- 1. Microsoft Windows Vista: Beta Preview Rob Bergin Senior
Systems Engineer Emerging Technologies [email_address]
2. Session Outline
- Many Faces of Vista (7 versions)
- Bill Gates WinHEC presentation
-
- Longhorn (next-gen Windows)
-
- Windows virtualization futures
3. Ars Technicas Versions 1-6
-
- It will limit users to three concurrent applications, and
provide only basic TCP/IP networking, and won't be suitable for
most games.
-
- the next-generation of Media Center capabilities, including
support for HDTV, DVD authoring, and even DVD ripping backed up (of
course) by Windows DRM
- Windows Vista Professional Edition
-
- support for non-Microsoft networking protocols and AD
Domains
-
- includes a networked backup solution
-
- Virtual PC integration, encrypt an entire volume of
information
4. Ars Technicas Versions #7
- Ultimate Edition (per Paul Thurrott)
-
- Thebest operating systemever offered for a personal PC,
optimized for the individual. Windows Vista Ultimate Edition is a
superset of both Vista Home Premium and Vista Pro Edition, so it
includes all of the features of both of those product
versions,
-
-
- Game Performance Tweakerwith integrated gaming
experiences,
-
-
- Podcast-like creation utility (under consideration, may be
cut),
-
-
- online "Club" services (exclusive access to music, movies,
services and preferred customer care)
-
- Microsoft is still investigating how to position its most
impressive Windows release yet, and is looking into offering
Ultimate Edition owners such services
-
-
- extendedA1 (anti-virus/anti-spyware )subscription
-
-
- preferred product support
5. John Dvoraks Versions
-
- Bringing back Microsoft Bob
- Microsoft VistaPorn Edition
-
- All the great porn sites would be pre-bookmarked. The screen
savers and wallpaper would be all porn all the time. For users at
work, there would be a built-in "boss" key capability that would
switch the machine to a faux Enterprise edition.
- Microsoft VistaKitchen Edition
-
- a rugged kitchen edition with a file system specifically suited
to storing recipes and videos of Jacques Pepin cooking his way
- Microsoft Vista Gamer Case-Mod Edition
-
- the OS could control flashing lights inside the machine or make
the disk-drive light blink wildly. It can be ultraoptimized for
games. Perhaps Microsoft could return to the efficient DOS code for
that! 64-bit architecture
6. John Dvoraks Versions
- Microsoft Vista for Desperate Housewives
-
- Hey, wait--that's a TV show. There would be a copyright
problem." Not if it's a testmarketed, licensed product and sold
specifically to fans of the show, not to mention actual desperate
housewives.
- Microsoft Vista for Costco Customers
-
- For the multi-PC house, an eight-pack!
- Microsoft Vista Linux Distro Edition
-
- Actually be MS-Linux with the same GUI as Vista
- Microsoft Vista OS-X Special Edition
-
- This would be a version that looked and felt exactly like OS-X,
in case OS-X for the x86 gets into the wild and starts spreading.
Microsoft can say it's already been there and done that with
OS-XP.
7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22.
Windows Vista Brief overview 23. Longhorn
- Codename for the next major version of Windows
- Major release (although most technologies have been seen
before)
- Currently in alpha technical previews
- Due for release 2006? (when ready!)
-
- e.g. Windows XP Service Pack 2
24. Longhorn Architecture Presentation Storage Communication
Base Operating System Services Avalon WinFS Indigo Location Service
Hardware Abstraction Layer Framework Models Kernel Mode Desktop
Services Desktop Window Manager Presentation ObjectManager Desktop
Composition Engine Animation and Composition Media Services
Document UI Media Hardware Rendering Media Processing Capture
andSourcing Software Rendering and Sinks Windows Forms Adaptive UI
Engine Page/Site Composition Personalization & Profiling
Services Membership andSecurity Services ASP.NET Health Monitoring/
Recovery Engine CLR Transactions Storage Protocols Networking
Network Services Base Class Libraries Memory Manager Hosting Layer
Code Execution Loader Security Serialization Lightweight
Transaction Manager Transaction Coordinator Kernel Transaction
Manager Common Logging File System Transacted File System Process
Manager Security ReferenceMonitor LPC Facility Memory Manager Power
Manager Config. Manager Plug and Play Kernel File System Cache IO
Manager NTFS FAT 16/32 Filter Engine TPC, UDP IPV4, IPV6 IPSEC QOS
HTTP Listener Internet Connection Firewall Demand Activation and
Protocol Health PNRP Native WIR SIP TCP Listener UDP Listener IPC
Listener Network Class Library GDI/GDI+ Window Manager Global
AudioEngine DirectX Graphics Graphics drivers DDI Input Manager
Audio Drivers DirectXGraphics Mini port Redirections .. WIR NDIS ..
Device andFile System Drivers Services Schemas Data Model ADO.NET
Synchronization (WinFS, Win32..) InfoAgent (PreferenceRules..)
FileSystem Services (MetaDataHandlers..) Contacts Media Documents
.. Items Relationships Extensions ObjectSpaces DataSet SQL XML
Providers Objects T/SQL XML Collaboration Connector Communications
Manager (Port) Transport Channels (IPC, HTTP, TCP) Message Exchange
Channels (Stream, Reliable) Common Services (Router, Queue, Topic)
Policy Engine Channel SecurityProvider PeopleGroups Controls
Signaling Remoting PeerStore Schedules 25. WinFX Client Application
Model Avalon Windows Forms Web & Service Application Model
ASP.NET / Indigo Win FS Compact Framework Yukon Mobile PC Optimized
System.Help System.Drawing System.NaturalLanguageServices Data
Systems Application Model Presentation Data Mobile PC & Devices
Application Model Communication Command Line NT Service DataSet
Mapping ObjectSpaces ObjectSpace Query Schema Item Relationship
Media Audio Video Images System.Messaging System. Discovery
System.DirectoryServices System.Remoting System.Runtime.Remoting
Active Directory Uddi System.Web.Services Web.Service Description
Discovery Protocols System.MessageBus Transport Port Channel
Service Queue PubSub Router System.Timers System.Globalization
System.Serialization System.Threading System.Text Base &
Application Services Fundamentals System.ComponentModel
System.CodeDom System.Reflection System.EnterpriseServices
System.Transactions Security System.Windows. TrustManagement
System.Web. Security System.Message Bus.Security Authorization
AccessControl Credentials Cryptography System.Web.Configuration
System.MessageBus.Configuration System.Configuration
System.Resources System.Management System.Deployment
System.Diagnostics Configuration Deployment/Management
System.Windows System.Windows System.Windows.Forms System.Console
System.ServiceProcess System.Windows.Forms System.Web
System.Storage System.Data.SqlServer Animation Controls Control
Design Panel Controls Dialogs SideBar Notification System.Windows
Documents Text Element Shapes Shape Ink UI Element Explorer Media
System.Windows.Forms Forms Control Print Dialog Design
System.Web.UI Page Control HtmlControls MobileControls WebControls
Adaptors Design Extension InteropServices System.Runtime
System.Location System.Collections Generic System.Search
Annotations Monitoring Logging Relevance System.Data SqlClient
SqlTypes SqlXML OdbcClient OleDbClient OracleClient Core Contact
Location Message Document Event System.Storage System.Web
Personalization Caching SessionState System.Xml Schema
Serialization Xpath Query Permissions Policy Principal Token
System.Security System.Collaboration RealTimeEndpoint
TransientDataSession SignalingSession Media Activities
HttpWebRequest FtpWebListener SslClientStream WebClient System.Net
NetworkInformation Sockets Cache System.Web Administration
Management Navigation Peer Group Policy Serialization
CompilerServices Recognition System.Speech Synthesis Management 26.
