Use Trusted Computing to Make PCs Safer, More Secure, and More Reliable Every year, computer security threats become more severe. Software alone can no longer adequately defend against them: what’s needed is secure hardware. The Trusted Platform Module (TPM) makes that possible by providing a complete, open industry standard for implementing trusted computing hardware subsystems in PCs. Already available from virtually every leading PC manufacturer, TPM gives software professionals powerful new ways to protect their customers. Now, there’s a start-to-finish guide for every software professional and security specialist who wants to utilize this breakthrough security technology. Authored by innovators who helped create TPM and implement its leading-edge products, this practical book covers all facets of TPM technology: what it can achieve, how it works, and how to write applications for it. The authors offer deep, real-world insights into both TPM and the Trusted Computing Group (TCG) Software Stack. Then, to demonstrate how TPM can solve many of today’s most challenging security problems, they present four start-to-finish case studies, each with extensive C-based code examples. Coverage includes What services and capabilities are provided by TPMs TPM device drivers: solutions for code running in BIOS, TSS stacks for new operating systems, and memory-constrained environments Using TPM to enhance the security of a PC’s boot sequence Key management, in depth: key creation, storage, loading, migration, use, symmetric keys, and much more Linking PKCS#11 and TSS stacks to support applications with middleware services What you need to know about TPM and privacy--including how to avoid privacy problems Moving from TSS 1.1 to the new TSS 1.2 standard TPM and TSS command references and a complete function library
Using the Trusted Platform Module in the New Age of Security
Author: Will Arthur
A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security is a straight-forward primer for developers. It shows security and TPM concepts, demonstrating their use in real applications that the reader can try out. Simply put, this book is designed to empower and excite the programming community to go out and do cool things with the TPM. The approach is to ramp the reader up quickly and keep their interest.A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security explains security concepts, describes the TPM 2.0 architecture, and provides code and pseudo-code examples in parallel, from very simple concepts and code to highly complex concepts and pseudo-code. The book includes instructions for the available execution environments and real code examples to get readers up and talking to the TPM quickly. The authors then help the users expand on that with pseudo-code descriptions of useful applications using the TPM.
The TCPA 1.0 specification finally makes it possible to build low-cost computing platforms on a rock-solid foundation of trust. In Trusted Computing Platforms, leaders of the TCPA initiative place it in context, offering essential guidance for every systems developer and decision-maker. They explain what trusted computing platforms are, how they work, what applications they enable, and how TCPA can be used to protect data, software environments, and user privacy alike.
8th International Conference, ATC 2011, Banff, Canada, September 2-4, 2011, Proceedings
Author: Jose M. Alcaraz Calero
This book constitutes the refereed proceedings of the 8th International Conference on Autonomic and Trusted Computing, ATC 2011, held in Banff, Canada, September 2011. The 17 revised full papers presented together with 1 keynote speech were carefully reviewed and selected from numerous submissions. The papers address all current issues in autonomic architectures, models and systems, autonomic communications, trusted and secure computing, reliable, secure and trust applications.
First International Conference on Trusted Computing and Trust in Information Technologies, TRUST 2008 Villach, Austria, March 11-12, 2008 Proceedings
Author: Peter Lipp
Publisher: Springer Science & Business Media
This book constitutes the thoroughly refereed post-conference proceedings of the First International Conference on Trusted Computing and Trust in Information Technologies, TRUST 2008, held in Villach, Austria, in March 2008. The 13 revised full papers presented together with 1 invited lecture were carefully reviewed and selected from 43 submissions. The papers cover the core issues of trust in IT systems and present recent leading edge developments in the field of trusted infrastructure and computing to foster the international knowledge exchange necessary to catch up with the latest trends in science and technology developments.
