iTechNote

Ian Hellen and Vishal Kumar, both security PM at Secure Windows Initiative (SWI) have put up some presentation slides for the recent Hack In the Box Security Conference in KL, Malaysia. The slides give an overview of the major security initiatives that fundamentally change the engineering process of Windows Vista compared to Windows XP.

“Stop playing catch up! - Find & fix before ship!” is the guideline for the initiatives. Windows Vista security approach starts with the engineering process. There are 4 key areas Microsoft has identified to address in Windows Vista.

1. Apply least privilege throughout the architecture: Harden services, applications, browser
2. Automate proven techniques: Buffer overruns and common coding mistakes, RPC and file parser fuzzing, banned API removal
3. Methodically apply security expertise on whole product: Attack surface reduction, threat model reviews, design reviews, penetration testing
4. Defense-in-Depth mitigations: Firewall on by default, enhanced protection for stack, heap and others

The presentation illustrates an interesting comparison between how much harder a written code in Windows Vista can be accepted into “Winmain” source tree than Windows XP. In Windows XP, after a piece of code gets out of the component team, it only goes through a “Buddy Code Review” process before reaching the “Winmain” source tree. The process has only two quality gates i.e. Security Bug Tracking and PREfix, Default Permissions. In comparison, a critical component with high risk in Windows Vista needs to get through 14 quality gates before reaching the “Winmain” source tree. For all other components, 8 quality gates are needed.

You can download the presentation here, a 46 pages pdf. You can also enjoy the rest of the presentations delivered in HITBSecConf 2006 Malaysia here.