WINDOWS VISTA AND TRUSTWORTHY COMPUTING BY S.VIJAY SARADHI
Dec 15, 2014
WINDOWS VISTA AND TRUSTWORTHY COMPUTING
BYS.VIJAY SARADHI
Importance of windows vista
• Started under the initiative called “trustworthy computing” in 2002 by bill gates
• Four major pillars of trusthworthy computing• Security• Privacy• Reliability• Business Integrity
DEVELOPMENT OF VISTA
SECURE DEVELOPMENT LIFE CYCLE• Security is a core requirement for software vendors, driven by market
forces, and the need to build and preserve widespread trust in computing
• Vista is the First OS from microsoft to completly go through the SDLC
• Principles of SDLC
• Secure by Design
• Secure by Default
• Secure in Deployment
Threats and Vulnerabilities Mitigation • Features and technologies providing layered defenses against malicious software
threats and intrusions through a strategy of prevention and isolation
Internet Explorer 7 Protected Mode
• Mandatory Integrity Control (MIC). A model in which data can be configured to prevent lower-integrity applications from accessing it.
• Processes are assigned an integrity level in their access token
• User Interface Privilege Isolation (UIPI). Blocks lower-integrity processes from accessing higher-integrity processes.
• Active X control installtions lead to an elevation prompt
Working of protected mode
USER ACCOUNT CONTROL
AIM OF UAC
Limiting application software to standard user privilage
Controlling the auto elevation of malicous process to higher intergrity level
Verifiying the Digital signatures associated with the software vendor
User Account Control
WORKING OF UAC
• During a login session token with basic privilage is provided
• Asks for credentials in a Secure Desktop mode
• This is to prevent spoofing of the UI or the mouse by the application requesting elevation.
• Provides defense against Shatter attacks and piggybacking of malware on critical services
Secure Desktop Mode
UAC PROMPT LEVELS
Address space layout randomization
• Preventing an attacker from being able to easily predict target addresses
• Memory addresses are obscured from shell code injected into the system
• Entropy is increased by raising the amount of virtual memory space when the period the randomization occurs over
• Code areas such as library base and main executable need to be discovered exactly
ASLR ENFORCEMENT
DATA EXECUTION PREVENTION
• Prevents an application or service from executing code from a non-executable memory region
• Helps prevent certain exploits that store code via a buffer overflow
• Hardware-enforced DEP enables the NX bit on compatible CPUs in 32-bit Windows and the native support on 64-bit kernels.
• Windows Vista DEP works by marking certain parts of memory as being intended to hold only data
DEP ENFORCEMENT
BIT LOCKER DRIVE ENCRYPTION
• Addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned personal computers
• Helps mitigate unauthorized data access by enhancing Windows Vista file and system protection
• The most secure implementation of BitLocker leverages the enhanced security capabilities of a Trusted Platform Module (TPM) version.
• TPM works with BitLocker to ensure that a computer running Windows Vista has not been tampered with while the system was offline.
WORKING OF BITLOCKER
KERNEL PATCH PROTECTION
• Protects the intergrity of Windows Kernel
• Periodical checks ensure the integrity of protected system structures. If a modification is detected, a bug check is initiated and the system is shut down
• Mitigates erratic display of “bluescreen of death” due to buggy software issues
• Protection from rootkits which may embed themselves in the kernel
SHELL AND UI ENHANCEMENTS
• WINDOWS AERO
• WINDOWS DRIVER DISPLAY MODEL
• WINDOWS INSTANT SEARCH
WINDOWS AERO• Its name is a backronym for Authentic, Energetic, Reflective and Open
• Utilizes the GPU in the system for rendering
• Reliable and seamless display, with none of the weird tearing effects that can mar the other interfaces
• Provides a much more desirable look and feel for the system as a whole by providing Windows flip3D,Windows flip and live thumbnails
START MENU USING AERO
WINDOWS FLIP ANF FLIP 3D
• Windows Flip and Windows Flip 3D render live thumbnail images of the exact contents of your open windows
• Windows Flip 3D dynamically displays all open windows in a graceful three-dimensional view.
• Flip 3D uses the dimension of visual depth to give you a more comprehensive view of your open windows
• Live taskbar thumbnail images display the actual contents of both windows that are currently open and those that are minimized in the taskbar
WINDOWS FLIP 3D
WINDOWS FLIP
LIVE THUMBNAILS
WINDOWS DRIVER DISPLAY MODEL
• Is the graphic driver architecture for video card drivers running Microsoft Windows versions beginning with Windows Vista.
• provides the functionality required to render the desktop and applications using Desktop Window Manager
• Improves the overall reilabilty of desktop composition by off-loading the rendering of windows to the GPU
RENDERING BY USING WDDM
WINDOWS INSTANT SEARCH• Upon installation,builds an index of the files on a user's hard drive. Once
the indexing is complete, Windows Search is able to use this index to search results more rapidly
• Windows Search also features word-wheeled search (or search-as-you-type).
• It uses property handlers to handle metadata from file formats
WINDOWS INSTANT SEARCH
ARCHITECTURE OF SEARCH• Windows Search is implemented as a Windows Service which implements
the Windows Search runtime and APIs, as well as acting as host for the index stores and controlling the components.
• the Indexer, which crawls the file system periodically and creates and maintains the index of the data
• The Indexer consists of two components, the Gatherer and the Merger,[9] the Gatherer retrieves the list of URIs that need to be crawled
• the is the job of the Merger to periodically merge the indices
ARCHITECTURE
CONCLUSION
Windows Vista has become the Harbinger for other OS’es to follow it,by incorporating robust security mechanisms.
It has clearly lived up to its caption of providing ClarityConfidence and Connectivity to its users
REFERNCES
• 1. www.msdn.com• 2. www.microsoft.com/technet• 3. www.winsupersite.com• 4. www.symantec.com/vista security• 5. Inside windows vista’s kernel by mark
russionvich• 6.Windows vista’s secrets by paul thurrott
THANK YOU