Leverage Your Security Expertise in IBM® System z™ Mainframe Environments For over 40 years, the IBM mainframe has been the backbone of the world’s largest enterprises. If you’re coming to the IBM System z mainframe platform from UNIX ® , Linux ® , or Windows ® , you need practical guidance on leveraging its unique security capabilities. Now, IBM experts have written the first authoritative book on mainframe security specifically designed to build on your experience in other environments. Even if you’ve never logged onto a mainframe before, this book will teach you how to run today’s z/OS ® operating system command line and ISPF toolset and use them to efficiently perform every significant security administration task. Don’t have a mainframe available for practice? The book contains step-by-step videos walking you through dozens of key techniques. Simply log in and register your book at www.ibmpressbooks.com/register to gain access to these videos. The authors illuminate the mainframe’s security model and call special attention to z/OS security techniques that differ from UNIX, Linux, and Windows. They thoroughly introduce IBM’s powerful Resource Access Control Facility (RACF) security subsystem and demonstrate how mainframe security integrates into your enterprise-wide IT security infrastructure. If you’re an experienced system administrator or security professional, there’s no faster way to extend your expertise into “big iron” environments. Coverage includes Mainframe basics: logging on, allocating and editing data sets, running JCL jobs, using UNIX System Services, and accessing documentation Creating, modifying, and deleting users and groups Protecting data sets, UNIX file system files, databases, transactions, and other resources Manipulating profiles and managing permissions Configuring the mainframe to log security events, filter them appropriately, and create usable reports Using auditing tools to capture static configuration data and dynamic events, identify weaknesses, and remedy them Creating limited-authority administrators: how, when, and why
All you need to know to succeed in digital forensics: technical and investigative skills, in one book Complete, practical, and up-to-date Thoroughly covers digital forensics for Windows, Mac, mobile, hardware, and networks Addresses online and lab investigations, documentation, admissibility, and more By Dr. Darren Hayes, founder of Pace University’s Code Detectives forensics lab–one of America’s “Top 10 Computer Forensics Professors” Perfect for anyone pursuing a digital forensics career or working with examiners Criminals go where the money is. Today, trillions of dollars of assets are digital, and digital crime is growing fast. In response, demand for digital forensics experts is soaring. To succeed in this exciting field, you need strong technical and investigative skills. In this guide, one of the world’s leading computer orensics experts teaches you all the skills you’ll need. Writing for students and professionals at all levels, Dr. Darren Hayes presents complete best practices for capturing and analyzing evidence, protecting the chain of custody, documenting investigations, and scrupulously adhering to the law, so your evidence can always be used. Hayes introduces today’s latest technologies and technical challenges, offering detailed coverage of crucial topics such as mobile forensics, Mac forensics, cyberbullying, and child endangerment. This guide’s practical activities and case studies give you hands-on mastery of modern digital forensics tools and techniques. Its many realistic examples reflect the author’s extensive and pioneering work as a forensics examiner in both criminal and civil investigations. Understand what computer forensics examiners do, and the types of digital evidence they work with Explore Windows and Mac computers, understand how their features affect evidence gathering, and use free tools to investigate their contents Extract data from diverse storage devices Establish a certified forensics lab and implement good practices for managing and processing evidence Gather data and perform investigations online Capture Internet communications, video, images, and other content Write comprehensive reports that withstand defense objections and enable successful prosecution Follow strict search and surveillance rules to make your evidence admissible Investigate network breaches, including dangerous Advanced Persistent Threats (APTs) Retrieve immense amounts of evidence from smartphones, even without seizing them Successfully investigate financial fraud performed with digital devices Use digital photographic evidence, including metadata and social media images
Your Unauthorized Guide to Relational Database Security
Author: Josh Shaul
This is the only practical, hands-on guide available to database administrators to secure their Oracle databases. This book will help the DBA to assess their current level of risk as well as their existing security posture. It will then provide practical, applicable knowledge to appropriately secure the Oracle database. The only practical, hands-on guide for securing your Oracle database published by independent experts. Your Oracle database does not exist in a vacuum, so this book shows you how to securely integrate your database into your enterprise.