Microsoft. Authenticode Techonology. Microsoft's Developer Network Library, October 1996.  Home/Search   Document Not in Database   Summary   Related Articles   Check

..... 12 2.5 Digital Signatures . 13 2.6 Public Key Certificates . 13 2.7 Diffie Hellman Key Exchange . 15 2. 8 Dynamic Host Configuration Protocol . 16 vii 2.9 Trivial File Transfer Protocol . 18 2.10 Flash ROM . 18 3 Previous Work 21 3.1 ....

..... 77 7.3.1.2 Smart Card Integration . 79 7.3.1.3 Operating System Modifications . 79 7.3.1.4 Network Integration . 80 7. 4 Future Work Dynamic Integrity . 81 8 Conclusions 82 8.1 CLIC Model . 82 8.2 AEGIS . 83 A Initialization Code 84 ....

[Article contains additional citation context not shown here]

Microsoft. Authenticode Techonology. Microsoft's Developer Network Library, October 1996.

....board also contains code that allows the secure recovery of any integrity failures found during the initial bootstrap. In essence, the trusted software serves as the root of an au thentication chain that extends to the operating system and potentially beyond to application software [22] 10] [18]. A high level depiction of the bootstrap process is shown in figure 1. In the AEGIS boot process, either the operating system kernel is started, or a recovery process is entered to repair any integrity failure detected. Once the repair is completed, the system is restarted to ensure that the ....

....expect to move to X.509v3 certificates [6] and PKCS #7 [14] to bind the public key with an identity as well as use the Verisign certificate authority infrastructure. Ideally, we hope in the future that expansion board vendors will include signatures in their ROM in a manner similar to Authenticode [18]. The last two 1obytes of the 128kb AEGIS BIOS flash ROM contain the component signatures and public key(s) We are in the process of developing an installation and configuration program to allow system administrators to in stall and remove components and their associated signatures stored in ....

Microsoft. Authenticode techonology. Microsoft's Developer Network Library, October 1996.

....security feature, its implementation was probably more of a con guration management issue, i.e. prevent the loading of unapproved drivers so the machine doesn t crash. Finally, Microsoft implements a code signing mechanism entitled Authenticode that places a digital signature on ActiveX controls [14]. The signatures on the controls are used in conjunction with local policy to determine if the control will be executed, or ignored. In essence, providing a limited form of mandatory access control as in the early Java security architecture [3] 7.6 Java Code signing The signing of Java ....

Microsoft. Authenticode Techonology. Microsoft's Developer Network Library, October 1996.

....through modifications and additions to the BIOS. The BIOS contains the verification code, and public key certificate(s) In essence, the trusted software serves as the root of an authentication chain that extends to the operating system and potentially beyond to application software [38] 18] [34]. In the AEGIS boot process, either the operating system kernel is started, or a recovery process is entered to repair any integrity failure detected. Once the repair is completed, the system is warm booted to ensure that the system starts. This entire process occurs without user intervention. ....

Microsoft. Authenticode Techonology. Microsoft's Developer Network Library, October 1996.

.... trusted software serves as the root of an authentication chain that extends to the operating system and potentially beyond to applica 3 AEGIS ARCHITECTURE 3 Recovery Host ROM BIOS Trusted Software OS kernel Recovery Trusted Network Recovery Figure 1: AEGIS boot overview tion software [18] 9] [15]. A high level depiction of the bootstrap process is shown in figure 1. In the AEGIS boot process, either the operating system kernel is started, or a recovery process is entered in order to repair any integrity failure detected. Once the repair is completed, the system is restarted to ensure that ....

Microsoft. Authenticode techonology. Microsoft 's Developer Network Library, October 1996.

....through modifications and additions to the BIOS. The BIOS contains the verification code, and public key certificate(s) In essence, the trusted software serves as the root of an authentication chain that extends to the operating system and potentially beyond to application software [PG89] GDM89] [Mic]. In the AEGIS boot process, either the operating system kernel is started, or a recovery process is entered to repair any integrity failure detected. Once the repair is completed, the system is restarted to ensure that the system boots. This entire process occurs without user intervention. In ....

Microsoft. Authenticode Techonology. Microsoft 's Developer Network Library, October 1996.

....integrity checks compare a computed cryptographic hash value with a stored digital signature associated with each component. The importance of the integrity of the bootstrap pro cess is highlighted by the recent disclosure by Intel that the Pentium Pro and Pentium II processors can have their microcode dynamically updated through a process during bootstrap by using capabilities of the Basic Input Output System (BIOS) and the Power on Self Test (POST) Gol97] While this is a useful upgrade capability, it is also a dangerous one. AEGIS provides integrity guarantees not only for the BIOS ....

....compare a computed cryptographic hash value with a stored digital signature associated with each component. The importance of the integrity of the bootstrap pro cess is highlighted by the recent disclosure by Intel that the Pentium Pro and Pentium II processors can have their microcode dynamically updated through a process during bootstrap by using capabilities of the Basic Input Output System (BIOS) and the Power on Self Test (POST) Gol97] While this is a useful upgrade capability, it is also a dangerous one. AEGIS provides integrity guarantees not only for the BIOS code that updates ....

[Article contains additional citation context not shown here]

Microsoft. Authenticode Techonology. Microsoft's Developer Network Library, October 1996.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC