Next generation secure computing base
1 / 31

Next Generation Secure Computing Base - PowerPoint PPT Presentation

  • Updated On :

Next Generation Secure Computing Base . John Manferdelli Security Business Unit Microsoft Corporation. Network level Encryption. IPsec. Monitoring tools. ACL. VA tools Reporting tools. SSL. HSM. Network IDS. Air gap network. Config and patch mgt.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Next Generation Secure Computing Base' - emily

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Next generation secure computing base l.jpg

Next Generation Secure Computing Base

John Manferdelli

Security Business Unit

Microsoft Corporation

The problem l.jpg

Network level Encryption


Monitoring tools


VA tools

Reporting tools



Network IDS

Air gap network

Config and patch mgt

Content screening



Network segmentation

Firewall, Proxy server

2-factor authentication, one time password, digital signature

Antivirus software

Personal firewall

The Problem




data, IP, apps, “secrets”



  • “Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit-card information from someone living in a cardboard box to someone living on a park bench.”

    • Professor Gene Spafford Perdue CERIAS

Corp network

Next generation secure computing base defined l.jpg
Next Generation Secure Computing Base Defined

  • Microsoft’s Next-Generation Secure Computing Base (NGSCB) is a bad name for a new security technology for the Microsoft Windows platform

    • Uses a unique hardware and software design

    • New kind of security model for integrity, confidentiality and trust negotiation in an interconnected world

Ngscb security goals l.jpg
NGSCB Security Goals

  • Protect data and processing against software attack

  • Provide a strong way to authenticate machines and software.

  • Provide “compartmentalization” of secure applications

    • Small, dynamically materialized security perimeters with unspoofable TCBs

  • Provide safe haven in “network rich” environment

Key ngscb components l.jpg
Key NGSCB Components

Slide6 l.jpg

Standard-Mode (“std-mode”/LHS)

Nexus-Mode (RHS)





Trusted User

Engine (TUE)

User Apps.




NCA Runtime Library






Secure Input

Secure Video



NGSCB Quadrants

Main OS





Attestation extends tcb l.jpg
Attestation extends TCB

  • Another program can rely on this key without a central authority

  • Don’t try this at home, safe protocol is more complicated

  • May be replaced by Zero Knowledge Protocol

  • Program generates public/private key pair

  • Platform signs statement “The following public key is in an isolated program with hash H under Nexus N.”

Attestation caveat l.jpg
Attestation Caveat

  • Attestation is NOT a judgment of code quality or fitness

    • Code could still be malicious

    • Code could still have bugs affecting security

  • Attestation leaves judgment up to challenger

    • Done with high confidence

What runs on the lhs l.jpg
What Runs On The LHS

  • Windows as you know it today

  • Applications and Drivers still run

  • Viruses too

  • Any software with minor exceptions

    • The new hardware (HW) memory controller won’t allow certain “bad” behaviors, e.g., code which

      • Puts the CPU into real mode

What the rhs needs from the lhs l.jpg
What the RHS Needs From The LHS

  • Memory Management changes to allow nexus to participate in memory pressure and paging decisions

  • Window Manager coordination

  • IPC, scheduling, communication

  • NGSCB management software and services

Business scenarios l.jpg

  • Employee use of Enterprise Programs

  • Employee use of Enterprise Data

  • Doctors access hospital records

  • Guard machines from untrusted network

  • Guard network from untrusted machines

  • Guard programs from untrusted services

  • Secure machine monitor

  • Lock-down and monitor machine policy

  • Sandbox execution

Business Scenarios

Secure Communication

Secure Remote Access

Secure Network Access

Secure Machine Policy

Business scenarios12 l.jpg

  • Protect personal data at Amazon

  • Secure RMS from software attack

  • Protect Corporate Partner Information

  • Books, movies, audio, software

  • Flexible use models: Differential pricing

  • Content not “orphaned” by new devices

  • Auctions

  • Negotiations

  • On-line Games

Business Scenarios

Confidentiality Enforcement

“Small” Rights Management

“Big” Rights Management

Secure Collaboration

Ngscb threat models l.jpg
NGSCB: Threat Models

  • Our Threat Model

    • No Software-Only Attacks Against RHS

    • No Break-Once/Break-Everywhere (BOBE) attacks

  • No Software-Only Attacks means…

    • No attacks based on micro-code, macro-code, adapter card scripts, etc.

    • Any attacks launched from the Web or e-mail are “software only”

  • Protection only applies to the release of secrets

Hw keys whose are they l.jpg
HW Keys: Whose are they?

  • Answer: The Hardware

    • Used only under explicit user policy.

  • NGSCB uses two hardware keys directly:

    • One key is used by Sealed Storage

      • Generated when user “takes ownership”

      • Only available to TPM

      • Randomizing

    • One key is an RSA key used for Attestation

      • Only signs statements like “Nexus with hash x asked me to sign the following statement: y.”

  • Privacy safeguards built into hardware

    • Opt-in

    • Disclosure of (public) signing key components is restricted

    • Use of keys in sole control of machine owner

Other keys whose are they l.jpg
Other Keys: Whose are they?

  • Answer: Entities authorized by users to access key services

    • User’s personal Keys

    • Service provider’s Keys

    • Shared Keys

  • Microsoft neither owns nor has access to any HW keys.

    • Key ownership is circumscribed and may not even be known to entity relying on it.

