1 ModernBiz 12/3/ :09 PM Availability, Confidentiality and Integrity for Blockchain Applications in the Cloud Michael A. Glaros Senior Program Manager Azure Blockchain-as-a-Service © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Introduction Tried and true risk assessment techniques work for blockchain networks and applications Standard compliance rules should suffice with some slight adjustments Data Privacy enhancements (cryptographic signatures) and reductions (transaction visibility) Host security for blockchain nodes is vital Identity management controls need to unify key management and traditional access management Cloud hosting providers can help address physical security and business continuity management if they honor their outsourcing obligations There is an opportunity for ISSAN and the CBN to collaborate on guideline development and hosting sandboxes to risk assess EFT and switch applications based on blockchain-as-a-service.

3 Elements of a Blockchain SystemPeer-to-peer network Consensus algorithm (proof-of-work, Byzantine Fault, voting, proof-of-stake) keeps peers in synch Distributed, replicated, immutable data storage in the form of a ledger Transaction compute: two primary flavors Unspent Transaction Output (Bitcoin) Virtual Machine to compile and execute smart contracts for data definition and business logic (Ethereum and Hyperledger) Elliptic Curve Public Key Cryptography All participants must have public/private key pairs in order to post transactions Smart contracts must have public/private key pairs Transactions are hashed using hash signatures derived from previous transactions

4 Blockchain data is stored in a secure, shared, decentralized ledgerBlockchain value is directly linked to the number of organizations or companies that participate in them. There is huge value to even the fiercest of competitors to participate with each other in these shared database implementations. Secure Uses cryptography to create transactions that fraud-resistant and to establish shared truth. Ledger The database is “write once” so it is an immutable record of every transaction that occurs. Decentralized There are many replicas of the blockchain database under separate administrative control. In fact, the more replicas there are the more authentic it becomes.

5 Proof-of-Work Blockchain in ActionBlockchain Network Node A Block 5 Block 6 √ Previous Block Hash Nonce Current Block Hash Consensus rules: Reject invalid blocks Require proof of work (hash < target) Longest chain wins Transaction 1 Transaction 2 Transaction 3 … Next Block Under Construction Block Completed! Fork! Blockchain Network Node B Blockchain Network Node C Block 5 Block 6 Block 7 Block 6 Block 7 Block 5 Block 6

6 ModernBiz 12/3/ :09 PM STRIDE: Adapting Microsoft’s Risk Management Framework to Blockchain Applications © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Blockchain Hack = Website HackModernBiz 12/3/ :09 PM Blockchain Hack = Website Hack These got hacked The Ethereum Public Network The Internet Ethereum HTTP + DNS © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Identifying Blockchain Threats The STRIDE ModelModernBiz 12/3/ :09 PM Identifying Blockchain Threats The STRIDE Model S poofing Identity A person or device using another person’s or device’s credentials Bad Actors or Sybil Attack (51% Attack) Bad Consortium Members (Miners), Bad Oracles and Bad Clients Mitigation Key Management Strong consensus mechanism (51%, 67%, etc.) Strong member registration mechanism, operating model and legal agreements Using Cryptlets instead of Oracles Multisig contract design Applies mainly to public networks. But could easily apply to Consortia depending on how new members are initiated and validated. Mitigate with a strong consensus mechanism. If you reduce to round-robin validators, power is rotating and introduces bad miner risk. Employ multisig patterns in contracts to avoid the impact of a bad client © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Identifying Blockchain Threats The STRIDE ModelModernBiz 12/3/ :09 PM Identifying Blockchain Threats The STRIDE Model T ampering with Data Altering the data related to a device or traversing the network Middleman, Replay Attacks Hack the node Mitigation Transactions are digitally signed and encrypted Transactions are uniquely identified Chain cannot be altered (New blocks reference prior block’s hashes) Strong consensus protects the network © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Identifying Blockchain Threats The STRIDE ModelModernBiz 12/3/ :09 PM Identifying Blockchain Threats The STRIDE Model T ampering with Data (Part II) Altering the data related to a device or traversing the network Contract Vulnerabilities - TheDAO (link) Mitigation Contract coding best practice (Fail safe) Formal Verification Apply Contract Standards (E.g. ERC20) Incorporate hashes in off chain storage for data attestation Cryptlets Apply Fail Safe practices © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Identifying Blockchain Threats The STRIDE ModelModernBiz 12/3/ :09 PM Identifying Blockchain Threats The STRIDE Model R epudiation Denial that a person or device was involved in a particular transaction or event With a ledger transaction are immutable and cannot be deleted, but Forks can happen Mitigation Ensure broad consensus (51%, 67%, etc.) Consortium coordinated forks Define a Consortium operating model © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Identifying Blockchain Threats The STRIDE ModelModernBiz 12/3/ :09 PM Identifying Blockchain Threats The STRIDE Model I nformation Disclosure Exposure of information to individuals who are not supposed to have access to it Chain is distributed between Members, Full Clients and Oracles Mitigation Separate miners and transactors Consortium member and oracle audits and validation Reduce or remove full clients Cryplets for Oracles provide communications security and computational security Explicit encryption within contracts where required © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Identifying Blockchain Threats The STRIDE ModelModernBiz 12/3/ :09 PM Identifying Blockchain Threats The STRIDE Model D enial of Service Make a particular service unavailable Overload endpoints DOS by Transaction (link) Mitigation Never expose the JSON-RPC endpoint, always Proxy Web API Management or Custom API Strong contractual arrangement between consortium members © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Identifying Blockchain Threats The STRIDE ModelModernBiz 12/3/ :09 PM Identifying Blockchain Threats The STRIDE Model E levation of Privilege An unprivileged user gains privileged access and thereby has sufficient access to compromise or destroy the entire system Infrastructure concern Getting to a privileged shell on box Elevation of role in Azure AD Mitigation Use Key Vault for administration keys Rotate admin keys Apply principle of least privilege Containerize and Harden Hosts (E.g. AppArmor) © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Azure Blockchain-as-a-Service Topology

16 Ethereum Threat Model (Protecting JSON-RPC With API Management)ModernBiz 12/3/ :09 PM Ethereum Threat Model (Protecting JSON-RPC With API Management) © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 ModernBiz 12/3/ :09 PM Outsourcing – Inside Microsoft Azure’s Approach to Privacy and Security © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 12/3/2017 Microsoft Addresses Outsourcing Requirements through Trusted Cloud Principles Security Privacy Compliance Transparency Service Provider Reputation and Competence Limits on Data Use Confidentiality and Certified Security Standards Audit & Inspection Resilience and Business Continuity Conditions on Subcontracting Review, Monitoring & Control Data Location & Transparency Introduce them by talking about the steps we took to curate the Safe Cloud Principles: Regulators – MAS, Central Bank of Vietnam, Bank Negara, Bank of Thailand, HKMA Customers – Banks, Insurance Companies, Mining corporations, start-ups and ICT providers Industry Associations – Asia Cloud Computing Association, Bankers Assocations Trade bodies – across ASEAN and APAC region. Different verticals: financial, health, education, public sector Data Segregation/Isolation Conditions on Termination © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Microsoft Azure’s Programmatic, Hyper-Scale Approach to Privacy and Security Business Objectives Industry Standards & Regulations Security goals set in context of business and industry requirements Security analytics & best practices deployed to detect and respond to threats Benchmarked to a high bar of certifications and accreditations to ensure compliance Continual monitoring, test and audit Ongoing update of certifications for new services Test and audit Security analytics Security Compliance Framework Security benchmark analysis Risk management best practices Slide title: Security compliance strategy Slide objective: Explain how Azure is designed with a compliance strategy that helps customers address business objectives and industry standards & regulations. Slide script: Azure is designed with a compliance strategy that helps customers address business objectives and industry standards & regulations. Our security compliance framework includes test and audit phases, security analytics, risk management best practices, and security benchmark analysis to achieve certificates and attestations: Security goals are set in context of business and industry requirements Security analytics & best practices are deployed to detect and respond to threats Benchmarked to a high bar of certifications and accreditations to ensure compliance Continual monitoring, test and audit Ongoing updates of certifications & attestations Certificates and Attestations

20 Microsoft Azure maintains 53 Security and Privacy CertificationsAzure has the deepest and most comprehensive compliance coverage in the industry Global ISO 27001 ISO 27018 ISO 27017 ISO 22301 SOC 1 Type 2 SOC 2 Type 2 SOC 3 CSA STAR Self-Assessment CSA STAR Certification CSA STAR Attestation US Gov Moderate JAB P-ATO High JAB P-ATO DoD DISA SRG Level 2 DoD DISA SRG Level 4 DoD DISA SRG Level 5 SP Section 508 VPAT ITAR CJIS IRS 1075 FIPS 140-2 Industry CDSA FACT UK Shared Assessments FISC Japan HIPAA / HITECH Act GxP 21 CFR Part 11 PCI DSS Level 1 IG Toolkit UK MPAA HITRUST MARS-E FERPA GLBA FFIEC Regional China GB 18030 New Zealand GCIO Japan My Number Act EU Model Clauses ENISA IAF Japan CS Mark Gold Argentina PDPA UK G-Cloud Australia IRAP/CCSL Singapore MTCS Canada Privacy Laws Germany IT Grundschutz workbook China DJCP China TRUCS Spain ENS Spain DPA India MeitY Privacy Shield

21 Data Privacy and BlockchainModernBiz 12/3/ :09 PM Data Privacy and Blockchain Where strict data privacy requirements are present, consider the use of Quorum1 Quorum is an Ethereum-based distributed ledger protocol that has been developed by JPMorganChase and submitted to the Enterprise Ethereum Alliance to provide the Financial Services Industry with a permissioned implementation of Ethereum that supports transaction and contract privacy. The primary features of Quorum, and therefore extensions over public Ethereum, are: Transaction and contract privacy Multiple voting-based consensus mechanisms Network/Peer permissions management Higher performance Quorum currently includes the following components: Quorum Node (modified Geth Client) Constellation - Transaction Manager Constellation - Enclave 1 https://github.com/jpmorganchase/quorum/wiki/Quorum-Overview © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Physical Security, High Availability and Business ContinuityModernBiz 12/3/ :09 PM Physical Security, High Availability and Business Continuity © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Physical Security Standards for Azure Datacenters12/3/ :09 PM Physical Security Standards for Azure Datacenters Perimeter Computer room Building Seismic bracing Security operations center 24X7 security staff Days of backup power Cameras Alarms Two-factor access control: Biometric readers & card readers Barriers Fencing Slide script: Microsoft datacenters employ controls at the perimeter, building, and computer room with increasing security at each level, utilizing a combination of technology and traditional physical measures. Security starts at the perimeter with camera monitoring, security officers, physical barriers and fencing. At the building, seismic bracing and extensive environmental protections protect the physical structure and integrated alarms, cameras, and access controls (including two-factor authentication via biometrics and smart cards) govern access. The systems are monitored 24x7 from the operations center. Similar access controls are used at the computer room, which also has redundant power. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24

25 Data Recovery Solutions – Azure BackupModernBiz 12/3/ :09 PM Data Recovery Solutions – Azure Backup Azure Backup is a cloud-based recovery vault that can accept backup jobs from either Azure VMs or on-premises servers Features include: Optional geo-redundancy Automatic storage management and scaling Customer-managed data encryption for at-rest and in-transit protection © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Resiliency for BlockchainsModernBiz 12/3/ :09 PM Resiliency for Blockchains Resiliency by default (peer-to-peer network) Establish thresholds for transaction clearing times for rejoining nodes following network failure Generally speaking all nodes are created equal Exceptions: mining nodes and Quorum block maker nodes © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Scaling Considerations for BlockchainsModernBiz 12/3/ :09 PM Scaling Considerations for Blockchains More nodes does not equal more speed Consensus algorithm choices should account for node numbers at scale Transactions don’t clear instantly in most cases Geo dispersal of nodes requires some thought Peer-to-Peer discovery algorithms can be a challenge © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 ModernBiz 12/3/ :09 PM Setting up Azure Blockchain-as-a-Service to meet the Standards for Computer Networks and Internet © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Protection for Blockchain NetworksModernBiz 12/3/ :09 PM Protection for Blockchain Networks INTERNET Provides logical isolation while enabling customer control Restricts access from the Internet, permits traffic only to endpoints, and provides load balancing and NAT at the Cloud Access Layer Private IP addresses are isolated from other customers Cloud Access Layer RDP Endpoint (password access) Client Microsoft Azure Customer 1 Customer 2 Subnet 1 Subnet 2 Subnet 3 Deployment X Deployment Y Corp 1 VPN VLAN-to-VLAN DNS Server Isolated Virtual Networks © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Azure Virtual NetworkingModernBiz 12/3/ :09 PM Azure Virtual Networking On Premises 10.0/16 Logical isolation with control over network Create subnets with your private or public* IP address spaces Stable and persistent private IP addresses Bring your own DNS or use Azure-provided DNS Secure VMs with Network Security Groups Internet Direct Internet Connectivity S2S VPNs & ExpressRoute Azure VPN GW Backend 10.3/16 Mid-tier 10.2/16 Frontend 10.1/16 AD / DNS Virtual Network © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 Network Security GroupsModernBiz 12/3/ :09 PM Network Security Groups On Premises 10.0/16 Enables network segmentation & DMZ scenarios Access Control List Filter conditions with allow/deny Individual addresses, address prefixes, wildcards Associate with VMs or subnets ACLs can be updated independent of VMs Internet Internet S2S VPNs √ √ √ √ VPN GW Virtual Network Backend 10.3/16 Mid-tier 10.2/16 Frontend 10.1/16 © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 ExpressRoute Predictable performance Security High throughputModernBiz 12/3/ :09 PM ExpressRoute Branch office 2 Microsoft Predictable performance WAN Branch office 1 Security Public internet High throughput Corp HQ Lower cost ExpressRoute provides a private, dedicated, high-throughput network connection to Microsoft © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 Scenario 1 – Connect Nodes Across CloudsModernBiz Scenario 1 – Connect Nodes Across Clouds 12/3/ :09 PM Bank 1 Open Internet Bank 2 VNET:BlockchainNetW VNET/VPC:BlockchainNetC , , … OR Bank 1 Bank 2 VPN Gateway VNET/VPC:BlockchainNetC VNET:BlockchainNetW , , … © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 Scenario 2 – Connect Nodes Across AzureModernBiz 12/3/ :09 PM Bank 1 Country 1 Bank 1 Country 2 VNET Peering VNET:BlockchainNetW VNET:BlockchainNetWW © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 Scenario 3 – Connect Nodes Via On PremModernBiz 12/3/ :09 PM Bank 1 Bank 2 VNET:BlockchainNetW VNET:BlockchainNetC ExpressRoute ExpressRoute © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 Scenario 4 – Connect Nodes via On Prem and Across CloudsModernBiz 12/3/ :09 PM Bank 1 Bank 2 VNET:BlockchainNetW VPC:BlockchainNetC Direct Connect ExpressRoute © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 Access Control ModernBiz 12/3/2017 10:09 PM© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38 Identity and Access Management Overview12/3/ :09 PM Identity and Access Management Overview Microsoft Employee Access Access monitoring and logging Just-in-time and role-based access; grants least privilege required for task; monitors and logs access requests. Security reports monitor access patterns that help identify potential threats. Enterprise Cloud Azure AD: Single Sign-on Multi-Factor Authentication Azure Active Directory (AAD) offers enterprise identity and access management in the cloud. Developers can integrate their app with Azure AD for single sign-on functionality Strong authentication adds an extra layer of security for user logins. Slide script: Azure enables customers to control access to their environments, data and applications. Microsoft offers comprehensive and federated identity and access management solutions for customers to use across Azure and other services such as Office 365, helping them simplify the management of multiple environments and control user access across applications. © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

39 Access Logging and MonitoringSecurity reporting that tracks inconsistent access patterns, analytics and alerts. Discover, restrict and monitor privileged identities and their access to resources Enforce on-demand, just in time administrative access when needed Reporting API lets you export data to other systems Note to Ryan – need talk track for this slide

40 Identity and Access Management: Azure Active DirectoryEnd Users Active Directory Azure Cloud Apps Centrally manage users and access to Azure, O365, and hundreds of pre- integrated cloud applications Build Azure AD into your web and mobile applications Can extend on-premises directories to Azure AD through synchronization Slide script: Azure Active Directory is a comprehensive identity and access management solution for the cloud that provides a robust set of capabilities to manage users and groups and help secure access to applications including Microsoft online services like Office 365 and a world of non-Microsoft SaaS applications. It combines core directory services, advanced identity governance and application access management. Azure Active Directory also offers a rich standards-based platform that enables developers to deliver access control to their applications, based on centralized policy and rules. AZURE: Uses Azure AD to govern access to the management portal with granular access controls for users and groups on subscription or resource groups Provides enterprise cloud identity and access management Enables single sign-on across cloud applications Offers Multi-Factor Authentication for enhanced security CUSTOMER: Centrally manages users and access to Azure, O365, and hundreds of pre-integrated cloud applications Builds Azure AD into their web and mobile applications Can extend on-premises directories to Azure AD through synchronization

41 Identity and Access Management Single Sign-OnWindows Server Management Marketing 12/3/2017 Identity and Access Management Single Sign-On Active Directory Review reports and mitigate potential threats Can enable Multi-Factor Authentication Active Directory Microsoft apps Non-MS cloud-based apps Custom LOB apps ISV/CSV apps Other Directories Slide Script: Organizations need a hub that can sync their on-premises Active Directory (and other non-MS directories), seamlessly connect with many cloud applications, can integrate with various protocols and can scale around the globe to authenticate users everywhere from any device in a way that integrates simply with their existing identities. With more than 95% of fortune 1000 organizations using Windows Server Active Directory on premise, they would prefer not to reinvent the wheel or recreate all of their identities. The good news is that they don’t have to. That’s exactly what Microsoft Azure Active Directory provides. And it does that in a secure and comprehensive manner. AZURE: Uses encrypted password hashes for synchronization, which means that we do not store user passwords for synchronized scenarios. Offers security reporting that tracks inconsistent traffic patterns, including: Sign ins from unknown sources Multiple failed sign ins Sign ins from multiple geographies in short timeframes Sign ins from suspicious IP addresses and suspicious devices CUSTOMER: Reviews reports and mitigates potential threats Can enable Multi-Factor Authentication PCs and devices © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

42 Identity and Access Management MFAProtect sensitive data and applications both on-premises and in the cloud with Multi Factor Authentication Can use Active Directory (on-premises) with Azure Active Directory (in cloud) to enable single sign-on, a single directory, and centralized identity management Multi Factor Authentication can be implemented with Phone Factor or with AD on-premises Active Directory Microsoft Azure Slide script: Azure Active Directory (Azure AD) provides an easy way for your business to manage identity and access, both in the cloud and on-premises. Your users can use one work or school account for single sign-on to any cloud and on-premises web application, using their favorite device, including iOS, Mac OS X, Android, and Windows devices. Your organization can protect sensitive data and applications both on-premises and in the cloud with integrated multi-factor authentication ensuring secure local and remote access. Or extend your on-premises directories so that information workers can use a single organizational account to securely and consistently access their corporate resources. You can use Two Factor Authentication or DevOPs access to your production services. For Two Factor Authentication, you can implement it with Phone Factor or with AD on-premises.

43 Data Protection and SecurityModernBiz 12/3/ :09 PM Data Protection and Security © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