Windows Vista Aero Interface/Shell/GUI 27. 28. 29. 30. Windows
Vista WinFS 31. WinFS Is
- All end-user data lives in Longhorn
- New user experience in Longhorn Shell
- A trustworthy place to store data
- Data model built on relational database technology
- Filesystem capabilities built on NTFS
- Everyday Information - domain-specific schemas
- Services that make data active
32. WinFS Data Model
-
- The new atomic unit of data
-
-
- Items have subsumed Files
-
-
- Copy, put in Folders, etc.
-
- A group of simple and complex types that represent data
-
-
- Defined in a schema, arrangedin types
-
- Structured, Semi-Structured,and, Opaque
-
- Explicitly relate Items together
-
-
- E.g.; Author binds Document to Contact
-
- Schema can model complex items
-
- Containment, reference, embedding, categories, etc.
-
- Provide ability to add new data to existing Item types
Core WinFS Items Relationships Extensions Filesystem
Srvcs(Handlers, ) Operations Data Model NTFS Relational Engine
Services People Documents InfoAgent(Rules, ) Synchronization
(WinFS, ) Schemas XML APIs T/SQL Objects Framework Models 33. WinFS
Schemas
- Windows Everyday Information
-
- Documents, Messages, Annotations, Notes
-
- Media, Audio, Video, Images
-
- Events, Appointments,Locations, UserTask
-
- SystemTasks, Config, Programs
-
- Developers can define owndata shape
Core WinFS Items Relationships Extensions Filesystem
Srvcs(Handlers, ) Operations Data Model NTFS Relational Engine
Services People Documents InfoAgent(Rules, ) Synchronization
(WinFS, ) Schemas XML APIs T/SQL Objects Framework Models 34.
Example Example < Property Name ="PersonalNames Type ="MultiSet
MultiSetOfType="FullName Nullable="true"> < RelationshipType
Name ="Employment BaseType="WinFS.Relationship AllowsHolding="true
AllowsEmbedding="false AllowsReference="true"> WinFS Schema
ItemId Name Addresses Street City State Zip Street City State Zip
Street City State Zip IrisScan FirstName LastName Table View of
Person NTFS stream ItemId Name Addresses Street City State Zip
Street City State Zip Street City State Zip IrisScan FirstName
LastName Table View of Person NTFS stream 35. Longhorn And
Filesystems
- Files can live solely in an NTFS volume
-
-
- E.g., C:Windows is in NTFS
-
- Volume can be mounted on down level machine
-
-
- E.g., Firewire drive on both XP and Longhorn
- Items can live solely in WinFS
-
-
- Accessible through standard Win32 APIs
-
-
- Metadata Handlers get data in and out of file streams
-
- User data moved into WinFS
-
-
- I.e., C:Documents and Settings
-
- Has Import/Export utilities
36. WinFS Services Synchronization
- Synchronize one WinFS with another
-
- Keep My Contacts and My Files in sync across my home
machines
- Synchronize WinFS with other data sources
-
- Keep My Contacts in sync with online email contacts, enterprise
CRM, etc.
Core WinFS Items Relationships Extensions Filesystem
Srvcs(Handlers, ) Operations Data Model NTFS Relational Engine
Services People Documents InfoAgent(Rules, ) Synchronization
(WinFS, ) Schemas XML APIs T/SQL Objects Framework Models 37.
Synchronization Overview
-
-
- Replicas make changes independently
-
- Net-change synchronization
-
-
- Looking at cumulative changes, not logs
-
- A set of common services for all data sources and all
schemas
-
-
- Change tracking, change enumeration, conflict handling,
etc.
-
-
- Granularity of change units is declared in the WinFS
schemas
-
- Custom conflict resolution handlers
-
-
- Extend the system conflict policies with code
-
-
- Outside datasources for one way or bidirectional
synchronization
38. Synchronization Manager 39. WinFS Services InfoAgent
- Users want to control how their PCs behave
-
- Its called apersonalcomputerafter all
-
- Every aspect of the system can be personalized
- InfoAgent enables rich,flexible customization
-
- When I receive a high priority email from a customer, show me a
popup message if Im at my desk, otherwise forward it to my cell
phone
-
- When I download new photos from my camera, relates them to the
events on my calendar
Core WinFS Items Relationships Extensions Filesystem
Srvcs(Handlers, ) Operations Data Model NTFS Relational Engine
Services People Documents InfoAgent(Rules, ) Synchronization
(WinFS, ) Schemas XML APIs T/SQL Objects Framework Models 40.
