About IA at NSA
Partners
Rowlett Awards
Award Recipients
Background
Nomination Procedures
Links
IA Client and Partner Support
IA News
IA Events
IA Mitigation Guidance
Media Destruction Guidance
Security Configuration Guides
Applications
Archived Guides
Cisco Router Guides
Database Servers
Fact Sheets
Industrial Control Systems (ICS)
IPv6
Operating Systems
Supporting Documents
Switches
VoIP and IP Telephony
Vulnerability Technical Reports
Wireless
System Level IA Guidance
TEMPEST Overview
TEMPEST Products: Level I
Certified
Confirmed Deficiencies
Suspended
Terminated
No Longer Produced
TEMPEST Products: Level II
Certified
Confirmed Deficiencies
Suspended
Terminated
No Longer Produced
TEMPEST Company POCs
Certified
Suspended
Terminated
Trusted Computing
IA Academic Outreach
National Centers of Academic Excellence in IA Education
CAE/IAE Program Criteria
CAE-R Program Criteria
Colloquium
Institutions
SEAL Program
Applying
FAQs
IA Courseware Evaluation Program
Institutions
FAQs
Student Opportunities
IA Business and Research
IA Business Affairs Office
Certified Product Sales and Support
Commercial COMSEC Evaluation Program
Commercial Satellite Protection Program
Independent Research and Development Program
User Partnership Program
Partnerships with Industry
NIAP and COTS Product Evaluations
IA Programs
Commercial Solutions for Classified Program
Global Information Grid
High Assurance Platform
HAP Technology Overview
HAP Technology Partner Program
HAP Resource Library
Inline Media Encryptor
Suite B Cryptography
NSA Mobility Program
IA Careers
Contact Information
|
HAP Technology Overview:Trusted Computing Technologies Used in the High Assurance PlatformToday, a variety of commercial products make limited use of Trusted Computing technologies, but few secure, integrated platforms exist. The HAP Program has combined a comprehensive set of Trusted Computing technologies to create secure HAP workstations and networked enterprise environments. These reference implementations use hardware and software technologies to dramatically improve workstation and network security. Some of the Trusted Computing technologies and techniques included in the HAP framework are outlined below: 1) Hardware-based Root of Trust: HAP relies on the Trusted Platform Module (TPM), an implicitly trusted hardware component, to store encryption keys and system measurements and protect against software-based attacks. 2) Device Measurement: The identity and integrity of each hardware and software system component are measured and verified before passing control. 3) Measurement Monitoring: Verifiable reports of a device’s identity and current configuration are transmitted to the network, where decisions are made governing network access and device disposition. No unknown or noncompliant devices are allowed on the network. 4) Long Term Protected Storage: Hardware-based full disk encryption ensures that data is secure, even if drives are removed from workstations. 5) Process Separation: HAP uses hardware- and software-secured virtualization to separate user processes from supervisor processes. Secure domain separation enables multiple security domains to be hosted on a common computing platform base with no unintended interaction. 6) Program Isolation: HAP uses guest partitions like virtualization or separation kernels to separate applications from one another. Code, Data and Resources associated with Process A are unavailable to Process B. |
|
Date Posted: Jan 3, 2011 | Last Modified: Jan 3, 2011 | Last Reviewed: Jan 3, 2011 |