Microsoft’s Next-Generation Secure Computing Base, formerly Palladium Kit Colbert Student...
-
Upload
alexandra-randall -
Category
Documents
-
view
221 -
download
1
Transcript of Microsoft’s Next-Generation Secure Computing Base, formerly Palladium Kit Colbert Student...
Microsoft’sMicrosoft’sNext-Generation Secure Computing Base,Next-Generation Secure Computing Base,
formerly Palladiumformerly Palladium
Kit ColbertKit ColbertStudent Consultant Representing MicrosoftStudent Consultant Representing [email protected]@brown.edu
What is Palladium?What is Palladium?
• A set of hardware and software extensions A set of hardware and software extensions to make the PC more trustworthy.to make the PC more trustworthy.
• Today’s apps will still run just fine.Today’s apps will still run just fine.• You can disable Palladium extensions if You can disable Palladium extensions if
you choose.you choose.
• What exactly is trustworthy computing?What exactly is trustworthy computing?• Good question…Good question…
Trustworthy ComputingTrustworthy Computing
• Trustworthy: worthy of confidence.Trustworthy: worthy of confidence.• Examples:Examples:
• Credit card numbers that can’t be stolen.Credit card numbers that can’t be stolen.• Personal diary that can only be written and Personal diary that can only be written and
viewed by you or people you choose.viewed by you or people you choose.• Someone is who she says she is.Someone is who she says she is.
• There are currently ad-hoc solutions for There are currently ad-hoc solutions for some of these concerns, Palladium seeks some of these concerns, Palladium seeks to solve them all.to solve them all.
Who To Trust?Who To Trust?
• Applications?Applications?• Operating systems can programmatically subvert applications.
• Operating System?• Hardware can programmatically subvert operating systems.
• Hardware?• Humans can subvert hardware, but not programmatically.
• So we have to start off trusting the hardware.
Chain of TrustChain of Trust
• We start off trusting the hardware and We start off trusting the hardware and build up, thus creating a chain of trust.build up, thus creating a chain of trust.
Hardware
Operating System
Applications
Palladium’s GoalsPalladium’s Goals
• Usher in a new era of trustworthy Usher in a new era of trustworthy computing by enabling the PC to:computing by enabling the PC to:• Perform trusted operationsPerform trusted operations• Span multiple computers with this trustSpan multiple computers with this trust• Create dynamic trust policiesCreate dynamic trust policies• Allow anyone to authenticate these policiesAllow anyone to authenticate these policies
How Palladium Will Do ItHow Palladium Will Do It
• Specifically, Palladium will add four new Specifically, Palladium will add four new security features that increase the security features that increase the trustworthiness of the machine:trustworthiness of the machine:• Protected memoryProtected memory• AttestationAttestation• Sealed storageSealed storage• Secure input and outputSecure input and output
• It primarily does this through cryptographic It primarily does this through cryptographic keys and algorithms.keys and algorithms.
Hardware ExtensionsHardware Extensions
• Security Support Component (SSC)Security Support Component (SSC)• Secure communication channels for:Secure communication channels for:
• I/OI/O• GraphicsGraphics• NetworkNetwork• StorageStorage• ChipsetsChipsets
• CPU op-codes, registers, interrupts, and CPU op-codes, registers, interrupts, and status bitsstatus bits
Software ExtensionsSoftware Extensions
• NexusNexus• (the kernel)(the kernel)• shared sourceshared source
• Trusted agentsTrusted agents• (the applications)(the applications)
• So what is this, a whole other operating system??
• Well, sort of…
The New ViewThe New View
• Two parallel operating systems?Two parallel operating systems?• Not quite, the trusted kernel still relies on the Not quite, the trusted kernel still relies on the
untrusted kernel for most of its functionality.untrusted kernel for most of its functionality.