44 Data Control: OverviewSarah Fender 100-level Azure Security deck 12/3/ :09 PM Data Control: Overview When a customer deploys an application using Blockchain-as-a-Service, they own their data Control over data location Control over access to data Control over data deletion Encryption key management Customers choose data location and replication options. Strong authentication, carefully logged “just in time” support access, and regular audits (see Data Control section). When customers delete data or leave Azure, Microsoft follows procedures to render the previous customer’s data inaccessible. Customers have the flexibility to generate and manage their own encryption keys (see Encryption section). Slide script: Customers own their data. This belief is fundamental to the Microsoft approach. When a customer utilizes Azure, they retain exclusive ownership of their data. Control over data location. When customers entrust their data to Microsoft, they are not giving up control. For many customers, knowing and controlling the location of their data can be an important element of data privacy, compliance, and governance. Microsoft gives customers the freedom to choose the geographic areas where their data is stored, whether that includes in-country storage for compliance or latency considerations or out-of-country storage for security or disaster recovery purposes. Data may be replicated within a selected geographic area for redundancy, but will not be transmitted outside it. Control over access to data. Strong authentication, including the use of multi-factor authentication, helps limit access to customer data to authorized personnel only. Sample audits are performed by both Microsoft and third parties to attest that access is only for appropriate business purposes. When access is granted, it is carefully controlled and logged, and revoked as soon as it is no longer needed. Control over data destruction. When customers delete data or leave Azure, Microsoft follows procedures to render the previous customer’s data inaccessible storage resources before reuse Encryption key management. To ensure control over encrypted data, customers have the option to generate and manage their own encryption keys, and determine who is authorized to use them. They also have the option to revoke Microsoft’s copy of their encryption key, although this may limit Microsoft’s ability troubleshoot or repair problems and security threats. Detail on Data destruction: When a customer deletes a blob or table entity, we immediately delete it from our index used to locate and access the data on the primary location, and then that delete is done asynchronously at the geo-replicated copy of the data.   At the primary location a customer can immediately try to access the blob or entity and they won’t find it in their index, since we provide strong consistency for the delete. Customers can only read from disk space they have written to. If a customer leaves Azure, we preserve that data for a specified period of time, generally 90 days, before deleting the data. Microsoft uses NIST compliant disk disposal processes. For hard drives that can’t be wiped we use a destruction process that destroys it (i.e. shredding) and renders the recovery of information impossible (e.g., disintegrate, shred, pulverize, or incinerate). The appropriate means of disposal is determined by the asset type.  Records of the destruction are retained. All Microsoft Azure services utilize approved media storage and disposal management services. Paper documents are destroyed by approved means at the pre-determined end-of-life cycle.

45 Interacting with Nodes – Dataflow Diagram12/3/ :09 PM Interacting with Nodes – Dataflow Diagram © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

46 Sarah Fender 100-level Azure Security deck12/3/ :09 PM Blockchain as-a-Service Data Protection Data segregation Logical isolation segregates each customer’s data from that of others. In-transit data protection Industry-standard protocols encrypt data in transit to/from outside components, as well as data in transit internally by default. Data redundancy Customers have multiple options for replicating data, including number of copies and number and location of replication datacenters. At-rest data protection Customers can implement a range of encryption options for virtual machines and storage. Encryption Data encryption in storage or in transit can be deployed by the customer to align with best practices for ensuring confidentiality and integrity of data. Data destruction When customers delete data or leave Azure, Microsoft follows procedures to render the previous customer’s data inaccessible. Slide script: Both technological safeguards, such as encrypted communications, and operation processes help keep customer data secure. Customers have the flexibility to implement additional encryption and manage their own keys. Data isolation. Azure is a multi-tenant service, meaning that multiple customers’ deployments and virtual machines are stored on the same physical hardware. Azure uses logical isolation to segregate each customer’s data from that of others. This provides the scale and economic benefits of multitenant services while rigorously preventing customers from accessing one another’s data. Data at rest. Customers are responsible for ensuring that data stored in Azure is encrypted in accordance with their standards. Azure offers a wide range of encryption capabilities, giving customers the flexibility to choose the solution that best meets their needs. Data in transit. For data in transit, customers can enable encryption for traffic between their own VMs and end users. Azure protects data in transit to or from outside components, as well as data in transit internally, such as between two virtual networks. Azure uses industry standard transport protocols such as TLS between user devices and Microsoft datacenters, and within datacenters themselves. Encryption management. Encryption of data in storage and in transit can be used by Azure customers align with best practices for ensuring confidentiality and integrity of data. It is straightforward for customers to configure their Azure cloud services to use SSL to protect communications from the Internet and even between their Azure hosted VMs. Data redundancy. Microsoft ensures data is protected in the event of a cyberattack or physical damage to a datacenter. Customers may opt for in- country storage for compliance or latency considerations or out-of-country storage for security or disaster recovery purposes. Data may be replicated within a selected geographic area for redundancy, but will not be transmitted outside it. When you create your storage account, you must select one of the following replication options: •Locally redundant storage (LRS). Locally redundant storage maintains three copies of your data. LRS is replicated three times within a single facility in a single region. LRS protects your data from normal hardware failures, but not from the failure of a single facility. •Zone-redundant storage (ZRS). Zone-redundant storage maintains three copies of your data. ZRS is replicated three times across two to three facilities, either within a single region or across two regions, providing higher durability than LRS. ZRS ensures that your data is durable within a single region. •Geo-redundant storage (GRS). Geo-redundant storage is enabled for your storage account by default when you create it. GRS maintains six copies of your data. With GRS, your data is replicated three times within the primary region, and is also replicated three times in a secondary region hundreds of miles away from the primary region, providing the highest level of durability. In the event of a failure at the primary region, Azure Storage will failover to the secondary region. GRS ensures that your data is durable in two separate regions. Data destruction. When customers delete data or leave Azure, Microsoft follows strict standards for overwriting storage resources before reuse, as well physical destruction of decommissioned hardware. Microsoft executes a complete deletion of data on customer request and on contract termination.

