Website under construction



Download 13,37 Mb.
Pdf ko'rish
bet94/131
Sana27.03.2022
Hajmi13,37 Mb.
#512480
1   ...   90   91   92   93   94   95   96   97   ...   131
Bog'liq
9780735697744 Introducing Windows Server 2016 pdf

Trustlets (small trusted processes) in a secure virtualized partition. 
This is not a Hyper-V VM; rather, think of it like a small virtual safe that is protected by virtualization 
based on technologies such as Second Level Address Translation (SLAT) to prevent people from trying 
to directly access memory, I/O Memory Management Unit (IOMMU) to protect against Direct Memory 
Access (DMA) attacks, and so on. The Windows operating system, even the kernel, has no access to 
VSM. Only safe processes (Trustlets) that are Microsoft signed are allowed to cross the “bridge” to 
access VSM. A vTPM Trustlet is used for the vTPM of each VM, separate from the rest of the VM 
process, which runs in a new type of protected VM worker process. This means that there is no way to 
access the memory used to store these keys, even with complete kernel access. If I'm running with a 
debugger attached, for example, that would be flagged as part of the attestation process, the health 
check would fail, and the keys would not be released to the host. Remember I mentioned the keys 
from the key protection service are sent encrypted? It's the VSM that decrypts them, always keeping 
the decrypted key protected from the host OS. 
When you put all of this together, you have the ability to create a secure VM environment that is 
protected from any level of administrator (when using TPM 2.0 in the host) and will close a security 
hole many environments cannot close today. 
More info To read detailed guides that Microsoft has provided to implement this scenario in 
your environment, go to 
https://gallery.technet.microsoft.com/Shielded-VMs-and-Guarded-
44176db3/view/Discussions

Threat-resistant technologies 
Windows Server 2016 includes integrated threat-resistance technologies that make it an active 
component in your overall security story. These technologies range from blocking external attackers 
trying to exploit vulnerabilities (Control Flow Guard) to resistance to attacks by malicious users and 
software that gained administrator access to the server (Credential Guard and Device Guard). In this 
section, we explore some of these new features. 

Download 13,37 Mb.

Do'stlaringiz bilan baham:
1   ...   90   91   92   93   94   95   96   97   ...   131




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish