NEW ORLEANS, May 7, 2003 — Security and privacy are two of the most important — and difficult — issues facing the computer industry. Improving the ability of software and hardware to protect the integrity of digital information and the privacy of computer users has become a critical focus for both software developers and hardware manufacturers. Last June, Microsoft introduced a new security technology, code-named
“Palladium”
at the time, that is designed to provide the foundation for a new approach to security and privacy in Windows. Now known as the Next-Generation Secure Computing Base (NGSCB) for Windows, this technology utilizes an innovative hardware and software design to protect against malicious software in order to enhance privacy, security, and system integrity and help insure that software acts in a way that customers can rely on.
Next-Generation Secure Computing Base (NGSCB): The traditional
”
left-hand side
”
of a computer’s chipset and CPU joins a new,
”
right-hand side
”
security computing chipset, designed to protect against malicious software while preserving Windows’ openness. Click image for high-resolution version.
In a feature article published on PressPass last July, Microsoft NGSCB Business Unit General Manager John Manferdelli provided a first look at the new technology, which employs a new security computing chip, along with design changes to a computer’s central processing unit (CPU), chipsets, and input and output devices, such as keyboards and the computers screen. With NGSCB, applications will run in a protected memory space that is highly resistant to software tampering and interference.
This week at the Windows Hardware Engineering Conference (WinHEC) 2003 in New Orleans, Microsoft is providing hardware partners with extensive information about NGSCB, how it works, and the opportunities could provide the computer-hardware industry. To learn more about NGSCB and find out about some of the developments that have occurred since last June, PressPass spoke with two members of two NGSCB team: Bryan Willman , who is a leading Microsoft Windows architect, and Peter Biddle , a product unit manager in the Security Business Unit, the group responsible for building NGSCB.
PressPass: Last summer, John Manferdelli explained that NGSCB relies on a combination of hardware and software, including a new security chip, that together will provide better security and privacy. Can you start by giving us an overview of basic principles that make this possible?
Willman: NGSCB delivers four fundamental components.
The first is something called
“attestation.”
Attestation is a bit like having a document notarized. Notary publics don’t say whether a document is good or bad; all they do is verify the identity of the person who signed it, and make sure the person signing it has read it. Attestation lets other computers know that your computer is really the computer it claims to be, and is running the software it claims to be running.
The second component is
“sealed storage,”
which allows the user to encrypt information so that it can only be accessed by a trustworthy application. This can include just the application that created the information in the first place, or any application that the user trusts
The third component is
“strong process isolation,”
which essentially acts like a bank vault. What we’ve done is carve out a secure area — what we call the
“right-hand side”
— which looks a lot like the regular CPU that you use to do normal, day-to-day computing, which we call the
“left-hand side.”
Today, computers only have a left-hand side. With NGSCB, operations that run on the right-hand side are protected and isolated from the left-hand, which makes them significantly more secure from attack.
The fourth component is secure input and output. With NGSCB, keystrokes are encrypted before they can be read by software and decrypted once they reach the right-hand side. That means that nobody can use malicious software to record and steal or modify your keyboards strokes. Secure output is similar. The information that appears onscreen can be presented to the user so that no one else can intercept it and read it.
Taken together, these things allow you to know with a very high degree of confidence that the software inside your computer is doing exactly what it is supposed to do.
PressPass: Why is that so important?
Biddle: With NGSCB, we believe that for the first time you will know for a fact that the piece of software you are talking to is the one it is supposed to be. Today, when two pieces of software talk to each other — for example, when you want to buy something online and your browser
“talks”
to an application on the site you’re visiting — you pretty much have to take the other computer’s word for it that it is actually the computer that you’re supposed to be communicating with. Additionally NGSCB enables you to be sure that there are no viruses or spyware running on your computer or that the computer you are communicating with cannot interfere with your communications. It opens the door to all kinds of secure transactions that just aren’t possible today.
PressPass: Can you give us some examples?
Willman: Suppose you run a pharmacy company. When you test a new drug, of course it’s bad if someone has a bad reaction to the drug, but it’s much worse if someone tampers with that data so that your results are skewed. That means it’s critical that all test data is entered accurately and no one tampers with it. NGSCB ensures that those files can’t be breached or modified in any way.
Here’s another example. If you and your doctor and your pharmacist are communicating about a medical condition you have, you want to be sure that the information you exchange is confidential and true. Today you probably wouldn’t want to do that online from your home computer because with all that software that you and your kids have loaded onto it, somewhere along they way it may have picked up a virus or two, so there’s no way to know for sure how safe your information is. With NGSCB you use the right-hand side, and no matter what is happening on the left-hand side, you can be sure that the data passed between you and your doctor and your pharmacist hasn’t been tampered with.
PressPass: Who will use NGSCB? Once it is available, what is the market for NGSCB computers?