Machine owner is in complete control l.jpg
Machine owner is in complete control

  • Hardware cannot be used without explicit user permission

  • No nexus can run without explicit user permission

  • No NCA can run without explicit user permission

  • No NCA can use key services without user permission

Policies l.jpg

  • Everything that runs today will run on NGSCB systems

  • The platform will run any nexus

    • The user will be in charge of what nexuses he chooses to run

  • The MS nexus will run any application

    • The user will be in charge of the applications that he chooses to run

  • The MS nexus will interoperate with any network service provider

  • The MS nexus source code will be made available for review

Misconceptions ngcsb l.jpg
Misconceptions: NGCSB

  • NGSCB will censor or disable content without user permission

    • No policy (except user policy) in NGSCB

  • NGSCB will lock out vendors

    • No permission (signatures) required to use NGSCB

  • NGSCB is “super” virus spreader

    • NGSCB applications do no run at elevated privilege

  • NGSCB NCA is not debuggable

    • Yes it is.

  • This will hurt smart card vendors

    • No, it increases portable smart card value

Misconceptions tcpa tcg l.jpg
Misconceptions: TCPA/TCG

  • It’s the Fritz chip

    • Nope. It’s an anti-Fritz chip.

  • TCPA/TCG refuses to run unlicensed software

    • Nope. Statement publicly denied by MS, HP and IBM.

  • Control will be exercised centrally

    • No central authorities required

    • Need for central authorities diminished

  • TC will remove effective control of PC from its owner

    • Strengthens owner control

Slide20 l.jpg

User Apps.

NGSCB Quadrants

Standard-Mode (“std-mode” / LHS)

Nexus-Mode (RHS)





Trusted User

Engine (TUE)




NCA Runtime Library


Main OS









Secure Input

Secure Video



Booting the nexus l.jpg
“Booting” The Nexus

  • Nexus is like an OS kernel, so it must boot sometime

  • Can boot long after main OS

  • Can shut down long before main OS (and restart later)

Nexus basic environment l.jpg
Nexus: Basic Environment

  • Section 1 of Intro to Operating Systems Textbook

    • Process and Thread Loader/Manager

    • Memory Manager

    • I/O Manager

    • Security Reference Monitor

    • Interrupt handing/Hardware abstraction

  • But no Section 2

    • No File System

    • No Networking

    • No Kernel Mode/Privileged Device Drivers

    • No Direct X

    • No Scheduling

    • No…

  • Kernel mode has no pluggables

    • All of the kernel loaded at boot and in the PCR

Nexus basic environment24 l.jpg
Nexus: Basic Environment

  • Virtualization of hardware fundamentals for Agents

    • Sealed storage, attestation, etc.

  • Minimal Services

    • Trusted UI Engine

      • XML Based Graphical Services for UI

      • Input Routing/Focus Management

      • Minimum Fonts (inc. Multiple Languages…)

      • Windows Manager

    • IPC

    • TSPs (Trusted Service Provider)

      • Run in User Mode RHS

      • Provide Services

      • Are “Drivers” for Trusted Input/Video

Code identity l.jpg
Code Identity

  • Nexus

    • Cryptographic Hash

  • Agents

    • Manifest (or rather hash of manifest)

      • Debugging Policy

      • Public Key

      • Corresponding Private key authorized to name cryptographic hashes of binaries that identify “this program”

      • Metadata

Debugging the nexus l.jpg
Debugging The Nexus

  • The retail nexus cannot be debugged

  • The debug nexus can be debugged

  • Since these two nexuses are different in at least one bit, their attestations are different as well

User mode debugging l.jpg
User Mode Debugging

  • No agents are debuggable without a change to their code identity

    • Attestation reflects this change

  • Debugging the LHS Shadow Process means debugging the Agent

    • We’ve redirected the functions to Get and Set Thread Context and Read and Write Process Memory

    • We’ve redirected RHS debug events to the LHS process

    • Thread control “just works”

  • Well behaved debuggers that work with LHS processes will also with agents

Ngscb seal l.jpg

  • Here’s a good mental model

    • Seal(secret) → cryptoblob(secret)

      • Crytoblob(secret) may be stored anywhere

    • The call is really

      • Seal(secret, DigestOfTargetEnvironment) → cryptoblob(secret)

    • Unseal(cryptoblob(somesecret)) → somesecret

    • Unseal is really

      • Unseal(cryptoblob(somesecret), DigestOfTargetEnvironment) → somesecret

Secret migration l.jpg
Secret Migration

  • Caller gets to specify certain properties

    • What agents may unseal the secret

    • What hardware may unseal the secret

    • What nexus may unseal the secret

    • What users may unseal the secret

  • Agents shouldn’t seal against the SSC

    • They should seal against the nexus

      • which seals against the SSC

  • Backup, restore, migration are all possible using intermediate keys and certificates

Wiifm credential based security l.jpg
WIIFM: Credential Based Security

  • Single simple, flexible, scalable, distributed, credential based security model

    • Programs, users, machines, channels as principals

    • Fine-grained, persistent, declarative claim/assertion/authorization language

    • General authentication and authorization primitives

  • Manageable and Flexible

    • Non brittle

    • Administrable

    • Projects Security Perimeter outside Enterprise

  • Framework for policy enforcement

    • Desktop Lockdown

    • Policy assurance (Virus policy, IDS, …)

  • Supports migration of existing Windows security services