47 Node Protection: Monitoring, Firewalls, AVConfigure monitoring, export events for analysis Configure Microsoft Antimalware or an AV/AM solution from a partner Apply corporate firewall using site-to- site VPN, configures endpoints Define access controls between tiers and provide additional protection via the OS firewall Monitor and respond to alerts Customer VMs Microsoft Azure ! Enable Monitoring Agent Extract event information to SIEM or other reporting system Customer Admin Portal SMAPI Events Guest VM Cloud Services HDInsight Azure storage Alerting & reporting Let’s take a moment to walk through customer options around monitoring and alerts, firewalls, and Antimalware/Antivirus. We’ll look at what Azure provides and what you manage on your side. Monitoring AZURE: Performs monitoring & alerting of security events for the platform Enables security data collection via Monitoring Agent or Windows Event Forwarding CUSTOMER: Configures monitoring Exports events to SQL Database, HDInsight or a SIEM for analysis Monitors alerts & reports Responds to incidents Firewalls:  AZURE: Restricts access from the Internet, permits traffic only to endpoints, and provides load balancing and NAT at the Cloud Access Layer Isolates traffic and provides intrusion defense through a distributed firewall Applies corporate firewall using site-to-site VPN Configures endpoints Defines access controls between tiers and provides additional protection via the OS firewall Antimalware/Antivirus Performs monitoring & alerting of security events for the platform. Azure also scans all software components (including OS) deployed to Azure for malware as part of our internal build and deployment. Enables real time protection, on-demand scanning, and monitoring via Microsoft Antimalware for Cloud Services and Virtual Machines Configures Microsoft Antimalware or an AV/AM solution from a partner Extracts events to SIEM For added assurance, VMs can be routinely reimaged to clean out intrusions that may have gone undetected.

48 Data Segregation for Blockchain Nodes on VMsAzure Storage SQL Database Fabric Controller Customer Admin Guest VM Customer 2 Customer 1 Portal Smart API End Users Access Control Host OS Hypervisor Microsoft Azure Stored data accessible only through claims-based IDM & access control with private key Storage blocks are hashed by the hypervisor to separate accounts SQL Azure isolates separate account databases VM switch at the host level blocks inter-tenant communication Slide script: Microsoft Azure uses logical isolation to segregate each customer’s data from that of others. This provides the scale and economic benefits of multitenant services while rigorously preventing customers from accessing one another’s data. Storage isolation: Data accessible only through claims-based IDM & access control with a Storage Access Key (SAK). Shared Access Signature (SAS) tokens can be generated using storage access keys to provide more granular, restricted access. Storage access keys can be reset via the Microsoft Azure Portal or SMAPI. Storage blocks are hashed by the hypervisor to separate accounts SQL isolation: SQL Azure isolates separate account databases Network isolation: VM switch at the host level blocks inter-tenant communication

49 Blockchain Key Management using Key VaultKey Vault offers an easy, cost-effective way to safeguard keys and other secrets used by cloud apps and services using HSMs. You manage your keys and secrets Applications get high performance access to your keys and secrets… on your terms Microsoft Azure IaaS PaaS SaaS Key Vault Azure Key Vault offers an easy, cost-effective way to safeguard keys and other secrets used by cloud apps and services. With Key Vault, customers can streamline key management and maintain control of keys used to access and encrypt their data. Key management lifecycle Security Operations - Supplies keys Creates a Key Vault in Azure Adds keys / secrets to the Vault Grants permission to specific application(s) to perform specific operations using keys e.g. decrypt, unwrap Enables usage logs Developer/IT Pro - Deploys application Tells application the URI of the key / secret Application programmatically uses key / secret (and may abuse) Auditor - Monitors access to keys Reviews usage logs to confirm proper key use and compliance with data security standards Import keys HSM