Biddle: Because it is an enhancement to the Microsoft family of operating systems, it is ultimately for anyone who runs a computer using the Microsoft Windows operating system. But we expect that the first customers will be enterprises for whom the protection of intellectual property is vitally important. A lot of companies have information they need to keep secret — medical data, personnel and legal records, drug formulas, business plans. Worrying about protecting these types of information keeps people awake at night. With NGSCB, we’re building system from the ground up that will help answer many of their concerns. Because it can play such a strong role in protecting personal privacy, we expect that as the technology evolves, it will gradually become standard equipment for home users, as well.
PressPass: How does NGSCB help improve digital privacy for individual users?
Willman: Here’s an example. Say I buy something online. With NGSCB, I have a system where I can transmit data like my mailing address to a trusted application. The company I’m buying from uses that information to print a label and then deletes it. Because I have a trusted application, the company can be sure I’ve sent them a legitimate mailing address. And I can be sure that they will only use that information to send me the item I’ve bought, and they won’t do anything else with it.
Biddle: Privacy is a huge concern for us. Our No. 1 design goal has been security, because without security, privacy is impossible to preserve, and we’ve put huge amounts of work into NGSCB to ensure that it provides a real foundation for preserving privacy.
PressPass: As Microsoft has discussed NGSCB, you’ve been careful to emphasize that it is an evolutionary technology. Yet the capabilities it offers — real security and privacy — seem quite revolutionary.
Biddle: It’s evolutionary in the sense that while we’re offering capabilities that aren’t possible today, we’re also preserving backward compatibility so that everything that runs today on your PC will run on a computer that has NGSCB technology, including applications, device drivers, and everything else.
It’s also evolutionary in the sense that the concepts we’re incorporating have been around for a long time. Think of it this way — it’s not that we invented an entirely new cuisine. Rather, it’s like we sat down with some flour, yeast, tomatoes, and cheese, and invented pizza.
On the other hand, the capabilities that NGSCB offers are revolutionary. And the possibilities that it will open up for new ways to use computers will be revolutionary as well. As our partners start to use NGSCB and understand what it is and how it works, we think they’ll come up with thousands of new ideas. That’s what platforms are great for: they allow people to take a technology and use it as a springboard for incredible innovations that the people who invented the platform never thought about.
PressPass: Let’s shift gears a bit and talk about the developments that have occurred with NGSCB since last June.
Biddle: What we’ve done over the last year or so is turn the NGSCB concept into a working reality. In past year, we got a nexus — the operating system kernel software on the right-hand side — up and running for the first time. We’ve been able to put up a window that uses the trusted user interface graphics engine. We’ve been able to partition memory with the assistance of hardware so that one application is unable to access another NBSCB-hosted application.
Willman: Also, processor manufacturers have made great deal of progress. So have peripheral vendors, and we’ll have secure keyboards that we’re showing at WinHEC. Software has come along way, too, and we find new uses for NGSCB every day.
PressPass: NGSCB is a major focus at WinHEC 2003. Why now?
Biddle: For us, WinHEC is the premier hardware engineering event for the Windows system. It’s the annual event where we lay out a roadmap for our hardware partners that gives them a look at where we see Windows technology going for the next 18-24 months. Because we’re talking about software beta availability sometime next year, now is the right time to talk in more detail about NGSCB.
Willman: Now is a great time for hardware partners to begin to read the specs, ask questions, and adjust their business model to take advantage of it. If you are in the audience at WinHEC thinking this is great stuff and wondering if you have time to integrate into your products, you don’t have to run out of the room and scramble to start working on it. A year from now, if you haven’t gotten started, you’ll probably find yourself behind the curve. Now is the time to start working so you can build NGSCB functionality into your products without going into crisis mode.
PressPass: What are your goals for WinHEC? What is it that you want hardware partners to come away with?
Biddle: I think the key thing is that we want hardware partners to know that Microsoft understands the concerns that our customers have about security and privacy, that we have a solution that offers new features and news benefits, that we need them as an OEM or ISV to make this successful, and that there is real opportunity in it for them.
WinHEC is an opportunity for us to reveal in vastly greater detail what we’re doing with NGSCB, and to get feedback from our industry partners to learn what we can do to improve the technology. This is a real process, and we want people from across the hardware industry to participate and help us shape NGSCB so that it works for everyone.
PressPass: How important is NGSCB going to be for hardware manufacturers?
Willman: For hardware makers, this is qualitatively different. For years, hardware manufacturers have done a great job of making computers faster and cheaper. But — it’s getting harder and harder to differentiate PCs. With NGSCB, there can be a dramatic difference that will be very easy to see. When NGSCB computers become available, companies, governments, and individual users will be able to see that the new machines are significantly better at protecting secrets and preserving privacy. That should drive upgrades and enable hardware makers to charge a premium for their new products.
PressPass: When will NGSCB be available?
Biddle: We haven’t announced retail availability yet, except to say that it will be included in a future major Microsoft operating system release. What we can say now is that beta customers will be able to use NGSCB next year, that hardware makers will begin to introduce the computers and peripherals needed to take advantage of NGSCB, and that software developers will be able to begin developing new applications for this coming fall.