Next-Generation Secure Computing Base

From BetaArchive Wiki
Revision as of 01:10, 24 July 2014 by Maza (talk | contribs) (The article I linked to, titled "How 4 Microsoft engineers proved that the 'darknet' would defeat DRM" includes a comment from NGSCB developer, Peter Biddle, who explained the purpose of the technology. The ref is a direct link to that comment)
Diagram of the NGSCB software architecture as presented at WinHEC 2003.

The Next-Generation Secure Computing Base (codenamed Palladium) is the name of a cancelled software architecture originally slated to be included in the Microsoft Windows "Longhorn" operating system. Development of the architecture began in 1997.[1][2]

NGSCB was designed to provide an isolated environment where sensitive operations may be performed securely. Microsoft's primary stated objective with NGSCB was to "protect software from software."[3][4]

History

Development

Diagram of NGSCB architecture revision during WinHEC 2004.

Development of the NGSCB began in 1997 after Microsoft developer, Peter Biddle, conceived of new ways to offer content protection on personal computers.[5]

Microsoft later filed a large number of patents related to elements of the NGSCB design.[6] Patents for a digital rights management operating system,[7] loading and identifying a digital rights management operating system,[8] key-based secure storage,[9] and certificate based access control[10] were filed on January 8, 1999. A method to authenticate an operating system based on its central processing unit was filed on March 10, 1999.[11] Patents related to the secure execution of code[12] and protection of code in memory[13] were filed on April 6, 1999.

The technology was publicly unveiled under the name "Palladium" on June 24, 2002 in an article by Steven Levy of Newsweek that focused on its origin, design and features.[14][15][16] Levy stated that the technology would allow users to identify and authenticate themselves, encrypt data to protect against unauthorized access, and enforce policies related to the use of information. As examples of policies that users could enforce, Levy stated that users could send e-mail messages accessible only by the intended recipient, or create Microsoft Word documents that could only be read a week after they were created. To provide this functionality, the technology would require specially designed hardware components, including updated processors, chipsets, peripherals, and a new coprocessor designed to perform cryptographic operations.

Microsoft publicly demonstrated the NGSCB for the first time at its Windows Hardware Engineering Conference in 2003.[17][18][19]

Microsoft released the first NGSCB software developer kit (SDK) during its Professional Developers Conference (PDC) of 2003.[20][21][22]

During WinHEC 2004, based on feedback from customers and ISV partners who stated that they did not want to rewrite their existing programs in order to benefit from its functionality, Microsoft announced that it would revise the technology.[23][24] After the announcement, reports stated that Microsoft would cease development of the technology.[25][26] Microsoft denied the claims and reaffirmed its commitment to delivering the technology.[27][28]

Name

In Greek and Roman mythology, the term "palladium" refers to an object that the safety of a city or nation was believed to be dependent upon.[29]

On January 24, 2003, Microsoft announced that "Palladium" had been renamed as the "Next-Generation Secure Computing Base." According to NGSCB product manager Mario Juarez, the new name was chosen not only to reflect Microsoft's commitment to the technology in the upcoming decade, but also to avoid any legal conflict with an unnamed company that had already acquired the rights to the Palladium name. Juarez acknowledged that the previous name had been a source of criticism, but denied that the decision was made by Microsoft in an attempt to deflect criticism.[30]

Reception

Cancellation

During WinHEC 2005, Microsoft announced that it had scaled back its plans for the technology in order to ship the post-reset Windows "Longhorn" operating system within a reasonable timeframe. Instead of providing a new operating environment, the NGSCB would offer full volume encryption with a feature known as "Secure Startup" (later renamed as "Bitlocker Drive Encryption").[31] Microsoft stated that it would deliver other aspects of its NGSCB vision at a later date.[32]

In July 2008, Peter Biddle stated that negative perception was the main contributing factor responsible for the cancellation of the architecture.[33]

Overview and features

Process isolation

Sealed storage

Attestation

Attestation refers to validation of a NGSCB machine configuration. Attestation allows users to attest to the state of a hardware or software configuration by sending its cryptographic information to a trusted third-party; the third-party can then determine whether it should trust the configuration.

Secure I/O

Software

Nexus

Diagram of the Nexus design.

The Nexus, previously referred to as the "Nub"[34] or "Trusted Operating Root"[35][36] is the new kernel introduced by the NGSCB. The Nexus is responsible for the secure interaction between the specialized hardware components, and is also responsible for the management of Nexus Computing Agents.

Nexus Computing Agents

Nexus Computing Agents are user-mode application processes managed by the Nexus kernel.

Nexus Computing Agents are divided into three categories: "Application," "Component," and "Trusted Service Provider."[37]

Hardware

Trusted Platform Module

The Trusted Platform Module, previously referred to as the "Secure Cryptographic Processor" or "Security Support Component", is the hardware component that securely stores the cryptographic keys for the Nexus and Nexus Computing Agents, which makes the sealed storage and attestation features of the Nexus possible.

The Trusted Platform Module includes an asymmetric 2048-bit RSA key pair, referred to as the Endorsement Key (EK), which is unique to each particular module and is generated as part of its manufacturing process. The public key is accessible to applications or services that have established a trusted relationship with the owner, and is also used to provide the owner with Attestation Identity Keys (AIKs).

