Summary of 2016 International Trusted Computing and Cloud Security Summit
1) Welcome Remarks
2) The advancement of Cloud Computing and Tursted Computing national standard
Speaker: Xiangang Liu, Deputy Secretary of TC260, CESI
TC260 have released 3 standards: a) GB/T 29829-2013: Specification of functionalities and interfaces of trusted computing password support platform; b) GB/T 29827-2013 Interface of motherboard of trusted platform; 3) GB/T 29828-2013: Trusted Connected architecture and is creating one standard: Test specification of trusted connectivity
3) Trusted Computing Group vision and Strategy
Speaker: Mark Schiller, Executive Director of TCG
4) SMx support in ISO/IEC 11889 TPM2.0
Speaker: Liu Xin, Director, NationZ Technologies
TPM2.0 supports SMx (cryption algorithm created by China): SM4, SM2 and SM3
5) China Trusted Cloud Computing Community
Speaker: Prof. Zhang HuanGuo, WuHan university
He mentioned security issues specific to Cloud computing: 1) Basically these issues are caused by Resource sharing: almost unlimited resource, but user don’t know whether these resources are trusted; almost existing-in-everywhere services but users don’t know whether it is trusted; almost unlimited storage space, but users don’t feel the existence of their data and don’t know whether their data is secure and furthermore, they cannot control their data as per their will. 2) User worries about the following items: security(system crash, malware/virus, data loss, data tampered), privacy leaking, not able to sense their own data, not able to control their data, lack of insurance of incidents.
In 2012, China Sig TC is founded to address the above issues. The founders are WuHan university, Intel, NationZ, Huawei, CS2C, Daoli Cloud, BaiAo. The roadmap is “Trusted Cloud server -> Trusted Cloud Terminal -> Trusted Network connectivity -> Typical Trusted application”.
He mentioned that in 2013, HuaWei released a trusted server, which support trusted boot, TXT to measure, support TPM2.0/TCM, support China business password, support trusted boot/running/migration of virtual machines.
6) Securing IoT with Trusted Computing (including Demo)
Speaker: Stefan Thom, Principal Engineer, Windows Division, Microsoft
There are a lot of improvements of security and trust in windows 10, comparing with win7, which can also be leveraged in IoT.
There are some security issues specific to IoT: a) Deployed on unsecure location; b) requires long-period security; c) Too many sensors/clients to be managed one by one; d) remote management; e) intermittent connectivity; f) requires firmware/embedded os upgrade to keep secure; g) store confidential data.
Give a demo using Raspberry motherboard with NationZ’s TPM2.0 chipset connected through I2C, use TPM to protect symmetric key of Azure Central devices ‘s identity. It demonstrates that it can create and protect the identity of devices and that keep confidential data even if malware intruded in.
There are a lot of use cases which TPM can work: a) create and protect hardware identity; b) defends malwares intruding including protecting confidential data after malware intrudes in; c) prevent hardwares from being tampered; d) meet the requirements of encryption protocols
7) Trusted IoT
Speaker: Intel China
It basically introduces how TCG standards are used in IoT (It is nothing special, so I don’t mentioned here)
8) Thinking about Beijing municipal government cloud
9) Secure “Industry 4.0” with TPM
Speaker: Amy Yu, marketing manager for Platform Security, Infineon
There are 3 basic layers in industry 4.0 architecture: Server, devices, network. Each layers can be attacked. So Trusted anchors/key integrity are essential for system security, which includes 3 aspects: key store, Crypto operation, key management.
There are 6 basic security use cases:
a) authentication to address who am I talking to;
b) Secured Communication to address the question that whether software or data can be secured during transferring;
c) Confidentiality with secured storage to address the question that whether my data or credential can be accessed by an attacker;
d) System&Data integrity: to address the question that whether my system and data is not manipulated and whether a 3rd party can verify that information;
e) Value chain support(dedicated functionalities for manufacturerers, platform owners, OS providers and more): to address the question whether security can be transported through the lifecycle and whether each owner can take ownership
f) Software/firmware upgrade: to address the question whether the software/firmware be secured during transfer
So a basic secure industry 4.0 by TPM contains TPM-enabled server, TPM enabled Gateway and TPM enabled Control equipment(main MCU).
10) Trusted Computing based Next Generation Secure Cloud Framework
Speaker: Chi Zheng, Deputy General Manager of Trusted computing section, DaTao GoHigh
CTrust Servers are invented by DaTao GoHigh(at least they claimed) and actively-immune architecture based on x86 and supports TCM and ISO/IEC11889-2015(TPM2.0). It is embedded with domestic-produced trusted module which is certified by National Encryption Bureau and use TCM and TPCM to implement the functionality of security from CPU power-on point.
They also introduce a system which can show the turst status and asset/geography tagging, which is very similar with Intel OAT/CIT.
11) SOTP-mobile trusted cloud security support technology
Speaker: Qiang Zhou, CSO of Peoplenet
It is about Single-one-tome password.
12) Innovation Strategy for Cross Platform Trusted Computing Solutions
Speaker: Dr. Gongyuan Zhuang, Security Architect, AMD Corp.
There is a new Security processor, which should exists in the same AMD SoC with AMD64/ARMv8. It is 32-bit microprocessor and it use separated ROM/SRAM in SoC, and be able to access main system’s memory and resources.
There are 3 TPM solutions: 1) Separated TPM: Use 3rd-party vendor’s TPM chips; 2) Solid-state software TPM; 3) Software TPM.
13) Inspur Trusted Computing Technology Research and Applications
Speaker: Gang Liu, manager of Software security Division, Inspur Electronics Industry Ltd.
3 measurements to build trusted relationship: a) reliable technology system(computing security/network security, …), b) proper management system(certification, audit, governance, …), c) healthy law insurance. Then the speaker introduces Inspurs’ InCloud manager and there is Trusted Management Platform in InCloud Manager which can shows the trusted status in hosts and virtual machines.
There are 3 main features for Trusted Management Platform:
a) It can detects any tamper of server hardwares and vritual machine softwares during boot up;
b) ensure that critical virtual machines are launched on trusted hosts.
c) security-label-based access control: the label is based on grade, scope and location
Inspurs also has an innovation on actively measuring trusted status based on BMC.
14) A new Model for Enterprise Cloud Security
Qiang Du, Directory of network Security Technology Research
The basic idea is Software-Defined Security and it collects all network flow information and uses Enforce Learning to get a model for normal network flow and then will give alert if any innormal network flow occurs.
15) Trusted Computing Application in Telecommunication Devices
Rui Zhang, Director of Security technology Research, HuaWei Group
TPM chip as hardware trusted root is the base of software integrity measurement.
How to ensure that VSS software stack security: introduce grsecurity, TDCLI, TCSI(TSS Core Service Interface) aTSPI.
How to Resovle integrity measurement of 7*24 running devices? Periodically measure.
In NFV area, the current TPM doesn’t support virtualization and hence we have to depend on vTPM and the security of vTPM depends on the security of virtualization.
He also mentioned how to deal with virtual machine escape.
16) TPM 2.0 Application in CS2C NeoKylin Trusted Operating System
Weijian Zhu, Director of Security Business, ZHong Biao Ruan Jian
NeoKylin OS introduction: a) system security grade meets GB/T20272-2006 the fourth grade; b) integrity TPM2.0 and TSS2 software stack; c) support TXT/tboot to trusted boot and configuration tools; d) trusted running control; e) trusted white-list management.
Summary of 2016 International Trusted Computing and Cloud Security Summit的更多相关文章
- 12月2日,上海Cloud Foundry Summit, Azure Cloud Foundry 团队期待和你见面!
12月2日,上海Cloud Foundry Summit, Azure Cloud Foundry 团队期待和你见面! 12日2日对中国Cloud Foundry的用户和开源社区来说,是极有意义的一天 ...