Kernel Mode
User ModeTrusted
User Mode
TrustedKernel Mode
SSC/Nexus InteractionSSC/Nexus Interaction
• Sealed storage:Sealed storage:• SSC’s symmetric key, call it ‘s’SSC’s symmetric key, call it ‘s’• SSC hash of running Nexus kernel, call it ‘h’SSC hash of running Nexus kernel, call it ‘h’• Arbitrary data pointed to by pointer ‘p’Arbitrary data pointed to by pointer ‘p’• SSC implements two operations:SSC implements two operations:
• c = SEAL(p)c = SEAL(p)• p = UNSEAL(c)p = UNSEAL(c)
• Example implementation:Example implementation:• SEAL: aes_encrypt(s+h, p)SEAL: aes_encrypt(s+h, p)• UNSEAL: aes_decrypt(s+h, p)UNSEAL: aes_decrypt(s+h, p)
• If either SSC or Nexus changes, can’t retrieve data!If either SSC or Nexus changes, can’t retrieve data!
TCPATCPA
• Trusted Computing Platform AllianceTrusted Computing Platform Alliance• Group of companies (about 200)Group of companies (about 200)• Biggest players:Biggest players:
• MicrosoftMicrosoft• IntelIntel• CompaqCompaq• HPHP• IBMIBM
• Same goal as Palladium: trustworthinessSame goal as Palladium: trustworthiness
All About the HardwareAll About the Hardware
• TCPA specification only for hardwareTCPA specification only for hardware• It’s operating system agnosticIt’s operating system agnostic
• Complete TCPA 1.1b spec onlineComplete TCPA 1.1b spec online• One implementation of it in production One implementation of it in production
machines (one version of IBM Thinkpad)machines (one version of IBM Thinkpad)• Palladium uses some of the TCPA specPalladium uses some of the TCPA spec
How Palladium Will Affect YouHow Palladium Will Affect You
• A Palladium PC will still run non-trusted A Palladium PC will still run non-trusted appsapps• So everything you have now will still workSo everything you have now will still work
• Palladium is opt-inPalladium is opt-in• You have to explicitly choose to use itYou have to explicitly choose to use it
• Signed binaries means less chances of a Signed binaries means less chances of a trojan or virus inserted into commonly trojan or virus inserted into commonly used programsused programs
Your Information is SecureYour Information is Secure
• All your personal information is stored on All your personal information is stored on your home machine, not on some your home machine, not on some company’s server.company’s server.
• You control precisely who sees what and You control precisely who sees what and what they can do with it.what they can do with it.
• No more doctor’s new patient forms, no No more doctor’s new patient forms, no more filling out credit card apps, etc.more filling out credit card apps, etc.
Digital Rights ManagementDigital Rights Management
• Probably the biggest issue with PalladiumProbably the biggest issue with Palladium• Palladium will enable the media Palladium will enable the media
companies to protect their contentcompanies to protect their content• Which raises some questions:Which raises some questions:
• So no more fair use?So no more fair use?• Can I still pirate?Can I still pirate?
• Fair use: probably not for the short termFair use: probably not for the short term• Piracy: you can still do it on the non-trusted Piracy: you can still do it on the non-trusted
sideside
Open Source and PalladiumOpen Source and Palladium
• Will operating systems like Linux still run Will operating systems like Linux still run on a Palladium PC?on a Palladium PC?• Definitely.Definitely.
• Not only will Linux still run, but it could in Not only will Linux still run, but it could in theory be modified to have a Nexustheory be modified to have a Nexus• Thus it could run trusted appsThus it could run trusted apps
No User AuthenticationNo User Authentication
• User authentication is done through User authentication is done through WindowsWindows• Ie, usual Windows logonIe, usual Windows logon
• User is tied to the machine and its keysUser is tied to the machine and its keys• Everything encrypted with combination of Everything encrypted with combination of
machine’s SSC and Nexus keysmachine’s SSC and Nexus keys• Switching machines could be tediousSwitching machines could be tedious
3-Phase Deployment Plan3-Phase Deployment Plan
• Deploy in corporationsDeploy in corporations• Use in internal networksUse in internal networks• Make sure sensitive data isn’t leakedMake sure sensitive data isn’t leaked
• Get major media companies involvedGet major media companies involved• Create trusted content and applicationsCreate trusted content and applications
• End users/consumersEnd users/consumers• Use the trusted apps and contentUse the trusted apps and content• Distribute personal informationDistribute personal information
ConclusionConclusion
• Palladium is a platformPalladium is a platform• Enables ISVs to write trusted apps easily.Enables ISVs to write trusted apps easily.