Notifications And InfoAgent
- Active Data Subscribe to WinFS changes
- Item change subscriptions
- Item Domain containment/query subscriptions
- Inclusive set of events, contexts,and actions
- Preferences stored as WinFS items
- Unified management of notification rules
Actions Preferences Events Contexts 41. Longhorn Microsoft Shell
42. Microsoft Shell
- Foundation for task-based management
- Focused on power users and admins
Solution: MSH Problem 43. Longhorn Deployment 44. ClickOnce
Vision
- Bring theease&reliabilityof web application deployment
toclient applications.
45. The Best of the Client & Web Y Per-Machine/Shared
Components Y Y Install/Run Per-User Y Y Windows Shell Integration Y
Y Low System Impact Y Y No Touch Deployment Y Unrestricted InstallY
Y Offline Y Y Rich / Interactive Y Reach MSI Client Click Once Web
46. Install Goals
-
-
- Ex. App file copy, start menu integration, etc
-
-
- Can always undo what was installed
- Disallow whats not low impact
-
-
- Apps never run with admin rights (LUA)
-
-
- Driver registration, COM objects, etc..
-
-
- Custom actions; large source of install uncertainty
- Expand the definition of low impact
-
-
- Requires OS Changes.Starts withLonghorn
47. Deployment Options
-
- Start Menu, Add/Remove Programs
-
- App launches but doesnt install
-
- No Start Menu, Add/Remove Programs
48. Update Options
-
- If found, ask user to update app
-
- If found, ask user to update on next run
-
- Integrate update experience into app
-
- Update can specify minimum version required
-
- Updates drizzle in silently like Windows Updates
49. Secure Updates
- Only the original deployer can update
-
- No auto-deployment of viruses
-
- Deployer key needed to publish updates
50. Longhorn Web Apps
-
- Install UI built into browser
-
- Best possible user experience
-
- Leverages Avalon app/navigation model
-
- No shell presence (ex. Start Menu shortcut)
-
- App automatically installs as its used
51. When Should I Use The Windows Installer (MSI) ?
- ClickOnce is the solution for new self-contained
applications
-
- Rich Interactive applications
- Use Windows Installer if you need to
-
- Install Win32 Applications
-
- Perform custom actions during installation
52. ClickOnce And Windows Installer (MSI) * MSI applications can
be authored for low system impactY Per-Machine/Shared Components Y
Y Install/Run Per-User Y Y Windows Shell Integration Y* Y Low
System Impact Y No Touch Deployment Y Unrestricted InstallY Y
Offline Y Y Rich / Interactive MSI Client Click Once 53. Windows
Installer Basics .MSI
-
- Populated by setup developer
-
- Described inrelational tables
Features Components Shortcuts Action Files OptionalInternal CAB
SummaryInformation Assemblies Pointers tosource files Other
Tables... 54. Windows Installer Basics .MSP
- MSP is a Windows Installer patch package
- Patches make changes to the configuration information database
and resources (files, registry)
- Patch package (MSP) contains
-
- Summary Information Stream
55. Windows Installer v4.0 MSI 40
-
- MSI will support new Longhorn shell extension manifest
- No-Reboot support for setup / updates
-
- MSI detects processes holding files in use
-
- Sends notification to processes
-
- Design your applications to save state, shutdown and
resume
56. Windows Installer v4.0 Image Based Setup
- Longhorn uses a new Image Based Setup model
-
- Minimizes number of images
-
- Deployment of Windows + Applications is faster
-
- Images can be maintained, serviced &modified
offline/online
- MSI applications can be deployed with Images
-
- FASTOEM property is used by major OEMs to speed up factory
floor setup
-
- Files copied with the OS image
-
- Installation and configuration are done on first boot
57. Longhorn Identity 58. The Identity System
- Ubiquitous store, development platform for applications that
consume identity
-
- Built on WinFS storage subsystem ( CLI201 )