- 使用Spring Cloud Security OAuth2搭建授权服务
阅读数:84139 前言: 本文意在抛砖引玉,帮大家将基本的环境搭起来,具体实战方案还要根据自己的业务需求进行制定.我们最终没有使用Spring Security OAuth2来搭建授权服务,而是完全 ...
- Spring Cloud Security&Eureka安全认证(Greenwich版本)
Spring Cloud Security&Eureka安全认证(Greenwich版本) 一·安全 Spring Cloud支持多种安全认证方式,比如OAuth等.而默认是可以直接添加spr ...
- Spring Cloud Security OAuth2.0 认证授权系列(一) 基础概念
世界上最快的捷径,就是脚踏实地,本文已收录[架构技术专栏]关注这个喜欢分享的地方. 前序 最近想搞下基于Spring Cloud的认证授权平台,总体想法是可以对服务间授权,想做一个基于Agent 的无 ...
- 妹子始终没搞懂OAuth2.0,今天整合Spring Cloud Security 一次说明白!
大家好,我是不才陈某~ 周二发了Spring Security 系列第一篇文章,有妹子留言说看了很多文章,始终没明白OAuth2.0,这次陈某花了两天时间,整理了OAuth2.0相关的知识,结合认证授 ...
- Tagging Physical Resources in a Cloud Computing Environment
A cloud system may create physical resource tags to store relationships between cloud computing offe ...
- Cloud Computing Chapter3 (云计算第三章)
本篇文章是对课程大型软件系统设计与体系结构(双语)[又名:云计算]的课堂内容总结,适用于大连交通大学. Cloud Computing Chapter3 Understanding Cloud Com ...
- Spring Cloud Summary
Spring Cloud Summary https://cloud.spring.io/spring-cloud-static/Finchley.RC1/single/spring-cloud.ht ...
- CNCF LandScape Summary
CNCF Cloud Native Interactive Landscape 1. App Definition and Development 1. Database Vitess:itess i ...
随机推荐
- iOS字符串的各种用法(字符串插入、字符串覆盖、字符串截取、分割字符串)
NSString* str=@"hello";//存在代码区,不可变 NSLog(@"%@",str); //1.[字符串插入] NSMutableString ...
- 666 专题三 KMP & 扩展KMP & Manacher
KMP: Problem A.Number Sequence d.求子串首次出现在主串中的位置 s. c. #include<iostream> #include<stdio.h&g ...
- NSArray是强引用容器
经常比较疑惑NSArray.NSDictionary.NSSet这几个对象容器管理对象所采用的方式是“强引用”还是“弱引用”. 通过简单的命令行程序得到的结论是“NSArray.NSDictionar ...
- noip2010引水入城
https://www.zybuluo.com/ysner/note/1334997 这道题fst了 题面 戳我 解析 我一开始的想法是,按照高度给第一行排序,然后贪心地选取目前到不了的,高度最高的第 ...
- bzoj2839
容斥原理+组合数学 看见这种恰有k个的题一般都是容斥原理,因为恰有的限制比较强,一般需要复杂度较高的方法枚举,而容斥就是转化为至少有k个,然后通过容斥原理解决 我们先选出k个元素作为交集,有C(n,k ...
- Codechef SEPT17
Codechef SEPT17 比赛链接:https://www.codechef.com/SEPT17 CHEFSUM code给定数组 a[1..n] ,求最小的下标 i ,使得 prefixsu ...
- 编程 MD(d)、MT(d)编译选项的区别
转:http://blog.csdn.net/nodeathphoenix/article/details/7550546 1.各个选项代表的含义 编译选项 包含 静态链接的lib 说明 /MD _M ...
- SUI使用经验
基本布局结构: 本地js.css请使用正确的路径 <!DOCTYPE html> <html> <head> <meta charset="utf- ...
- Table View Programming Guide for iOS---(二)----Table View Styles and Accessory Views
Table View Styles and Accessory Views 表格视图的风格以及辅助视图 Table views come in distinctive styles that are ...
- git 基本命令详细解释
创建: 2017-04-05 17:04:03 2017-04-24 更新: 2017-05-16 更新: 2017-06-27 完善git remote add 更新: 2017 ...