Microsoft’sNext-Generation Secure Computing Base,formerly Palladium Kit ColbertStudent Consultant Representing Microsoftmssc@brown.edu
What is Palladium? • A set of hardware and software extensions to make the PC more trustworthy. • Today’s apps will still run just fine. • You can disable Palladium extensions if you choose. • What exactly is trustworthy computing? • Good question…
Trustworthy Computing • Trustworthy: worthy of confidence. • Examples: • Credit card numbers that can’t be stolen. • Personal diary that can only be written and viewed by you or people you choose. • Someone is who she says she is. • There are currently ad-hoc solutions for some of these concerns, Palladium seeks to solve them all.
Who To Trust? • Applications? • Operating systems can programmatically subvert applications. • Operating System? • Hardware can programmatically subvert operating systems. • Hardware? • Humans can subvert hardware, but not programmatically. • So we have to start off trusting the hardware.
Chain of Trust • We start off trusting the hardware and build up, thus creating a chain of trust. Applications Operating System Hardware
Palladium’s Goals • Usher in a new era of trustworthy computing by enabling the PC to: • Perform trusted operations • Span multiple computers with this trust • Create dynamic trust policies • Allow anyone to authenticate these policies
How Palladium Will Do It • Specifically, Palladium will add four new security features that increase the trustworthiness of the machine: • Protected memory • Attestation • Sealed storage • Secure input and output • It primarily does this through cryptographic keys and algorithms.
Hardware Extensions • Security Support Component (SSC) • Secure communication channels for: • I/O • Graphics • Network • Storage • Chipsets • CPU op-codes, registers, interrupts, and status bits
Software Extensions • Nexus • (the kernel) • shared source • Trusted agents • (the applications) • So what is this, a whole other operating system?? • Well, sort of…
The New View • Two parallel operating systems? • Not quite, the trusted kernel still relies on the untrusted kernel for most of its functionality. User Mode Trusted User Mode Kernel Mode Trusted Kernel Mode
SSC/Nexus Interaction • Sealed storage: • SSC’s symmetric key, call it ‘s’ • SSC hash of running Nexus kernel, call it ‘h’ • Arbitrary data pointed to by pointer ‘p’ • SSC implements two operations: • c = SEAL(p) • p = UNSEAL(c) • Example implementation: • SEAL: aes_encrypt(s+h, p) • UNSEAL: aes_decrypt(s+h, p) • If either SSC or Nexus changes, can’t retrieve data!
Bringing It All Together • Closed sphere of trust:
TCPA • Trusted Computing Platform Alliance • Group of companies (about 200) • Biggest players: • Microsoft • Intel • Compaq • HP • IBM • Same goal as Palladium: trustworthiness
All About the Hardware • TCPA specification only for hardware • It’s operating system agnostic • Complete TCPA 1.1b spec online • One implementation of it in production machines (one version of IBM Thinkpad) • Palladium uses some of the TCPA spec
How Palladium Will Affect You • A Palladium PC will still run non-trusted apps • So everything you have now will still work • Palladium is opt-in • You have to explicitly choose to use it • Signed binaries means less chances of a trojan or virus inserted into commonly used programs
Your Information is Secure • All your personal information is stored on your home machine, not on some company’s server. • You control precisely who sees what and what they can do with it. • No more doctor’s new patient forms, no more filling out credit card apps, etc.
Digital Rights Management • Probably the biggest issue with Palladium • Palladium will enable the media companies to protect their content • Which raises some questions: • So no more fair use? • Can I still pirate? • Fair use: probably not for the short term • Piracy: you can still do it on the non-trusted side
Open Source and Palladium • Will operating systems like Linux still run on a Palladium PC? • Definitely. • Not only will Linux still run, but it could in theory be modified to have a Nexus • Thus it could run trusted apps
No User Authentication • User authentication is done through Windows • Ie, usual Windows logon • User is tied to the machine and its keys • Everything encrypted with combination of machine’s SSC and Nexus keys • Switching machines could be tedious
3-Phase Deployment Plan • Deploy in corporations • Use in internal networks • Make sure sensitive data isn’t leaked • Get major media companies involved • Create trusted content and applications • End users/consumers • Use the trusted apps and content • Distribute personal information
Conclusion • Palladium is a platform • Enables ISVs to write trusted apps easily. • First version in future version of Windows • Sometime around 2005 or 2006 • Will it work? • Who knows. Microsoft hopes so. • Do you want it to work? • There are good and bad outcomes of it. • It’s a personal decision.
Palladium Links • Microsoft Palladium: A Business Overviewhttp://www.microsoft.com/PressPass/features/2002/jul02/0724palladiumwp.asp • Microsoft NGSCB Technical FAQhttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/NGSCB.asp • Palladium Detailshttp://www.activewin.com/articles/2002/pd.shtml • Microsoft Meeting on Palladiumhttp://vitanuova.loyalty.org/2002-07-03.html • EPIC’s Palladium Coveragehttp://www.epic.org/privacy/consumer/microsoft/palladium.html • Inside Microsoft’s Secure OS Project Palladiumhttp://www.extremetech.com/article2/0,3973,837726,00.asp • MIT Palladium Presentationhttp://www.cryptome.org/palladium-mit.htm
More Palladium Links • Interview with Palladium’s Mario Juarezhttp://www.digitalidworld.com/modules.php?op=modload&name=News&file=article&sid=74&mode=&order=0 • Q&A: Palladium Initiativehttp://www.microsoft.com/presspass/Features/2002/Jul02/07-01palladium.asp • TCPA / Palladium FAQhttp://www.cl.cam.ac.uk/%7Erja14/tcpa-faq.html • TCPA and Palladium: Sony Insidehttp://www.kuro5hin.org/story/2002/7/9/17842/90350 • TCPA and Palladium Technical Analysishttp://wintermute.homelinux.org/miscelanea/TCPA%20Security.txt • Palladium and the TCPAhttp://www.counterpane.com/crypto-gram-0208.html • TCPA Homepagehttp://www.trustedpc.org