down App Execution When do I implement the Trusted Model? 1-tier (all code runs as Trusted) Prevent unknown code from executing on device Trust all code running on device (to same extent) 2-tier (code can run as Trusted or Untrusted) End users can run any code on device Protect from malicious code, such as worms, viruses, trojan attacks, etc. Restrict capabilities of certain processes
Locking Dow...Execution Trusted Model Load Library Load Trusted Model? Y R N Load Pass OEM Assign Trust Verification Level Load Fa Fai
Locking Dow… Execution Trusted Model Load Library Trusted Model? Y N Y N Load Fail Fail Pass OEM Verification Assign Trust Level T R F L o a d Load
Locking Down App Execution Trusted Model Implement Trusted Environment with two functions OEMCertifyModuleInit Loader notifies OAL(OEM Adaptation Layer)code when launching new module OEMCertifyModule Loader passes module to OAL code for verification Returns one of three trust levels: OEM CERTIFY TRUST, OEM CERTIFY RUN, OEM CERTIFY FALSE Samples available loadauth.lib-Sample implementation of OEMCertifyModule and OEMCertifyModuleInit signfile.exe-Desktop application that signs CE binaries
Locking Down App Execution Trusted Model Implement Trusted Environment with two functions OEMCertifyModuleInit Loader notifies OAL (OEM Adaptation Layer) code when launching new module OEMCertifyModule Loader passes module to OAL code for verification Returns one of three trust levels: OEM_CERTIFY_TRUST, OEM_CERTIFY_RUN, OEM_CERTIFY_FALSE Samples available loadauth.lib – Sample implementation of OEMCertifyModule and OEMCertifyModuleInit signfile.exe – Desktop application that signs CE binaries
OEM Certification Function Description Return value OEMCertifyModulelnit Enables the OS loaderto notify the TRUE or FALSE 85aaA8ego85e8e whether to verify the module for safety. OEMCertifyModule Allows the OS loader to pass the OEM_CERTIFY_TRUST module code(for example,DLL,EXE,OEM CERTIFY RUN and OCX)to the OEMfor verification OEM_CERTIFY_FALSE that it is safe to run on the system
OEM Certification Function Description Return value OEMCertifyModuleInit Enables the OS loader to notify the OEM that a new module is being loaded. Allows the OEM to decide whether to verify the module for safety. TRUE or FALSE OEMCertifyModule Allows the OS loader to pass the module code (for example, DLL, EXE, and OCX) to the OEM for verification that it is safe to run on the system. OEM_CERTIFY_TRUST OEM_CERTIFY_RUN OEM_CERTIFY_FALSE
DLL And EXE Trust Levels EXE trust DLL trust Final DLL trust OEM_CERTIFY_RUN OEM_CERTIFY_RUN OEM_CERTIFY_RUN OEM CERTIFY RUN OEM CERTIFY TRUST OEM CERTIFY RUN OEM CERTIFY TRUST OEM CERTIFY RUN DLL fails to load OEM CERTIFY TRUST OEM CERTIFY TRUST OEM CERTIFY TRUST
DLL And EXE Trust Levels EXE trust DLL trust Final DLL trust OEM_CERTIFY_RUN OEM_CERTIFY_RUN OEM_CERTIFY_RUN OEM_CERTIFY_RUN OEM_CERTIFY_TRUST OEM_CERTIFY_RUN OEM_CERTIFY_TRUST OEM_CERTIFY_RUN DLL fails to load OEM_CERTIFY_TRUST OEM_CERTIFY_TRUST OEM_CERTIFY_TRUST