According to Microsoft, version 1.2 of the Trusted Platform Module is the first version compatible with its NGSCB architecture. Previous versions do not include the required functionality.[38]

In builds of Windows "Longhorn"

In released pre-reset builds of Windows "Longhorn", NGSCB components reside in %SYSTEMDRIVE%\WINDOWS\NGSCB.

In Windows 8

On systems equipped with a compatible Trusted Platform Module, Windows 8 includes a feature called "Measured Boot" which allows a trusted server to verify the integrity of the Windows startup process.[39][40][41] Measured Boot is not directly related to the NGSCB architecture; rather, it serves a purpose comparable to the architecture's "Attestation" feature in that both are designed to validate a platform's configuration.[42]

References

  1. Biddle, Peter. (August 5, 2002). "Re: Dangers of TCPA/Palladium"
  2. Merritt, Rick. (July 15, 2002). "Microsoft scheme for PC security faces flak"
  3. Aday, Michael. "'Palladium'"
  4. Lee, Timothy. (November 30, 2012). "How 4 Microsoft engineers proved that the 'darknet' would defeat DRM"
  5. Schoen, Seth. (July 5, 2002). "'Palladium' summary"
  6. Lampson, Butler. "Curriculum Vitae"
  7. Digital rights management operating system (U.S. 6330670 B1)
  8. Loading and identifying a digital rights management operating system (U.S. 6327652 B1)
  9. Key-based secure storage (U.S. 7194092 B1)
  10. Controlling access to content based on certificates and access predicates (U.S. 6820063 B1)
  11. System and method for authenticating an operating system to a central processing unit (U.S. 7174457 B1)
  12. Secure execution of program code (U.S. 6651171 B1)
  13. Hierarchical trusted code for content protection in computers (U.S. 20040243836 A1)
  14. Levy, Steven. (June 24, 2002). "The Big Secret"
  15. Geek.com. (June 24, 2002). "'Palladium': Microsoft's big plan for the PC"
  16. ExtremeTech. (June 24, 2002). "'Palladium': Microsoft Revisits Digital Rights Management"
  17. Bekker, Scott. (May 6, 2003). "'Palladium' on Display at WinHEC"
  18. BusinessWire. (May 7, 2003). "Atmel and Microsoft Demonstrate New Secure USB Keyboard Prototype at WinHEC 2003"
  19. Microsoft PressPass. "At WinHEC, Microsoft Discusses Details of Next-Generation Secure Computing Base"
  20. Rooney, Paula; Montalbano, Elizabeth. (October 1, 2003). "Microsoft to Hand Over Early Whidbey, Yukon Code At PDC"
  21. Furman, Keith; Thurrott, Paul. (October 23, 2003). "Live from PDC 2003: Countdown, Two Days to Go!"
  22. Evers, Joris. (October 30, 2003). "Developers get hands on Microsoft's NGSCB"
  23. Evers, Joris. (May 5, 2004). "WinHEC: Microsoft revisits NGSCB security plan"
  24. Sanders, Tom. (May 6, 2004) "Microsoft shakes up 'Longhorn' security"
  25. Bangeman, Eric. (May 5, 2004). "Microsoft kills Next-Generation Secure Computing Base"
  26. Rooney, Paula. (May 5, 2004). "Microsoft shelves NGSCB project as NX moves to center stage"
  27. eWeek. (May 5, 2004). "Microsoft: Palladium is still alive and kicking"
  28. Thurrott, Paul. (May 7, 2004). "WinHEC 2004 Show Report and Photo Gallery"
  29. Greek Mythology Index. "PALLADIUM"
  30. Lemos, Robert. (January 24, 2003). "What's in a name? Not Palladium"
  31. Sanders, Tom. (April 26, 2005). "'Longhorn' security gets its teeth kicked out"
  32. Microsoft Next-Generation Secure Computing Base
  33. Biddle, Peter. (July 16, 2008). "Perception (or, Linus gets away with being honest again)"
  34. Biddle, Peter. (August 5, 2002). "Re: Dangers of TCPA/Palladium"
  35. Microsoft PressPass. "'Palladium': A Business Overview"
  36. Biddle, Peter. (September 19, 2002). "Re: Cryptogram: 'Palladium' only for DRM"
  37. Cram, Ellen. (October 2003). "Development Considerations for Nexus Computing Agents"
  38. Microsoft. "Privacy-Enabling Enhancements in the Next-Generation Secure Computing Base"
  39. Microsoft TechNet. "Windows 8 Boot Process - Security, UEFI, TPM"
  40. Microsoft TechNet. "Windows 8 Boot Security FAQ"
  41. Microsoft Software Developer Network (MSDN). "Measured Boot"
  42. Microsoft. "Secured Boot and Measured Boot: Hardening Early Boot Components against Malware"

External links

Microsoft Next-Generation Secure Computing Base Home Page

The following article is a stub.
You can help BetaArchive Wiki by expanding it.
Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Next-Generation_Secure_Computing_Base&oldid=7177
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki