Welcome to two half days of seminars devoted to trusted computing, virtualization and security

Time: Jan 20 and Jan 21, 8.30-13.30.Place: Electrum, Isafjordsgatan 22/Kistagången 16, Kista, room Filen at 3rd floor.The seminars are hosted by the CPE Security Project in co-operation with SICS Center for Networked Systems and KTH.

Participation is free of charge but please register here before Jan 13, 2011.There is a limited number of seats so register early to make sure you have one of them!

Two half days of seminars on Trusted Computing - Virtualization and Security

A Customer Premises Equipment (CPE) is an operator platform for residential services. It has a key role for operator businesses such as network services, security alarm and media distribution. A CPE is very sensitive to attacks, both external network attacks and “inside” attacks from the customer itself, hence it needs advanced security functionality. The CPE Security Project is a collaborative effort between SICS, TeliaSonera, SonyEricsson, Ericsson and Lund University to make security analysis and security architecture design for CPE such as residential gateways. The project is funded by VINNOVA. A sub goal of the project is to increase the competence and awareness in Sweden with respect to the opportunities in trusted computing as well as security risks and solutions in virtualized systems. As part of this effort, we arrange a two day seminars devoted to trusted computing, virtualization and security. The seminars are organized together with the SICS Centre for Networked Systems and the Royal Institute of Technology (KTH). We are proud to present a list of very prominent speakers and are looking forward to two half days of very interesting talks.


Day 1 - Thursday, January 2008.30Coffee and registration09.00 Introduction by Christian Gehrmann, SICS09.10   Trusted computing as a universal security infrastructure by Chris Mitchell, Royal Holloway, UK    The talk will commence with a high-level introduction to trusted computing, including a review of the capabilities of the TPM, and what it is being used for right now.  The main focus of the second part of the talk will be on one particular possible application of the TPM, namely the provision of a universal security infrastructure. Whilst the universal PKI, widely predicted, has failed to emerge, such a universal security infrastructure might be about to arrive on our desktops 'by the back door'. The possible use of TPM to provide such a universal security infrastructure will be discussed, as will one practical applications of such a development for secure user authentication.10.10    Break

10.30Future Mobile trusted Platforms by Kurt Dietrich, TU Graz, Austria     Mobile and embedded devices have evolved from simple single-purpose devices into powerful multifunctional machines. They provide features and services that were  previously only available on much more powerful platforms. However, these new services require higher levels of security in sense of data and anonymity protection. Future platforms operating in the "Internet of Things" can be expected to increase this trend by providing manifold new interfaces to the wider world. These levels can be achieved by sophisticated virtualization and security extensions which will be offered by future platforms. Aside hardware security features, mobile trusted platforms also require components like security kernels and mobile software stacks supporting a multitude of mobile TPMs. All these components affect the principles and concepts of mobile trusted computing as we know it today. The SEPIA platform aims at combining all these components into a single mobilephone platform, thereby providing a reference for future trusted platforms.11.30Suitable usage scenarios for Trusted Computing by Nicolai Kuntze and Carsten Rudolph, Frauenhofer- SIT- Darmstadt, GermanyThe uptake of the widely distributed TPM in concrete applications is still rather low. Nevertheless, the growing market of mobile and distributed embedded systems can benefit from the core functionalitiesof trusted computing by establishing resilient and trustworthy platforms supporting various advanced business scenarious and opportunities. This talk will explore the applicability of Trusted Computing technologies inseveral embedded scenarios from two running FP7 projects TERESA and SecFutur, as well as current industry research.

12.30Lunch Day 2 - Friday, January 2108.30   Coffee09.00   Trusted Virtual Domains by Ahmad-Reza Sadeghi, TU Darmstadt – CASED  and Fraunhofer SIT, Germany

A Trusted Virtual Domain (TVD) is a coalition of virtual machines that are distributed over multiple physical platforms and share a common security policy. It allows groups of related virtual machines running on separate physical machines to be connected together as though there were on their own separate network fabric and, at the same time, helps to enforce cross-group security requirements such as isolation, confidentiality, security, and information flow control. TVDs are very well suited basis technology for cloud computing applications and to be deployed in the context of large-scale IT systems such as Datacenters, eHealth and eGovernment, etc.In this talk we present a security architecture for TVDs where we mainly focus on the incorporation of Trusted Computing functionality into TVD framework. We describe the main components and protocols necessary to realize the TVD design on a cross-platform architecture    10.00    Break10.20     Security and Trust For the Cloud by Reiner Sailer, IBM T J Watson Research, US    Virtualization offers unique opportunities to decrease power usage in data centers by consolidating server utilization. The cloud introduces a flexible service environment to (self-)provision and manage virtual computing resources on demand. However, both the sharing of resources among workloads in virtualized environments and the exposure of cloud services to the Internet introduce new security challenges. This talk will examine how trusted computing, virtual machine introspection, and trusted virtual datacenter technologies can support integrity and isolation in large virtualized environments. The focus of this talk will be on the effective deployment of trusted computing technologies to support centralized integrity services in large-scale virtualized environments, such as the cloud. We also give a short overview of our ongoing work on real-time detection of malicious network behaviors aiming to defend internet-facing clouds against external attacks.11.20    The Xen Hypervisor: Trust and Security Threats and Opportunities by Chris Dalton, HP Labs, UK   Machine Virtualization technology is currently generating significant interest both within industry and also academic research circles, not least in the area of trust and security. Machine virtualization technology combined with emerging chipset hardware security features such as TPMs, Vt-d and TXT offers the chance to radically improve the trustworthiness of our computing platforms, if architected, designed and implemented correctly.In this talk we will specifically look at the Xen Hypervisor, an open source based machine virtualization layer. We will start by outlining some of the key aspects of the Xen architecture from a security perspective, including how it takes advantage of the emerging hardware platform security features such as the TPM, Vt-d and TXT.Following that we will describe some known successful attacks on Xen based systems as a way of illustrating some of the current weaknesses within the Xen Security architecture.Finally we will point to a few key areas of research including control-plane disaggregation, measurement architectures and block encryption strategies that look to address the main architectural weaknesses of Xen, whilst maintaining its core desirable properties such as the support of modern day operating systems and the ability to expose the full capability and performance of today's computing platform hardware.12.30Lunch

You are most welcome!

Thursday, January 20, 2011, 09:30