Trusted Network Communications Architecture 2.0 Overview 20 July - - PowerPoint PPT Presentation

trusted network
SMART_READER_LITE
LIVE PREVIEW

Trusted Network Communications Architecture 2.0 Overview 20 July - - PowerPoint PPT Presentation

Nov 13, 2022 304 likes •403 views

Trusted Network Communications Architecture 2.0 Overview 20 July 2017 1 Why are we talking about this? The TCGs Trusted Network Communications Workgroup is finalizing publication of the Trusted Network Communications Architecture for

slide-1
SLIDE 1

Trusted Network Communications Architecture 2.0 Overview

20 July 2017

1

slide-2
SLIDE 2

Why are we talking about this?

  • The TCG’s Trusted Network Communications Workgroup is finalizing

publication of the “Trusted Network Communications Architecture for Interoperability 2.0”

  • Should be published in a few weeks
  • IETF’s Network Endpoint Assessment (NEA) is based on and

compatible with Trusted Network Communications (TNC)

  • NEA has been suggested as a core communications protocol for

SACM, and SWIMA is an extension of NEA

  •  Good to know how this related specification is evolving

2

slide-3
SLIDE 3

Why was it revised?

  • Goal of the revision is:
  • Bring TNC Architecture (first published in 2005; revised 2012) up to speed

with current use

  • Clarify the role and utility of TNC for readers; make benefits clearer
  • Hopefully this will help increase adoption of TNC (and, by extension,

NEA)

3

slide-4
SLIDE 4

What changed?

  • Nothing normative!
  • The architecture is an informational document describing composition of the

TNC technical specifications

  • All technical specifications continue to perform their current role and are

unchanged

  • Revised architecture changes how TNC is characterized
  • Reduce emphasis on “comply-to-connect” and emphasize ongoing

measurement

  • Separate validation and enforcement roles
  • Add CMDB-related roles
  • Include more capability-based descriptions (rather than specification-based)

4

slide-5
SLIDE 5

TNC Architecture 1.0 Diagram

Policy Decision Point Policy Enforcement Point Access Requestor

Verifiers Verifiers t Collector Collector Integrity Measurement Collectors (IMC) Integrity Measurement Verifiers (IMV) IF-M IF-IMC IF-IMV Network Access Requestor Policy Enforcement Point (PEP) Network Access Authority IF-T IF-PEP TNC Server (TNCS) TNC Client (TNCC) IF-TNCCS TSS TPM Platform Trust Service (PTS) IF-PTS

Metadata Access Point Sensors and Flow Controllers

Metadata Access Point IF-MAP IF-MAP IF-MAP IF-MAP Sensor IF-MAP Flow Controller IF-MAP http://www.trustedcomputinggroup.org/developers/trusted_network_connect/specifications 5

slide-6
SLIDE 6

TNC Architecture 2.0 Diagram

http://www.trustedcomputinggroup.org/???????? 6

slide-7
SLIDE 7

TNC Architecture 2.0 Capability Diagram

7

slide-8
SLIDE 8

Conclusion

  • TNC Architecture 2.0 emphasizes the modular, composable nature of

TNC

  • This aligns with the SACM requirements of Versatility (G-004), Architectural

Flexibility (ARCH-002), and Topology Flexibility (ARCH-004)

  • These are qualities TNC has always had (in addition to fulfillment of other

requirements), but now these qualities are explicitly identified

  • In summary, there are no normative changes to TNC (and no

interoperability impact to NEA), but hopefully the broad utility of TNC (and NEA) is better characterized in the new architecture specification

8