Microsoftâs Next-Generation Secure Computing Base, earlier Palladium Kit Colbert Student Consultant Representing Microsoft mssc@brown.edu
Slide 2What is Palladium? An arrangement of equipment and programming augmentations to make the PC more reliable. Todayâs applications will at present run fine and dandy. You can impair Palladium expansions in the event that you pick. What precisely is dependable processing? Great questionâ¦
Slide 3Trustworthy Computing Trustworthy: deserving of certainty. Illustrations: Credit card numbers that canât be stolen. Individual journal that must be composed and saw by you or individuals you pick. Somebody is who she says she is. There are as of now specially appointed answers for some of these worries, Palladium looks to explain all of them.
Slide 4Who To Trust? Applications? Working frameworks can automatically subvert applications. Working System? Equipment can automatically subvert working frameworks. Equipment? People can subvert equipment, yet not automatically. So we need to begin off believing the equipment.
Slide 5Chain of Trust We begin off believing the equipment and develop, along these lines making a chain of trust. Applications Operating System Hardware
Slide 6Palladiumâs Goals Usher in another time of reliable enabling so as to figure the PC to: Perform trusted operations Span various PCs with this trust Create element trust approaches Allow anybody to verify these arrangements
Slide 7How Palladium Will Do It Specifically, Palladium will include four new security highlights that build the machine\'s reliability: Protected memory Attestation Sealed capacity Secure data and yield It principally does this through cryptographic keys and calculations.
Slide 8Hardware Extensions Security Support Component (SSC) Secure correspondence channels for: I/O Graphics Network Storage Chipsets CPU operation codes, registers, interferes, and status bits
Slide 9Software Extensions Nexus (the bit) shared source Trusted specialists (the applications) So what is this, an entire other working framework?? All things considered, sort ofâ¦
Slide 10The New View Two parallel working frameworks? Not exactly, the trusted portion still depends on the untrusted part for the majority of its usefulness. Client Mode Trusted User Mode Kernel Mode Trusted Kernel Mode
Slide 11SSC/Nexus Interaction Sealed capacity: SSCâs symmetric key, call it âsâ SSC hash of running Nexus portion, call it âhâ Arbitrary information indicated by pointer âpâ SSC executes two operations: c = SEAL(p) p = UNSEAL(c) Example usage: SEAL: aes_encrypt(s+h, p) UNSEAL: aes_decrypt(s+h, p) If either SSC or Nexus changes, canât recover information!
Slide 12Bringing It All Together Closed circle of trust:
Slide 13TCPA Trusted Computing Platform Alliance Group of organizations (around 200) Biggest players: Microsoft Intel Compaq HP IBM Same objective as Palladium: dependability
Slide 14All About the Hardware TCPA particular just for equipment Itâs working framework freethinker Complete TCPA 1.1b spec online One execution of it underway machines (one form of IBM Thinkpad) Palladium utilizes a percentage of the TCPA spec
Slide 15How Palladium Will Affect You A Palladium PC will in any case run non-trusted applications So all that you have now will in any case work Palladium is select in You need to expressly decide to utilize it Signed pairs implies less risks of a trojan or infection embedded into ordinarily utilized projects
Slide 16Your Information is Secure All your own data is put away on your home machine, not on some companyâs server. You control exactly who sees what and what they can do with it. No more doctorâs new patient structures, not any more rounding out Mastercard applications, and so forth
Slide 17Digital Rights Management Probably the greatest issue with Palladium will empower the media organizations to secure their substance Which brings up a few issues: So not any more reasonable utilization? Can regardless I privateer? Reasonable utilization: presumably not for the fleeting Piracy: you can in any case do it on the non-trusted side
Slide 18Open Source and Palladium Will working frameworks like Linux still keep running on a Palladium PC? Without a doubt. Will Linux still keep running, as well as it could in principle be altered to have a Nexus Thus it could run trusted applications
Slide 19No User Authentication User verification is done through Windows Ie, normal Windows logon User is attached to the machine and its keys Everything scrambled with blend of machineâs SSC and Nexus keys Switching machines could be dreary
Slide 203-Phase Deployment Plan Deploy in organizations Use in inside systems Make beyond any doubt delicate information isnât released Get real media organizations included Create trusted substance and applications End clients/purchasers Use the trusted applications and substance Distribute individual data
Slide 21Conclusion Palladium is a stage Enables ISVs to compose trusted applications effortlessly. In the first place form in future rendition of Windows Sometime around 2005 or 2006 Will it work? Who knows. Microsoft trusts so. Do you need it to work? There are great and terrible results of it. Itâs an individual choice.
Slide 22Palladium Links Microsoft Palladium: A Business Overview http://www.microsoft.com/PressPass/highlights/2002/jul02/0724palladiumwp.asp Microsoft NGSCB Technical FAQ http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/NGSCB.asp Palladium Details http://www.activewin.com/articles/2002/pd.shtml Microsoft Meeting on Palladium http://vitanuova.loyalty.org/2002-07-03.html EPICâs Palladium Coverage http://www.epic.org/protection/customer/microsoft/palladium.html Inside Microsoftâs Secure OS Project Palladium http://www.extremetech.com/article2/0,3973,837726,00.asp MIT Palladium Presentation http://www.cryptome.org/palladium-mit.htm
Slide 23More Palladium Links Interview with Palladiumâs Mario Juarez http://www.digitalidworld.com/modules.php?op=modload&name=News&file=article&sid=74&mode=&order=0 Q&A: Palladium Initiative http://www.microsoft.com/presspass/Features/2002/Jul02/07-01palladium.asp TCPA/Palladium FAQ http://www.cl.cam.ac.uk/%7Erja14/tcpa-faq.html TCPA and Palladium: Sony Inside http://www.kuro5hin.org/story/2002/7/9/17842/90350 TCPA and Palladium Technical Analysis http://wintermute.homelinux.org/miscelanea/TCPA%20Security.txt Palladium and the TCPA http://www.counterpane.com/crypto-gram-0208.html TCPA Homepage http://w