-
- Schema for unified representation of identity
-
- API with specialized types, methods for principals
- Providesrecognition between principals
-
- Bootstrap and manage recognition between people, computers,
groups, organizations
-
- Extends Windows security services, can be used by existing
applications
- Principals can be serialized, exchanged using document we call
an Information Card
59. What is an Information Card?
- Exchangeable identity statement allowing verification of
signature
Display name Identity claims Disclosed information Certificate
Use policy
-
- For a person:email address
-
- For organization:web site
- Data I choose to disclose
-
- Local account:self-signed
-
- Domain account:signed by CA in Active Directory
60. How Are Information Cards Used?
- Information Cards are used to managesecure digital
relationshipswith people and organizations
- When an Information Card is imported, it becomes a contact in
the contact explorer
-
- Can be recognized using Windows security services (SSPI)
-
- Can be granted access to shared spaces
- Will seek broad adoption of Information Card, encourage others
to implement
61. 62. Identity-Based Host Firewall
- Only people you recognize and to whom granted access can make
inbound connections to your computer
- Other callers see IPSEC negotiation port, nothing else
- Greatly reduces exposed attack surface of a Windows computer on
a network
63. Authentication Versus Authorization
- Accepting an Information Card does not grant a contact access
to the computer
-
- Recognition only clear separation of authentication,
authorization
-
- A contact must have no implicit access
- To revoke someones access to computer
-
- Remove from access policies on resources
-
- Optionally, delete contact object, no longer recognize that
person
-
- Person to Person - WinFS Sync with Castles
-
- Organisation to Organisation
64. Tracking Disclosed Information
- Identity system tracks Information Card disclosure
-
- To whom Information Cards were sent
-
- What information was sent
- If information changes, can selectively or automatically send
updates
-
- Updates signed thus known to be from you, can process
automatically at destination
-
- For example:your mailing address changes automatically update
magazine subscriptions
65. Roaming
- Within home:Castle replicates data
-
- Credentials, data stored in Active Directory
-
- Download to Identity System on clients
- To arbitrary other computers
-
- Identity system data can be backed up, encrypted, and stored in
vault in cloud
- Can also use combination smartcardstorage dongle for any of the
above
66. Identity Loss and Recovery
- What happens if your computer dies?
-
- If a Castle, data is on other computer(s)
-
- Or, restore from system backup
- Mechanisms used for roaming can also apply to recovery
-
- Download from vault in cloud or fromActive Directory
67. Identity Theft
- What if computer, smart dongle is stolen?
-
- Send signed revocation message to people you have sent an
Information Card
-
- If backup in cloud vault, service could send revocation for
you, like canceling credit card
-
- Bootstrap replacement identity using disclosure information
from backup
- How know if identity has been stolen?
-
- How discover this today?For example, by checking credit card
statement
-
- May need similar mechanisms online
68. Longhorn Trustworthiness and SecurityUser Account Protection
69. Trustworthy Commitment
-
- Thousands of hours spent in security reviews on .NET Framework
to date
-
- Foundstone, @Stake security reviews
- Hardening the .NET Framework
- Making Security Easier for Customers
-
- Prescriptive Architectural Guidance
-
- Feature changes in .NET Framework
SECSYM: Security Symposium ARC340: CLR Under the Covers: .Net
Framework Application Security 70. User Account Protection
- Users will be least-privilege
- Any activity will prompt for credentials
- OS X currently using this
- Admin accounts will be exempt
- Limited User Account (LUA)
71. Other features
- Virtual registry (no changes to registry)
- Firewall shuts down when not patched
- Hardened Windows Services
-
- Can be restricted from replacing system files
-
- Can be restricted from touching registry
- Network Access Protection
-
- Quarantine until patched or AV protected
- Move away from passwords toward Smart Cards, PINs,
biometrics
72. Right Privilege At TheRight Time
- User accounts (Only two account types)
