The Trusted Stack
As we saw in my earlier blog, the SD3 model with a layered defence model still proved inadequate – see quote below.
Part of the problem is that the security solutions employed to date are primarily defensive technical measures that, while effective in mitigating particular avenues of attack, do not address an adversary who is adaptive and creative and will rapidly shift tactics. Thus, for example, hardening of the operating system caused attackers to move “up the stack” and attack applications, as well as refine social engineering techniques that technology today is ill-equipped to help prevent.
To create a framework to deal with some of these more significant threats and an adaptive adversary, Microsoft evolved the framework further to encompass what they call the trusted stack, shown in the table below.
Trust in People
Trust in Data
Trust in Software
Trust in O/S
Trust in Hardware
If any one component of the stack breaks down, the security of the other components becomes meaningless. In other words it is incumbent on corporations to ensure that they purchase trusted hardware, they lock down the operating system and any applications used with that operating system. All data is protected via access control lists and encryption and finally only trusted people are allowed to work with the systems. Once this model is in place and can be verified to be in place, then it becomes significantly harder to subvert a system. For all the different reasons why it is well worth you downloading the end to end trust paper. I thought the Microsoft End to End Trust Paper was down to earth, candid, surprisingly light on the Microsoft marketing rhetoric and very well worth the read.
You may also wish to contribute your thoughts on their end to end trust forum.