Identity Matters In Security : Microsoft Executive Proposes Digitally Signed Hardware

 
May 25, 2009

by Dana Tierney, Sr. Assistant Editor

"People have multiple identities and identity attributes may be all we care about," said Scott Charney, Corporate Vice President for Trustworthy Computing at Microsoft. So the organization that needs to know your state of residency or your age, for example, does not need to know your hair or eye color, or your place of birth. The anonymity of the Internet allows a freedom of speech that would not always be possibly if all identities were fully verified.

"And so we need a different model for thinking about identity, one that allows authentication in the right places but not in all places, and not an authentication model that strips away anonymity and the values that anonymity protects such as free speech, such as political debate," he said.

After the RSA Conference last year Charney wrote End to End Trust, a paper proposing more security in online identity management. It is important to know with whom you are dealing on the Internet, because "there's always a percentage of the population up to no good." This trust can have nuances and caveats, he said. "I do not mean absolute trust. This is not a binary concept. Trust has to be reasonable and relative to what you're trying to accomplish. There are some people I trust a lot, there are some people I trust a little. There are some people I used to trust but I don't trust them anymore."

Charney's interest in identity management began in 1991, when he was assigned to prosecute cybercrimes at the Department of Justice. Three cases made it clear that the United States just wasn't prepared for what was to come. The first was The Cuckoo's Egg, in which the KGB hacked the Department of Defense, as documented by Cliff Stoll. Then the Morris Worm shut down the Internet in 1988. In the third case, the first attack on critical infrastructure, hackers from the Legion of Doom penetrated BellSouth and could have shut down telephone service for the southeastern United States.

In the physical world, crime fighters use police patrols and neighborhood watches, court systems and law enforcement agents, none of which exist on the Internet, he said. And the nature of the threat continues to evolve; the attackers are growing very sophisticated.

When Charney joined Microsoft in 2002 as chief security strategist, his friends laughed at him for putting Microsoft and security in the same sentence. Since then though, he said, "I think we've proven we're very serious about security." Changes in the Microsoft process have included incorporating SD3 – secure by design, secure by default, secure in deployment. "We embrace the Secure Development Lifecycle, the SDL, so that we build threat models at design time, and we put security milestones throughout the process," he said.

But while information technology professionals "have to do the fundamentals right", advanced techniques specifically designed to deal with security do exist. Initiatives such as secure coding and automatic updating offer critical safeguards, as do specific threat mitigation strategies such as phishing filters. Charney proposes to expand on these and create a "trusted stack," which would embed trust in hardware "because it's less malleable," and sign both systems and software.

Recent attacks used an attachment thought to come from a trusted source, which actually is spoofed. The identity of the person you think you are talking to needs to be verifiable as well, Charney said, and this is one of the goals of the identity metasystems his group is working on, codenamed Geneva. "Essentially... it allows you to pass claims about a person as opposed to full identity," said Charney. The usual paradigm for verifying identity on the internet involves matching details such as place of birth or mother's maiden name, but "those secrets aren't secret at all." Solving this requires social forces, economic forces, political forces, and IT to all align behind this idea. "Too often good ideas fail because the alignment isn't there," whether because the idea is not easy to monetize, or for some other reason.

Microsoft has published a book on threat modeling and recently released a threat-modeling tool. It continues to work with the Trusted Platform Module (TPM). Vista had Bitlocker, offering full-volume encryption, and Windows 7 offers Bitlocker to Go, which allows administrators to set group policy blocking the installation of unsigned code or code from organizations that you don't trust or don't want to run. Microsoft products also allow information rights management, through which a user can set permissions on a email, allowing it to be read but not forwarded or printed, for example.

In another development, Direct Access in Windows 7 offers an answer for people who used to laboriously sign into their corporate networks using RAS, when in fact they just wanted access to their email and calendar. Direct Access lets you do only this, allowing users access to their own email without requiring multiple network logins, using IpSec over IPv6. It really goes back to the model that security for security's sake doesn't work well. "You encourage people to embrace and adopt new technology by giving them a productivity gain or features that make the security tax, if there is one, worth paying," Charney said.

He played a very brief video preview of a product code-named Sterling, currently under development. This product attempts to address some of the frustrations other speakers had mentioned about the inability to see and coordinate the security status of corporate systems.

The full talk is online at http://media.omediaweb.com/rsa2009/webcast.htm?id=1_4.

More information about End to End Trust: http://www.microsoft.com/mscorp/twc/endtoendtrust/default.aspx

Dana Tierney is the Sr. Assistant Editor at House of Fusion, where she causes authors to cry over their once-thought perfect articles. They recover, and their articles are better for it. But still, the sound of grown men weeping...


Add a Comment
(If you subscribe, any new posts to this thread will be sent to your email address.)
  
Privacy | FAQ | Site Map | About | Guidelines | Contact | Advertising | What is ColdFusion?
House of Fusion | ColdFusion Jobs | Blog of Fusion | AHP Hosting