-
- Normal users runs with least-privileged
-
- Admin users runs with least-privileged
-
-
- Admin applications need privilege elevation
-
-
- Only trusted applications get to run withelevated
privilege
73. What Is The Secure Execution Environment?
- A new platform for secure applications
- Code written to the SEE is inherently more secure because only
safe operations are possible within it
- Security restrictions are enforced by CLR
- Permission Elevation is possible in a declarative and
predictable way, and there is a user experience.
- The SEE is simply a default grant set of Code Access Security
permissions
74. Why Code To The SEE?
- Deploy without Trust Dialogs!
- You know that your code cannot harm users machine
-
- Business:admin doesnt have to worry about what the code might
do.
-
- Home:SEE app cannot harm your machine
75. Limited User Account(LUA) Protected Admin (PA) Application
Impact Management 76. LUA Problem Statement
- Running with elevated privilege leads to disasters
-
- One reason why viruses can cause damaged is because too many
people run with full privilege
-
- Wash Post even is telling us to run without privilege
-
- Every Admin tells us they want to limit users, but
- Most people demand to run as admin because:
-
- Rich web experience, dependant on ActiveX installation,
currently requires admin privilege
-
- If we dont run as admin, stuff breaks
-
- Testing is really easy when everyones an admin!
-
- Everything works including malicious code!
- Customers want tools and help
-
- Please help us to get applications that run with Least
Privilege
-
- Win98 & XP users are admin, so apps are built for
admin
-
- This is the vicious circle that we must break
77. LUA The Good And The Bad
- Long term: we will greatly improve the TCO and Secure by
Deployment story with Limited User
- LUA apps have no legitimate reason to ask for admin
privilege
- Good LUA apps do not try to change system or domain state they
work on XP today as LUA
- Bad LUA apps (the majority) inadvertently change system
state
- Short term: some LUA apps will not be fixable by Application
Impact Management
-
- The target is to have only 20% of apps in this category
-
- The expected behavior is that these apps will fail for
Longhorn
78. Three Customers For LUA
- Fully locked down corporations
-
- Lots of research shows that the enterprise admin wants this
feature
-
- Reduce number of apps loaded
- Admins that need a safe place to run apps
-
- Should have the least privilege needed by app
- At Home where the admin wants to increase security
-
- Parental controls, so that the child uses only age-appropriate
apps
-
- User self lockdown to protect PC from security problems
79. LUA In Longhorn
- All applications will have a manifest listing the application
parts
-
- Enabling Windows to provide a safe environment for the
application to run.
-
- All applications will undergo a Trust Evaluation
- Contain applications to limit potential damage
- Create Compartments where code can run
-
- Least-privileged User Account (LUA)
-
-
- Most apps can run with user privileges in user space
-
-
- Apps run in LUA space by default in LH
-
- Admin Privilege (Protected Admin)
-
-
- Only trusted applications will run with admin privilege in
admin space
-
-
- Admins will not enable PA if LUA is not useful
80. App Operations Full Admin Apps SEE Apps Built for LUA Apps
Fixable AdminLUA Apps (AIM) 81. Code Validation Process
- All code validation is a human decision
-
- Publishers can get signed app manifest (need to be in cert
store)
-
- Domain admins can sign deployment manifest (enterprise
store)
-
- Local admins can bless apps
-
- By policy user can decide to change default behavior
- All local validation decisions are preserved in App
Context
- Code Integrity is assured by checking every .EXE and .DLL for
validity
- Application trust is assured at Runtime
82. Application Impact Management And LUA/PA
- All system impact changes are logged for potential rollback on
uninstall
- LUA & Admin apps will have their impactful registry writes
monitored as well
- Apps are given their own view of certain files &
regkeys
83. User Experience Goals
- Longhorn is Secure by Default yet the system is as flexible and
easy to use as Windows XP
- Users know when they are about to do something potentially
unsafe and are able to make an informed decision
-
- Longhorn always gives strong Security recommendations
-
- Users can undo damaging changes
- Users feel confident they can install or run any program
without compromising their data or their PCs
-
- They feel that, compared to previous versions of Windows,
Longhorn is much safer.
