The accredited security level of this system is: TOP SECRET//HCS/SI-GAMMA/TALENT KEYHOLE//NOFORN/ORCON/PROPIN * TOP SECRET//NOFORN (U) TCB Jamboree/TCB Jamboree 2011 TOP SECRET//NOFORN From WikiInfo-NF < TCB Jamboree Jump to: navigation, search (S//NF) The Information Operations Center’s Engineering Development Group (EDG) held its sixth annual Trusted Computing Base (TCB) Jamboree on March 15 – 16, 2011. Visit the TCB Program WIKI.CIA page at: https:/ Contents [hide] 1 (U) Invitation 2 (U) Registration 2.1 (U) Clearance Passing 3 (U//FOUO) 2011 TCB Jamboree Agenda 4 Presentation Abstracts – Tuesday, 15 March 4.3 (S//NF) Driver Signing Footprint 5 Presentation Abstracts – Wednesday, 16 March [edit] (U) Invitation (S//NF) The Infonnation Operations Center 's Enginee1ing Deve lopment Group (EDG) would like to announce the sixth Trusted Computing Jamboree. The Jamboree is organized and sponsored by the Secmity Portfolio of EDG 's Emerging Technologies Branch (ETB) . As in past years, the Jamboree will be an informal and interactive conference with an emphasis on presentations that provide imp01tant inf01mation to developers trying to circumvent or exploit new secmity capabilities. (U) The Jamboree will be held on Tuesday and Wednesday, March IS-16th, 2011 at the Lockheed Martin (S//NF) The TCB Program continues to explore architectures that will have a significant impact on future Inf01mation Operations. Technologies such as the Trusted Platform Module (TPM) pose both threats and opportunities for the Intelligence Community. (S//NF) The main pmpose of the Jamboree will be to discuss how the results of the Security Portfolio research can be applied today. Rather than an overview of all the activities within the Program, we will present notable results that will provide developers insight into how to meet the threats of the TCG architectmes and embedded architectmes and how they can exploit new avenues of attack. [edit] (U) Registration (U) Pre-registration for this event is required; registration closes on March 11, 20 11. (C) Please send an email (CWE Note or ICEmail) to that includes your full name, SSN and contact number. [edit ] (U) Clearance Passing and - (U) [edit ] (U//FOUO) 2011 TCB Jamboree Agenda Schedule (U) Each day will rnn from 9am to 5pm. In order to facilita te planning, the topics presen ted on each day are highlighted below. The abstracts for each topic are on the following pages. Tuesday Ma rch 15th , 2011 Pr esent ers (Sandia National Laborat01y) (Sandia Nationa l Labora t01y) (Xetron) Talk Title (S//NF) Differentia l Power Analysis on the Apple A4 Processor (S//NF) Secure key extraction by physica l deprocessing of Apple's A4 processor (S//NF) Driver Signing Footprin t [edit ] Presentation Abstracts -Tuesday, 15 March [edit ] (S//N F) Differential Power Anal ysis on the Apple A4 Proce ssor (U) Presen ters (U) The Apple A4 processor contains an onboard, AES c1yptographic key called the Global ID (GID) that is believed to be shared across all cunent ''iDevices". This GID key is used to un-wrap the keys that decryp t the conesponding boot finnware code stored in system non-volatile memory. Cunently, the only way to examine unencrypted boot code is to gain execution through an exploitab le software security flaw. However, Apple is quick to address these flaws with [edit ] (S//NF) Driver Signing Footprint (U) Presenter : (S//NF) Driver signing requirements on the 64bit versions of Windows 7 and Vista are a challenge when tiyin g to load kernel level drivers and implants . The aim of this study is to under stand the observability and traceabilit y of signature credentials used to sign kernel-level drivers. The eventual goal of the research is to: 1. Render improbable the detection of the signature credentials used to sign a kerne l-chiver 2. Where not impo ssible to remove credential aitifacts, quantify the remnants and associated risk (U) Thi s talk will discuss : (S//NF) The forensic data quantifying the residual footprint of the signature auth01ity for chivers that have been installed and remo ved from 64-bit versions of Window s 7 and Vista. (S//NF) The analysis of the forensic results, providing insights as to the operational 1i sk to Sponsor activities if this technique is used . [edit ] [edit ] (S//NF)