Implementing Hardware Roots of Trust
SANS Institute has developed a first-of-its-kind guide and informational webcast to update organizations on exciting new uses for implementing hardware roots of trust, enabled by the Trusted Platform Module.
Learn How to Implement a Ubiquitous Technology Already Embedded in Enterprise Endpoints
In this document SANS looks at the broad industry support for TPM, the standards behind it. The report also provides updates on how TPMs are widely used in many computing devices, from mobile phones to low-cost Chromebook computers to high-end servers. Operating system support, including Windows, is also reviewed with discussion of the TPMÍs security capabilities in Windows 8 and the upcoming Windows 8.1. The report also examines how self-encrypting drives, or SEDs can be used for additional enterprise security and data protection.
This paper details how the TPM measures and verifies the state of a system to ensure it has not been tampered with or injected with malware. Among other things, readers will learn:
- How the standards-based TPM root of trust is gaining traction in formal security leadership in the government (through NIST SP 800-164 and NSA HAP, or High Assurance program and other programs, for example)
- Where and how TPM is embedded in hardware, as demonstrated in case studies from $250 Chromebooks with TPM for boot integrity on the consumer-grade devices to enterprise Windows 12 Servers
- Case studies on how TPM is implemented at pre-boot to protect against tampering and bootkits (formerly known as rootkits)
- Examples of TPM use for classified, multi-level desktop virtualization in the Air Force Research Labs (AFRL) SecureView program
The paper is associated with an archived informational webcast featuring Gal Shpantzer and John Pescatore from the SANS Institute. Joining them are CiscoÍs Stacy Cannady, TPM expert, and Chris Hallum, MicrosoftÍs product manager for Windows Security Solutions and expert on roots of trust.
- SANS Institute White Paper
- SANS Institute and TCG Webcast Presentation
- SANS Institute and TCG Webcast *A SANS account is required.
To learn more about how TPM can best be implemented visit the recorded webcast at no charge and click the register button here: https://www.sans.org/webcasts/implementing-hardware-roots-trust-96507