palladium intro
TRANSCRIPT
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 1/24
Presented by:
K.NEEHARIKA(08H91A0530)GOKUL INSTITUTE OF TECHNOLOGY AND SCIENCES
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 2/24
What is Palladium? A set of hardware and software extensions to make the
PC more trustworthy.
Todays apps will still run just fine. You can disable Palladium extensions if you choose.
W hat exactly is trustworthy computing?
Good question
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 3/24
Trustworthy Computing Trustworthy: worthy of confidence.
Examples:
Credit card numbers that cant be stolen.
Personal diary that can only be written and viewed by you or people you choose.
Someone is who she says she is.
There are currently ad-hoc solutions for some of these
concerns, Palladium seeks to solve them all.
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 4/24
Who To Trust? Applications?
Operating systems can programmatically subvert
applications.
Operating System? Hardware can programmatically subvert operating
systems.
Hardware? Humans can subvert hardware, but not
programmatically.
So we have to start off trusting the hardware.
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 5/24
Chain of Trust W e start off trusting the hardware and build up, thus
creating a chain of trust.
Hardware
Operating System
Applications
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 6/24
Palladiums Goals Usher in a new era of trustworthy computing by
enabling the PC to:
Perform trusted operations Span multiple computers with this trust
Create dynamic trust policies
Allow anyone to authenticate these policies
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 7/24
How Palladium Will Do It Specifically, Palladium will add four new security
features that increase the trustworthiness of themachine: Protected memory
Attestation
Sealed storage
Secure input and output
It primarily does this through cryptographic keys andalgorithms.
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 8/24
Hardware Extensions Security Support Component (SSC)
Secure communication channels for:
I/O Graphics
Network
Storage
Chipsets
CPU op-codes, registers, interrupts, and status bits
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 9/24
Software Extensions Nexus
(the kernel)
shared source
Trusted agents
(the applications)
So what is this, a whole other operating system??
Well, sort of«
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 10/24
The New View
Two parallel operating systems?
Not quite, the trusted kernel still relies on theuntrusted kernel for most of its functionality.
Kernel Mode
User ModeTrusted
User Mode
Trusted
Kernel Mode
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 11/24
SSC/Nexus Interaction Sealed storage: SSCs symmetric key, call it s
SSC hash of running Nexus kernel, call it h
Arbitrary data pointed to by pointer p SSC implements two operations:
c = SEAL(p)
p = UNSEAL(c)
Example implementation: SEAL: aes_encrypt(s+h, p)
UNSEAL: aes_decrypt(s+h, p)
If either SSC or Nexus changes, can¶t retrieve data!If either SSC or Nexus changes, can¶t retrieve data!
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 12/24
Bringing It All Together Closed sphere of trust:
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 13/24
TCPA Trusted Computing Platform Alliance
Group of companies (about 200)
Biggest players: Microsoft
Intel
Compaq
HP
IBM
Same goal as Palladium: trustworthiness
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 14/24
All About the Hardware TCPA specification only for hardware
Its operating system agnostic
Complete TCPA 1.1b spec online One implementation of it in production machines
(one version of IBM Thinkpad)
Palladium uses some of the TCPA spec
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 15/24
How Palladium Will Aff ect You A Palladium PC will still run non-trusted apps
So everything you have now will still work
Palladium is opt-in You have to explicitly choose to use it
Signed binaries means less chances of a trojan or virusinserted into commonly used programs
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 16/24
Your Information is Secure All your personal information is stored on your home
machine, not on some companys server.
You control precisely who sees what and what they cando with it.
No more doctors new patient forms, no more filling
out credit card apps, etc.
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 17/24
Digital Rights Management Probably the biggest issue with Palladium
Palladium will enable the media companies to protecttheir content
W hich raises some questions: So no more fair use?
Can I still pirate?
Fair use: probably not for the short termFair use: probably not for the short term
Piracy: you can still do it on the nonPiracy: you can still do it on the non--
trusted sidetrusted side
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 18/24
Open Source and Palladium W ill operating systems like Linux still run on a
Palladium PC?
Definitely. Not only will Linux still run, but it could in theory be
modified to have a Nexus
Thus it could run trusted apps
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 19/24
No User Authentication User authentication is done through W indows
Ie, usual W indows logon
User is tied to the machine and its keys Everything encrypted with combination of machines
SSC and Nexus keys
Switching machines could be tedious
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 20/24
3-Phase Deployment Plan Deploy in corporations
Use in internal networks
Make sure sensitive data isnt leaked
Get major media companies involvedGet major media companies involved
Create trusted content and applicationsCreate trusted content and applications
End users/consumersEnd users/consumers Use the trusted apps and contentUse the trusted apps and content
Distribute personal informationDistribute personal information
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 21/24
Conclusion Palladium is a platform
Enables ISVs to write trusted apps easily.
First version in future version of W
indows Sometime around 2005 or 2006
W ill it work? W ho knows. Microsoft hopes so.
Do you want it to work? There are good and bad outcomes of it.
Its a personal decision.
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 22/24
Palladium Links Microsoft Palladium: A Business Overview
http://www.microsoft.com/PressPass/features/2002/jul02/0724palladiumwp.asp
Microsoft NGSCB Technical FAQ
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/NGSCB.asp Palladium Details
http://www.activewin.com/articles/2002/pd.shtml MicrosoftMeeting on Palladium
http://vitanuova.loyalty.org/2002-07-03.html
EPICs Palladium Coveragehttp://www.epic.org/privacy/consumer/microsoft/palladium.html InsideMicrosofts Secure OS Project Palladium
http://www.extremetech.com/article2/0,3973,837726,00.asp MIT Palladium Presentation
http://www.cryptome.org/palladium-mit.htm
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 23/24
More Palladium Links Interview with PalladiumsMario Juarez
http://www.digitalidworld.com/modules.php?op=modload&name=Ne ws&file=article&sid=74&mode=&order=0
Q&A: Palladium Initiative
http://www.microsoft.com/presspass/Features/2002/Jul02/07-01palladium.asp TCPA / Palladium FAQ
http://www.cl.cam.ac.uk/%7Erja14/tcpa-faq.html TCPA and Palladium: Sony Inside
http://www.kuro5hin.org/story/2002/7/9/17842/90350
TCPA and Palladium Technical Analysishttp://wintermute.homelinux.org/miscelanea/TCPA%20Security.txt Palladium and the TCPA
http://www.counterpane.com/crypto-gram-0208.html TCPA Homepage
http://www.trustedpc.org
8/3/2019 Palladium Intro
http://slidepdf.com/reader/full/palladium-intro 24/24
Q uestions?