Next-Generation Secure Computing Base

Abstract: The Trusted Computing Platform Architecture (TCPA) and the Microsoft's Palladium have similar (though not identical) architectures and similar goals. Both systems are part of a more general approach called trusted computing (TC). In this article the author introduces TC's basic concepts and discusses their implications. However, the individual proposals are still in flux and some kind of convergence between them seems likely, so he only discusses the general features of TC.

Abstract: Inadvertent data disclosure by insiders is considered as one of the biggest threats for corporate information security. Data loss prevention systems typically try to cope with this problem by monitoring access to confidential data and preventing their leakage or improper handling. Current solutions in this area, however, often provide limited means to enforce more complex security policies that for instance specify temporal or cardinal constraints on the execution of events. This paper presents UC4Win, a data loss prevention solution for Microsoft Windows operating systems that is based on the concept of data-driven usage control to allow such a fine-grained policy-based protection. UC4Win is capable of detecting and controlling data-loss related events at the level of individual function calls. This is done with function call interposition techniques to intercept application calls to the Windows API in combination with methods to track the flows of confidential data through the system.

Abstract: Publisher Summary This chapter provides technical methods and techniques to help practitioners extract and interpret data of investigative value from computers running Windows operating systems. An important aspect of conducting advanced forensic analysis is understanding the mechanisms underlying fundamental operations on Windows systems such as the boot process, file creation and deletion, and use of removable storage media. By understanding how to aggregate and correlate data on Windows systems, digital investigators are better able to get the “big picture” (such as an overall theory of user action and a timeline), as well as overcoming specific technical obstacles. It is not surprising that the majority of systems that digital investigators are called upon to examine run a Windows operating system. Whether investigating child pornography, intellectual property theft, or Internet Relay Chat (IRC) bot infection, it is a safe bet that knowledge of Windows operating systems, and its associated artifacts, will aid investigators in their task. It is important for forensic examiners to understand the Windows startup process for a number of reasons beyond simply interrupting the boot process to view and document the CMOS configuration. Ever since examiners figured out that there might be more to a file than meets the eye, they have been interested in Metadata, the information that describes or places data in context, without being part of the data that is the primary focus of the user. There are two types of metadata: file system metadata and application (or file) metadata.