[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us ]
[ :: forum :: sponsors :: past conferences :: conference kit (PDF) ]

Ian Hellen (Security Program Manager, Windows Security Engineering Team, Microsoft Corporation)

Filed under: Main Page — Administrator @ 11:27 am

June 11, 2006

Presentation Title: Security Engineering in Windows Vista
Presentation Details:

This paper will present a technical overview of the security engineering process behind Windows Vista. Windows Vista is the first end-to-end major OS release in the Trustworthy Computing era from Microsoft. Come see how we’ve listened to feedback from the security community and how we’ve changed how we engineer our products as a result. The talk covers how the Vista engineering process is different from Windows XP, details from the largest commercial pentest in the world, and a sneak peek at some of the new mitigations in Vista that combat memory overwrite vulnerabilities. It includes behind the scenes details you will only hear from Microsoft!

Why this talk rocks:

Reason 1: Microsoft has benefited immensely over the years from the feedback from the security community and our customers. This presentation is an opportunity to show them how we’ve listened and tried to apply the best of what we’ve heard to Windows Vista.

Reason 2: This talk describes security improvements made in Windows Vista that raise the bar in terms of difficulty of exploitability. Hack In The Box will be the first Asian venue to learn of these changes.

Reason 3: Dave Tamasi is a key member responsible for the security engineering going into Vista. HITB attendees expect to hear authoritative information about the most important things that are going to impact their world. Windows Vista will be one of these products.

Detailed Outline:

• Intro – Who Am I?
• Agenda

• Here to explain what we’re doing in Vista
o Overview of security engineering activities in Vista
o Some detail on our major security initiatives
o Overview of our mitigations work

• Here to listen to:
o Any engineering focused feedback you have
o How you think we’re doing

• What you WON’T hear today:
o Security features
o What’s changed in Kerberos or PKI
o UAC, Low Rights IE, BitLocker, etc

• Security Deployment Lifecycle Tasks and Processes
• Windows Vista Security Approach

• Stop playing catch up - find & fix before ship
o Use root cause analysis to ensure we’re solid against previous issues
o Look forward to get ahead of new classes of issues
o Apply all the lessons from XP SP2, WS03 SP1 to a mainline release
o Automate proven techniques
o Buffer overruns and common coding defects
o RPC and File parser fuzzing
o Banned API removal

• Methodically apply security expertise on whole product
o Attack Surface Reduction, Threat Model reviews
o Feature reviews
o Penetration testing

• Defense-in-Depth Mitigations
o Firewall on by default
o Enhanced protections for stack, heap, and more

• Training
• Threat Models
• Component level code review and testing


Windows Vista Quality Gates

• Many recommended SDL tasks are required in Vista
• Banned API removal
• 120 functions banned
• No incoming code uses these APIs
• Over 250,000 removed for existing code
• Entire code base will be clean by the time we ship
• SAL for ALL headers
• No incoming code missing SAL
• ISVs will get benefit in Platform SDK
• Over 119,000 functions annotated by the time ship
• PREfix and PREfast code scanners
• Automate finding BO, I/O, and other defects
• Scales to massive code base many GB in size
• ALL new features required threat model along with design, spec, and test Plan up front
• 1,456 threat models (yes, we checked them)
• Weak Crypto Removal (MD4, MD5, etc)
• Central Privacy team and Privacy Quality Gate
• A Brief Introduction to the Standard Annotation Language (SAL)
• Tools can only find “so much” without more contextual information
• Case Study: Remember this Buffer Overrun?
• PREfast & SAL in Action
• File Parsers: Under Attack
• Multi-Prong Approach on Parsers
• Automate what you can:
• Apply security expertise where you need it:
• Manual code review + detailed program analysis on “problem parsers”
• Extended SAL annotations for struct members
• Emit runtime stack protections more aggressively in “attack path”
• Parser Annotations


Feature Reviews

• Features prioritized using multiple risk factors
• Feature Reviewer analyzes threat models, design, and attack surface
• Weak areas referred to pentest for deep inspection
• Internal reviews augmented with security consultants
• Affinitize reviewer to area of expertise where possible
• Each reviewer has a MS “driver” to assist with process, pushback
• Overall Feature Review Process
• Penetration Testing
• Sampling of Findings



• /GS improved in MSVC 8.0 (Visual C++ 2005 aka Whidbey)
• Hardened Heap: Many Defense in Depth changes:
• Function Pointer Encoding
• Data Execution Protection aka NX
• Address Space Layout Randomization (ASLR)
• Windows Error Reporting
• Comprehensive suite of mitigations serve two purposes:
• Decrease reliability of exploitation
• Trigger feedback mechanisms
• How we use these to find security defects
• Service Hardening
• Questions?

About Ian

Ian is a Security Program Manager in the Windows security engineering team working on the security reviews of Windows Vista and Windows Server. Joining Microsoft UK as a consultant eight years ago, he has spent most of this time working in the security field from Windows NT 4.0 onwards. He has been in the IT industry for 14 years, previously working for AT&T/NCR and UK Local Government as (at various times) a developer, a systems admin and an infrastructure and network consultant. Ian has spoken at a number of conferences, has written two books on Wireless LAN security and has had several papers on varying security topics published on Microsoft.com.

** Presenting with Vishal Kumar (Security Program Manager, Secure Windows Initiative Team, Microsoft Corporation)

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Foundstone - A division of McAfee Inc.

Microsoft Corporation

Main Sponsors

Cisco Systems

Lucent Technologies - Bell Labs Innovations

Official Airline Partner

Internet Bandwidth Sponsor

AIMS - Malaysia's Telecommunications Hub

Official Hotel

Westin Kuala Lumpur

CTF Sponsor


CTF Prize Sponsor

Scan Associates Berhad.

Our Speakers Are Supported By:

Bellua Asia Pacific

Core Security Technologies

Media Partners:

InfoSec News

(ISN) InfoSec News

Virus Bulletin online magazine is dedicated exclusively to reporting and analysing malicious computer programs and spam. The annual Virus Bulletin conference is cited by many in the industry as the anti-malware event of the year.

Insecure Magazine

Phrack Magazine

Hakin9 Magazine

Supporting Organizations


ISECOM - Insititue for Security and Open Methodologies

IT Underground

Chaos Computer Club (Germany)

X-Focus China

Zone-H Defacement Mirror

Xatrix Security


Special Interest Group in Security & Information InteGrity Singapore