Trustworthy Computing From Fingertips to Eyeballs: Roundtable Highlights Fundamental Shift in Approaches to Secure and Private Computing

EDITORS’ UPDATE, January 25, 2003
— Microsoft has discontinued use of the code name


Palladium.

The new components being developed for the Microsoft
®
Windows
®

Operating System, which are described in this article under the code name


Palladium,


are now referred to as the Next-Generation Secure Computing Base for Windows.

LAS VEGAS, Nov. 18, 2002 — Openness and flexibility have long been central tenets of software and hardware design. Hardware manufacturers want to create devices that run with a variety of operating systems and applications, and getting those systems to work together is a major goal of businesses and users around the world.

The benefits of this approach are so clear and substantial, that only in the past couple of years has the industry been able to step back and realize the potential pitfalls of interoperability. Now, as digital devices, applications and Web services make their way into nearly every aspect of everyday life, security and privacy have moved to the forefront of industry dialog.

At a roundtable discussion today in Las Vegas — during COMDEX Fall 2002 — Microsoft convened a panel of experts to discuss the company’s efforts to unite the industry in the cause of Trustworthy Computing, the idea that both hardware and software should be engineered with security and privacy at the core of their design.

The idea represents a fundamental shift in the way computers and software have been built for decades. But according to Craig Mundie, senior vice president and chief technical officer of advanced strategies and policy at Microsoft, it is vital to the future of the industry that hardware, software and services companies adopt a comprehensive, methodical approach to ensuring security, privacy, reliability and business integrity.

“As businesses, we have an incentive to address the issues of security and privacy in a way that our market will accept,”
Mundie said.
“We feel that the potential for new technologies to have an impact on productivity is the same for the foreseeable future as it has been for the past five to 10 years. But unless our customers feel comfortable with the security of their valuable information, they will grow increasingly reticent to adopt those new technologies.”

According to Mundie, the goal of Microsoft’s Trustworthy Computing initiative is to build systems that are secure at their core. The Holy Grail for this effort is an era where computing is so secure that trust in the security of digital devices becomes a given.

“When we achieve our goal of truly trustworthy computing, we will be past the point where security issues are criteria for sales,”
he said.
“We will be at the point where we are with the telephone or electricity — where it just works and users don’t even have to think about it. The security within devices, applications and operating systems will be invisible.”

During the roundtable, Mundie outlined Microsoft’s decade-long vision to achieve the goal of
“invisible”
security. Microsoft’s renewed emphasis on security began with Microsoft Chairman and Chief Software Architect Bill Gates’ now-famous, companywide security memorandum in early 2001. The first phase of the involved halting design and development efforts across product groups, while developers were schooled in building fundamentally secure code.

“The next phase involves intercepting several products in mid-development and building in new approaches to security,”
Mundie said.
“And as we move into the third phase, we will be developing within our products a fundamental architecture to maintain that chain of trust.”

Labeled by Microsoft as
“Designed for Trust,”
the second phase of the initiative is being realized this year with the releases of Windows XP Service Pack 1, Windows .NET Server 2003, and several Web security standards, which begin the building of a much more robust security framework into the Windows environment.

The third phase, dubbed
“Architected for Trust,”
is expected to come to fruition in products and technologies currently on the drawing board, such as the next version of Windows, codenamed
“Longhorn,”
and an initiative dubbed
“Palladium”
that will provide a new set of features for the Windows operating system that will work in concert with new types of hardware and software to provide additional security services to PCs.

According to Palladium Product Unit Manager Peter Biddle, the project takes into account not only the software aspects of security, but the changes that hardware manufacturers must make to ensure truly secure computing.

“Palladium is the code name for core components of the Windows operating system that combine hardware and software to ensure system integrity and information protection,”
Biddle said.
“For example, today anyone can look into a graphics card memory, which is obviously not good if the memory contains a user’s banking transactions or other sensitive information. Part of the focus of ‘Palladium’ is on providing that security from fingertip to eyeball, so what you type and what you see on your monitor cannot be compromised.”

The ability to provide
“curtained”
memory — or pages of memory that are walled off from other applications and even the operating system to prevent surreptitious observation — as well as the ability to provide security along the path from keyboard to monitor are two of four categories of security features to be provided by ‘Palladium,’ Biddle said.

“The technology will also attest to the reliability of data, and provide sealed storage, so valuable information can only be accessed by trusted software components,”
he said.

The goal of
“Palladium”
is to help protect software from software, according to Biddle. It provides a set of features and services that applications can use to defend against malicious software such as viruses,
“sniffers”
and other obtrusive elements. It is designed to work independently of the operating system, so users will have complete control in ensuring the integrity of their information.

It is this control that provides the critical counterbalance to the
“invisibility”
of security systems.
“Users are going to have to become more engaged and aware of the security decisions they are making,”
Mundie said.
“And we are going to have to measure our progress over time. But when users understand the security measures in place, and fundamentally trust their systems to carry out these security preferences, we’ll be there.”

Related Posts