50 Appendix ModernBiz 12/3/2017 10:09 PM© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

51 In Summary Select an appropriate blockchain technology stackModernBiz 12/3/ :09 PM In Summary Select an appropriate blockchain technology stack Identify and Mitigate threats with threat models Reduce the attack surface Apply the principle of least privilege Layer defences © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

52 Infrastructure Key and Password ManagementModernBiz 12/3/ :09 PM Infrastructure Key and Password Management Azure Active Directory and MFA https://azure.microsoft.com/en-us/services/multi-factor-authentication/ Key Vault https://docs.microsoft.com/en-us/azure/key-vault/key-vault-whatis https://docs.microsoft.com/en-us/azure/key-vault/key-vault-get-started Other KMS Vault Project - https://www.vaultproject.io/ © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

53 Physical Security Microsoft Azure Security CenterModernBiz 12/3/ :09 PM Physical Security Microsoft Azure Security Center https://azure.microsoft.com/en-us/services/security-center/ Microsoft Azure Trust Center https://azure.microsoft.com/en-us/support/trust-center/ Blockchain-specific considerations Phones Desktops/Laptops IoT © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

54 Perimeter Security TLS Virtual AppliancesModernBiz 12/3/ :09 PM Perimeter Security TLS Transport layer security via https, ssh Virtual Appliances Fortinet WAF https://azure.microsoft.com/en-us/marketplace/partners/fortinet/fortiweb-single-vmfortiweb-singlevm/ Barracuda WAF https://azure.microsoft.com/en-us/marketplace/partners/barracudanetworks/waf/ Web Application Firewall as a Service Cloudflare WAF https://www.cloudflare.com/lp/waf-a Akamai WAF https://www.akamai.com/us/en/solutions/products/cloud-security/ © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

55 Internal Network SecurityModernBiz 12/3/ :09 PM Internal Network Security TLS Transport layer security via https, ssh Network Security Groups https://blogs.msdn.microsoft.com/igorpag/2016/05/14/azure-network-security-groups-nsg-best-practices-and-lessons-learned/ https://blog.kloud.com.au/2015/08/25/secure-azure-virtual-network-defense-in-depth-using-network-security-groups-user-defined-routes-and-barracuda-ng-firewall/ Blockchain Specific Considerations Azure Marketplace Bletchley ARM Templates © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

56 ModernBiz 12/3/ :09 PM Host Security TLS Transport layer security via https, ssh Leverage 3rd Party Security Services in the Azure Marketplace Example: Trend Micro https://azure.microsoft.com/en-us/marketplace/partners/trendmicro/deep-security-manager-stdeep-security-manager/ Blockchain Specific Considerations Grant explicit access only for approved Daemons Node Services Ports and Protocols © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

57 Application Security Address Key Management Contract Dev PracticesModernBiz 12/3/ :09 PM Application Security Address Key Management Keys that lock and keys that unlock Signing up via wallet Key recovery and management current practice Contract Dev Practices https://github.com/ConsenSys/smart-contract-best-practices https://medium.com/zeppelin-blog/onward-with-ethereum-smart-contract-security-97a827e47702#.n205am5j8 Verification and Testing Formal verification Unit testing and test automation Contract generators © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

58 Application Security Public Chain Contract Security ConsiderationsModernBiz 12/3/ :09 PM Application Security Public Chain Contract Security Considerations The DAO and Reentrancy (Recursive call attack) 51% Attacks https://news.bitcoin.com/ethereum-clones-susceptible-51-attacks/ © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

59 Blockchain Security ResearchModernBiz 12/3/ :09 PM Blockchain Security Research Emerging area of focus https://www.tripwire.com/state-of-security/security-data-protection/threat-modeling-10-common-traps-you-dont-want-to-fall-into/ https://www.microsoft.com/en-us/sdl/default.aspx © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.