Hallum explains how this new strategy came about from the fact that building a system’s security from software, particularly from the operating system, allows an attacker or malware that gained enough privilege to infiltrate the system by getting in between the operating system and the hardware.
It is also possible for them to “tamper with the device’s firmware components, [or] find ways to hide from the platform and the rest of [the] security related defenses.”
To address this issue, Hallum writes that Microsoft needs “device and platform trust to be rooted in immutable hardware rather than just software, which can be tampered with.”
By building security into the hardware, Microsoft “can establish a secure and verifiable chain of trust that starts immediately from the point of power-on and continues on to the point where Windows has successfully booted and all of [the] security defenses are operational.”
This strategy enables Microsoft to take advantage of the “hardware based root of trust with Universal Extensible Firmware Interface (UEFI) Secure Boot” that comes with Windows 8 certified devices.
According to Hallum Windows takes this now to the next level as there the chain of trust can also be verified with the “combination of hardware base security components, such as the Trusted Platform Module (TPM), and cloud based services (Device Health Attestation (DHA)) that can be used to vet and remotely attest to the device’s true integrity.” This in turn ensures the integrity of Windows devices.
He says that by establishing this new level of trust and higher level of security by which Microsoft can maintain, verify, and report on the integrity of Windows devices, the company is now able to start investing in the development of “big architectural changes that can deliver real step changes in terms of security, a goal which simply couldn’t be prioritized if [Microsoft] had to worry about the integrity of the device being undermined in an undetectable way.”
Hallum also writes that to achieve this initiative, Microsoft has made important changes in the OEM ecosystem to enable a more secure capable device that is aligned with the company’s investments in the SystemContainer and in virtualization based security (VBS). This “includes regular firmware updates for UEFI, locking down UEFI configs, enabling UEFI memory protection (NX), running key vulnerability mitigation tools (e.g.: ChipSec), and hardening the platform OS and SystemContainer kernels (e.g.: WSMT) from potential SMM related exploits.” Although this does not guarantee the complete security of a device, it can help mitigate the major risks and vulnerabilities.
“While no security solution is perfect, the SystemContainer represents one of the most impactful architectural changes that we’ve made for Windows security. Services and data within the SystemContainer are dramatically less likely to be compromised, as the attack surface for these components has been significantly reduced.”
Hallum also maintains that Microsoft needs to work with industry partners such as Intel and OEMs for the development of devices that are more secure at the hardware level.
He also states that attackers would find it exponentially more difficult to infiltrate the system, in turn allowing Windows 10 users to have a safer computing environment.