• First version in future version of WindowsFirst version in future version of Windows• Sometime around 2005 or 2006Sometime around 2005 or 2006
• Will it work?Will it work?• Who knows. Microsoft hopes so.Who knows. Microsoft hopes so.
• Do you want it to work?Do you want it to work?• There are good and bad outcomes of it.There are good and bad outcomes of it.• It’s a personal decision.It’s a personal decision.
Palladium LinksPalladium Links• Microsoft Palladium: A Business OverviewMicrosoft Palladium: A Business Overview
http://www.microsoft.com/PressPass/features/2002/jul02/0724palladhttp://www.microsoft.com/PressPass/features/2002/jul02/0724palladiumwp.aspiumwp.asp
• Microsoft NGSCB Technical FAQMicrosoft NGSCB Technical FAQhttp://www.microsoft.com/technet/treeview/default.asp?url=/technet/http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/NGSCB.aspsecurity/news/NGSCB.asp
• Palladium DetailsPalladium Detailshttp://www.activewin.com/articles/2002/pd.shtmlhttp://www.activewin.com/articles/2002/pd.shtml
• Microsoft Meeting on PalladiumMicrosoft Meeting on Palladiumhttp://vitanuova.loyalty.org/2002-07-03.htmlhttp://vitanuova.loyalty.org/2002-07-03.html
• EPIC’s Palladium CoverageEPIC’s Palladium Coveragehttp://www.epic.org/privacy/consumer/microsoft/palladium.htmlhttp://www.epic.org/privacy/consumer/microsoft/palladium.html
• Inside Microsoft’s Secure OS Project PalladiumInside Microsoft’s Secure OS Project Palladiumhttp://www.extremetech.com/article2/0,3973,837726,00.asphttp://www.extremetech.com/article2/0,3973,837726,00.asp
• MIT Palladium PresentationMIT Palladium Presentationhttp://www.cryptome.org/palladium-mit.htmhttp://www.cryptome.org/palladium-mit.htm
More Palladium LinksMore Palladium Links• Interview with Palladium’s Mario JuarezInterview with Palladium’s Mario Juarez
http://www.digitalidworld.com/modules.php?http://www.digitalidworld.com/modules.php?op=modload&name=News&file=article&sid=74&mode=&order=0op=modload&name=News&file=article&sid=74&mode=&order=0
• Q&A: Palladium InitiativeQ&A: Palladium Initiativehttp://www.microsoft.com/presspass/Features/2002/Jul02/07-http://www.microsoft.com/presspass/Features/2002/Jul02/07-01palladium.asp01palladium.asp
• TCPA / Palladium FAQTCPA / Palladium FAQhttp://www.cl.cam.ac.uk/%7Erja14/tcpa-faq.htmlhttp://www.cl.cam.ac.uk/%7Erja14/tcpa-faq.html
• TCPA and Palladium: Sony InsideTCPA and Palladium: Sony Insidehttp://www.kuro5hin.org/story/2002/7/9/17842/90350http://www.kuro5hin.org/story/2002/7/9/17842/90350
• TCPA and Palladium Technical AnalysisTCPA and Palladium Technical Analysishttp://wintermute.homelinux.org/miscelanea/TCPA%20Security.txthttp://wintermute.homelinux.org/miscelanea/TCPA%20Security.txt
• Palladium and the TCPAPalladium and the TCPAhttp://www.counterpane.com/crypto-gram-0208.htmlhttp://www.counterpane.com/crypto-gram-0208.html
• TCPA HomepageTCPA Homepagehttp://www.trustedpc.orghttp://www.trustedpc.org