Download - Microsoft palladium final.pptx
-
7/27/2019 Microsoft palladium final.pptx
1/25
INTERNAL GUIDE: Seminar By:
Mr. Mr.G.Shiva Krishna VINAY BOMMA
ROLL.NO:12M51D0517
M.TECH(CS)Department of Computer Science & Engineering
RRS COLLEGE OF ENGINEERING & TECHNOLOGY
-
7/27/2019 Microsoft palladium final.pptx
2/25
Palladium (Pd) is a set of new security-orientedcapabilities in Windows
Enabled by new hardwareGoal is to protect software from software
Defend against malicious software running inRing 0
Four categories of new security featuresSealed storageAttestationCurtained memory
Secure input and output
What is Palladium?
-
7/27/2019 Microsoft palladium final.pptx
3/25
Our OSs are designed for:FeaturesPerformance
Plug-ability/OpennessApplicationsDriversCore OS components
Ease of use, andSecurity
Contrast this with the design of asmartcard OS
Trusted Open Systems
-
7/27/2019 Microsoft palladium final.pptx
4/25
A virus/Trojan that launches somethingworse than a denial of service attack:
Trades a random stock (for mischief orprofit)Posts tax-records to a newsgroup
Orders a random book from Amazon.comGrabs user/password for the host/web-sites and posts them to a newsgroupPosts personal documents to a newsgroup
Nightmare Scenarios
-
7/27/2019 Microsoft palladium final.pptx
5/25
Trustworthy Computing Trustworthy: worthy of confidence.
Examples:
Credit card numbers that cant be stolen.
Personal diary that can only be written and viewed byyou or people you choose.
Someone is who she says she is.
There are currently ad-hoc solutions for some of these
concerns, Palladium seeks to solve them all.
-
7/27/2019 Microsoft palladium final.pptx
6/25
Who To Trust? Applications?
Operating systems can programmatically subvertapplications.
Operating System?Hardware can programmatically subvert operatingsystems.
Hardware?Humans can subvert hardware, but notprogrammatically.
So we have to start off trusting the hardware.
-
7/27/2019 Microsoft palladium final.pptx
7/25
Chain of Trust
We start off trusting the hardware and build up, thuscreating a chain of trust.
Hardware
Operating System
Applications
-
7/27/2019 Microsoft palladium final.pptx
8/25
Palladiums Goals
Usher in a new era of trustworthy computing byenabling the PC to:
Perform trusted operations
Span multiple computers with this trust
Create dynamic trust policies
Allow anyone to authenticate these policies
-
7/27/2019 Microsoft palladium final.pptx
9/25
How Palladium Will Do It
Specifically, Palladium will add four new securityfeatures that increase the trustworthiness of themachine:
Protected memory Attestation
Sealed storage
Secure input and output
It primarily does this through cryptographic keys andalgorithms.
-
7/27/2019 Microsoft palladium final.pptx
10/25
Hardware Extensions Security Support Component (SSC)
Secure communication channels for: I/O
Graphics
Network
Storage
Chipsets
CPU op-codes, registers, interrupts, and status bits
-
7/27/2019 Microsoft palladium final.pptx
11/25
Software Extensions Nexus
(the kernel)
shared source
Trusted agents
(the applications)
So what is this, a whole other operating system??
Well, sort of
-
7/27/2019 Microsoft palladium final.pptx
12/25
The New View
Two parallel operating systems? Not quite, the trusted kernel still relies on the
untrusted kernel for most of its functionality.
Kernel Mode
User ModeTrusted
User Mode
TrustedKernel Mode
-
7/27/2019 Microsoft palladium final.pptx
13/25
SSC/Nexus Interaction Sealed storage:
SSCs symmetric key, call it s
SSC hash of running Nexus kernel, call it h
Arbitrary data pointed to by pointer p
SSC implements two operations:c = SEAL(p)
p = UNSEAL(c)
Example implementation: SEAL: aes_encrypt(s+h, p) UNSEAL: aes_decrypt(s+h, p)
If either SSC or Nexus changes, cant retrieve data!
-
7/27/2019 Microsoft palladium final.pptx
14/25
Bringing It All Together
Closed sphere of trust:
-
7/27/2019 Microsoft palladium final.pptx
15/25
TCPA Trusted Computing Platform Alliance Group of companies (about 200)
Biggest players: Microsoft
Intel
Compaq
HP
IBM
Same goal as Palladium: trustworthiness
-
7/27/2019 Microsoft palladium final.pptx
16/25
All About the Hardware TCPA specification only for hardware
Its operating system agnostic
Complete TCPA 1.1b spec online One implementation of it in production machines
(one version of IBM Thinkpad)
Palladium uses some of the TCPA spec
-
7/27/2019 Microsoft palladium final.pptx
17/25
How Palladium Will Affect You
A Palladium PC will still run non-trusted apps
So everything you have now will still work
Palladium is opt-in You have to explicitly choose to use it
Signed binaries means less chances of a trojan or virusinserted into commonly used programs
-
7/27/2019 Microsoft palladium final.pptx
18/25
Your Information is Secure
All your personal information is stored on your homemachine, not on some companys server.
You control precisely who sees what and what they cando with it.
No more doctors new patient forms, no more filling
out credit card apps, etc.
-
7/27/2019 Microsoft palladium final.pptx
19/25
Digital Rights Management
Probably the biggest issue with Palladium
Palladium will enable the media companies to protecttheir content
Which raises some questions: So no more fair use?
Can I still pirate?
Fair use: probably not for the short term
Piracy: you can still do it on the non-trusted
side
-
7/27/2019 Microsoft palladium final.pptx
20/25
Open Source and Palladium Will operating systems like Linux still run on a
Palladium PC?
Definitely.
Not only will Linux still run, but it could in theory bemodified to have a Nexus
Thus it could run trusted apps
-
7/27/2019 Microsoft palladium final.pptx
21/25
No User Authentication User authentication is done through Windows
Ie, usual Windows logon
User is tied to the machine and its keys Everything encrypted with combination of machines
SSC and Nexus keys
Switching machines could be tedious
-
7/27/2019 Microsoft palladium final.pptx
22/25
3-Phase Deployment Plan Deploy in corporations
Use in internal networks
Make sure sensitive data isnt leaked
Get major media companies involved
Create trusted content and applications
End users/consumers Use the trusted apps and content
Distribute personal information
-
7/27/2019 Microsoft palladium final.pptx
23/25
Palladium is a hardware-based secure executionenvironment
Palladium processes are isolated from each other
by the hardwarePalladium processes can store & retrieve secretssecurely (based on their hash value)
The nexus provides an execution environment and
security/crypto-services to hosted agentsHardware provides crypto services to the nexusRecursively, the nexus provides these sameservices to agents running on top of it.
Summary
-
7/27/2019 Microsoft palladium final.pptx
24/25
Conclusion Palladium is a platform Enables ISVs to write trusted apps easily.
-
7/27/2019 Microsoft palladium final.pptx
25/25