-
- They trust Longhorn more than any other OS
- Users do not need to learn any major new concepts or procedures
to be protected
84. Other Big Changes
- Winlogon is being rewritten for Longhorn
-
- Addressing reliability issues - too many unnecessary processes
in Winlogon
-
- Addressing performance issues - too many unnecessary components
loaded in Winlogon
- Winlogon in Longhorn will no longer support replaceable GINAs,
new mechanisms provide existing functionality
-
- New, simpler Credential Provider model
85. Longhorn Next Generation Secure Computing Base 86. Next
Generation Secure Computing Base Defined
- Microsofts Next-Generation Secure Computing Base (NGSCB) is a
new security technology for the Microsoft Windows platform
-
- Uses both hardware and software to protect data
-
- Offers new kinds of security and privacy protections in an
interconnected world
87. Threats Mitigated in V1
-
- Strong process isolation prevents rogue applications from
changing our data or code while it is running
-
- Sealed storage verifies the integrity of data when unsealing
it
-
- Sealed storage prevents rogue applications from getting at your
encrypted data
-
- Attestation enables you to verify that you are dealing with an
application and machine configuration you trust
-
- Secure path enables you to be sure that youre dealing with the
real user, not an application spoofing the user
88. Version 1 Details
- Fully aligned with Longhorn
-
- Ships as part of Longhorn
-
- Betas and other releases in synch with and delivered with
Longhorns
- Focused on enterprise applications
-
- Internal applications for viewing secure data
-
- Trusted Computer Group
(https://www.trustedcomputinggroup.org/home)
-
- Memory protection (AMD and Intel Prescott CPUs)
89. TPM 1.2 User Kernel Hardware Secure Input Chipset CPU Secure
Video NGSCB Nexus-Mode Nexus NAL Agent NCA Runtime Library Trusted
UI Engine (TUE) TSP TSP TSP Agent Agent Main OS USB Driver
Nexus-Mode (RHS) Nexus NexusMgr.sys HAL NAL User Apps. Agent NCA
Runtime Library Trusted UI Engine (TUE) TSP TSP TSP Agent Agent
Standard-Mode (std-mode / LHS) 90. Nexus Mode Environment
- Basic Operating System Functions
-
- Process and Thread Loader/Manager
-
- Security Reference Monitor
-
- Interrupt handling/Hardware abstraction
- But not a complete Operating System
-
- No Kernel Mode/Privileged Device Drivers
- Kernel mode has no pluggables
-
- All of the kernel loaded at boot and in the PCR
91. NGSCB Features
- All NGSCB-enabled application capabilities build off of four
key features
- The first three are needed to protect against malicious
code
- Attestation breaks new ground in distributed computing
-
- Subjects (software, machines, services) can be securely
authenticated
-
- This is separate from user authentication
92. Summary
- NGSCB ships as part of Longhorn
- NGSCB is a combination of
-
- New hardware which creates a secure environment for
-
- A new kernel, called the Nexus, which
-
- Will run agents in a secure memory partition, and which
-
- Will provide these agents with security services so that they
can
-
- Provide users with trustworthy computing
-
- When the Nexus is turned off, literally everything runs just
like before
-
- When the Nexus is on, the LHS runs very close to everything
that ever ran
-
- The Nexus makes no claims about what runs on the LHS
-
- The hardware should run any Nexus, and give full function to
any Nexus (with, at most, an admin step by the user)
-
- The Nexus will run any software the user tells it to
93. Longhorn Questions 94. Sources
- Longhorn Development Centre
-
- http://msdn.microsoft.com/longhorn/
-
- https://www.trustedcomputinggroup.org/home