About IA at NSA Partners Rowlett Awards Award Recipients Background Nomination Procedures Links IA Client and Partner Support IA News IA Events IA Mitigation Guidance Media Destruction Guidance Security Configuration Guides Applications Archived Guides Fact Sheets Industrial Control Systems (ICS) Operating Systems Vulnerability Technical Reports Wireless TEMPEST Overview TEMPEST Products: Level I Certified Confirmed Deficiencies Suspended Terminated No Longer Produced TEMPEST Products: Level II Certified Confirmed Deficiencies Suspended Terminated No Longer Produced TEMPEST Company POCs Certified Suspended Terminated IA Academic Outreach National Centers of Academic Excellence in IA Education Colloquium Institutions SEAL Program IA Courseware Evaluation Program Institutions Student Opportunities IA Business and Research IA Business Affairs Office Certified Product Sales and Support Commercial COMSEC Evaluation Program Commercial Satellite Protection Program Independent Research and Development Program User Partnership Program Partnerships with Industry NIAP and COTS Product Evaluations IA Programs Commercial Solutions for Classified Program Global Information Grid High Assurance Platform HAP Technology Overview HAP Technology Partner Program HAP Resource Library Inline Media Encryptor Suite B Cryptography NSA Mobility Program IA Careers Contact Information
HAP Technology Overview:
Trusted Computing Technologies Used in the High Assurance Platform
Today, a variety of commercial products make limited use of Trusted Computing technologies, but few secure, integrated platforms exist. The HAP Program combined a comprehensive set of Trusted Computing technologies to create secure HAP workstations and networked enterprise environments. These reference implementations use hardware and software technologies to dramatically improve workstation and network security. Some of the Trusted Computing technologies and techniques that were included in the HAP framework are outlined below:
1) Hardware-based Root of Trust: HAP relies on the Trusted Platform Module (TPM), an implicitly trusted hardware component, to store encryption keys and system measurements and protect against software-based attacks.
2) Device Measurement: The identity and integrity of each hardware and software system component are measured and verified before passing control.
3) Measurement Monitoring: Verifiable reports of a device's identity and current configuration are transmitted to the network, where decisions are made governing network access and device disposition. No unknown or noncompliant devices are allowed on the network.
4) Long Term Protected Storage: Hardware-based full disk encryption ensures that data is secure, even if drives are removed from workstations.
5) Process Separation: HAP uses hardware- and software-secured virtualization to separate user processes from supervisor processes. Secure domain separation enables multiple security domains to be hosted on a common computing platform base with no unintended interaction.
6) Program Isolation: HAP uses guest partitions like virtualization or separation kernels to separate applications from one another. Code, Data and Resources associated with Process A are unavailable to Process B.
Date Posted: Jan 3, 2011 | Last Modified: Jun 8, 2012 | Last Reviewed: Jun 8, 2012