Next-Generation Secure Computing Base

from Wikipedia, the free encyclopedia

The Next-Generation Secure Computing Base ( NGSCB ), formerly known as Palladium, is a software security framework from Microsoft that was launched in June 2002 as the successor to Palladium . It is an implementation of the controversial Trusted Computing technology.

In January 2003, the name was palladium due to numerous criticisms from the IT experts in public already so much "tarnished" ( Engl. For hazy), is that Microsoft for a less catchy name with lower keyword potential decided. In addition, other companies had already secured the naming rights.

Basic idea

The concept of the NGSCB, which was to be used for the first time in Windows Vista , results from a compromise that Microsoft has made: On the one hand, Windows should become an operating system that is as secure as possible , and on the other hand "old" software should continue to run. The solution is the Nexus , a second kernel that is "added" to the previous kernel. Unloading the Nexus during operation is also planned. After loading the Nexus, there are two restrictions, according to Microsoft: Computer programs are no longer allowed to access the entire RAM and the CPU can no longer switch to real mode .

Division of Windows

At this point in time (January 2004), according to Microsoft, some important design decisions in NGSCB development have not yet been made; thus the following statements are not to be regarded as immutable.

In the existing documents, Microsoft distinguishes between the insecure side with the "normal" Windows (LeftHandSide) and the safe side of the Nexus (RightHandSide).

The Nexus manages secure applications ( agents ) and TSPs ( Trusted Service Providers ) on the secure right side , which represent a (secure) counterpart to the services under Windows. Services and applications run in secure storage areas, but both are "normal" software. The Nexus simply sees it as safe and assumes that everything else (i.e. on the LeftHandSide) is unsafe. How it is ensured that these "safe" programs are also safe is still unclear. A certification model would be conceivable in which secure applications are checked for legitimacy .

Data from this insecure left side is transferred to the RightHandSide via a special driver on this LeftHandSide, the Nexus Manager. The Nexus then checks the data in the NAL (Nexus Abstraction Layer), the counterpart to the HAL ( Hardware Abstraction Layer ). If the data deviate from the expectations, they are already discarded here. In addition, the Nexus must protect itself and the entire RightHandSide from direct memory access (e.g. via bus master- capable devices).

NGSCB-Diagram.png

Necessary hardware

The price for downward compatibility: NGSCB requires a secure hardware environment. Input devices (currently only USB is provided), graphics card , chipset , CPU and a so-called Trusted Platform Module must be "secure". That means that they have to authenticate themselves on the computer. Existing devices cannot do this, which is why new hardware with corresponding new drivers is already being developed to guarantee the required security.

criticism

If there are unsecured components in the hardware of a PC equipped with the Trusted Platform Module , the applications not certified by Nexus may not work. In this way, PC users could be forced to use certain components to start the desired programs or to access information on their own system at all, which leads to one-sided vendor lock-in .

Critics complain that NGSCB was not developed for fundamentally more secure programs (“secure” in the sense of information security ) and protected data, but for the secure implementation of controversial systems for digital rights management (DRM). Although, according to Microsoft, this is not the main motivation for the development of the technology, this property is strongly emphasized in the patent applications.

Web links

Individual evidence

  1. ^ Corrosion on Microsoft's Palladium . heise online .
  2. Quietly from the operating system to the DRM system . Telepolis .
  3. ^ Q&A: Microsoft Seeks Industry-Wide Collaboration for "Palladium" Initiative
  4. Patent US6330670 : Digital Rights Management Operating System. Registered on January 8, 1999 .