Windows 10 Trusted Computing Base a Comprehensive Security Strategy
The concept of trusted computing has been around for a very long time and has been the influence for the design and development of many security systems and solutions. The design factors-in expectations of behaviour and potential risk so that the necessary measures can be applied to limit the risk in the best possible way.
A stable foundation (hardware and software) is essential for trusted computing systems to be constructed on. Knowing the state in which the platform is in helps to determine decisions about how trustworthy the foundation may be and what security steps may be required to better secure the system.
The trusted computing base is a widespread concept and by no means new but the increase in security concerns is strengthening interest in ensuring trusted components are incorporated to ensure the best possible trusted environment.
Users and organisations place a large amount of trust in their operating systems and suppliers of them but these systems/technologies have always and will continue to be subject to failures due to inaccuracies and faults with these failures often resulting in many exploits with malicious intent and awful consequences before they are resolved.
With each new OS succession and release, Microsoft endeavours to better secure the OS thus Windows 10 should aim to provide the trusted components needed to achieve an improved secure platform.
The Trusted Computing Base
The Trusted Computing Base formally defined as-the totality of protection measures within a system (hardware, software and other) which you simply have to rely upon, and whose failure almost inevitably leads to compromise.
The Trusted Computing Base (TCB) of an endpoint is the combined systems of all hardware, firmware, or software components that are pertinent to the computers security. Any security issues within the TCB may risk the security of the entire system.
Firmware is often a forgotten part of the security elements that needs to be updated. In our experience once a machine is installed, including server hardware, it is seldom that the firmware running on the machine is properly updated, this is due to several reasons.
Access to the machine may be required to properly update the firmware, although the firmware updates cannot be done through the operating system, if something goes wrong physical access is required. In virtual environments these firmware updates mean that the entire guest operating system must be brought offline for the update to be applied and this is where resilience is required.
On the endpoint it has been proven that firmware can introduce vulnerabilities if not updated. My team has recently observed this, first hand, when working with purpose built machines that have a single function like ATMs, parking control and kiosk machines.
When securing Windows 10 the security professional has to consider all the connected hardware, the firmware of all the devices and the computer itself as well as the software. This includes the third party applications as they also form part of the system.
Hackers have now started realising that if they can compromise any component of the TCB they will gain access to the system and also possibly the networked devices connected to that node.
The objective for these hackers and individuals with malicious intent, typically is to “own” the entire system and the resources that the endpoint has command over. This might include the bandwidth, the processing power, and the speed of the computer. In recent times it was found that machines were mining Bitcoin without the users consent. So in practise, the application was using the users computers resources, including electricity, compute power, RAM, bandwidth etc. to mine Bitcoin for the benefit of the application writer. Windows 10 will not stop this type of attack…
Further issues to consider
When using modern compute like IaaS and PaaS you need to consider the TCB of the multitenant system that you select. The main reason is that the VM or cloud based solution might not be isolated such that they do not affect the other virtual machines running on the hosts.
A very simple example is flexible infrastructure. For example if 10 machines can run on one host and they all have the ability to take 10 gig of space, that’s a total of 10X10 so 100gig. However if one of the VMs is able to draw down more resources than the allocated amount, for whatever reason, it could compromise the integrity of the other VMs running on the same host.
This is not simple to execute but possible and many other like scenarios are possible. Therefore multi tenancy and security should be carefully evaluated when running shared infrastructure especially when the TCB is shared.
The comprehensive security strategy
How do security professionals, leading organisations, ensure that these event types do not occur? Additionally these types of commands could be much more nefarious, causing malicious damage.
The question now is, has Windows 10 been carefully designed and will it be implemented in a secure manner so that its TCB cannot be easily compromised?
After careful review by my team, it’s evident that Windows 10 is attempting to reduce the size of the TCB so that it is more challenging to exploit. Ultimately it seems that Microsoft is following in the footsteps of best practice but still has to perfect this approach.
Windows 10 security from a user perspective is about to get a whole lot more interesting and admittedly more secure.
Windows 10 will feature a new form of multi-factor authentication technology based upon standards developed by the FIDO Alliance, the recently formed multi factor authentication standard.
Windows 10 now supports improved and extended support for biometric authentication through the new branded "Windows Hello" and "Passport" platforms.
Windows 10 now achieves this with a new generation of authentication devices, with newly supported cameras that use modern infrared illumination generating heat signatures, unique to users, that will allow them to login with face, body or iris recognition.
The typical security basics will still apply in the age of Windows 10; keep everything up to date including third party applications. Ensure that the attack surface area is reduced down to only the applications that you need to run, so in other words don’t install applications that will not be used and keep removing and reviewing any applications, services and potentially vulnerable entry points into the system.
Windows 10 is very different to any other version of Windows that predates it. The security methodologies are more advanced and authentication is more secure so it’s quite evident that Microsoft is taking the users security more seriously.
I am quite sure that the platform will not be 100% secure and that monster bugs, as before, will continue to affect the operating system on mass as there are many vulnerabilities not yet discovered.
It is comforting to know that finally Microsoft is on the right path to better securing their operating systems and those using them.
Microsoft seems to be providing the necessary components and advanced capabilities conducive to assure users of the integrity of the operating system and to strengthen security.