Microsoft Palladium

Seminar on

MICROSOFT PALLADIUMPresented by:Prakash Ranjan PandaRegd. No.:12051060184th sem, MCA

Guided by:Ms. Rojalin

MallickDept. of CSA

COLLEGE OF ENGINEERING AND TECHNOLOGY, BBSR

CONTENTWhat is Palladium ?

Trustworthy Computing

Palladium’s Goal

Architecture of Palladium

TPM

NEXUS

USES

CONCLUSION

REFERENCE


A set of hardware and software extensions to make the PC more trustworthy.

Today’s apps will still run just fine.

You can disable Palladium extensions if you choose.

What exactly is trustworthy computing ?

What is Palladium ?


Trustworthy Computing

Trustworthy: worthy of confidence.Examples:

Credit card numbers that can’t be stolen. Personal diary that can only be written and viewed by you or people you choose.

Someone is who she says she is.There are currently ad-hoc solutions for some of these concerns, Palladium seeks to solve them all.


Whom to Trust ?

Applications ?Operating systems can programmatically subvert applications.

Operating System ?Hardware can programmatically subvert operating system.

Hardware ?Humans can subvert hardware, but not programmatically.

So we have to start off trusting the hardware.


Palladium’s Goal

Perform trusted operationsSpan multiple computers with this trust

Create dynamic trust policiesAllow anyone to authenticate these policies


How Palladium will do it ?Specifically, Palladium will add four new security features that increase the trustworthiness of the machine: Protected memory Attestation Sealed storage Secure input and output

It primarily does this through cryptographic keys and algorithms.


Palladium Architecture


App

OS

User

Kernel

How do you preserve the flexibility and extensibility that contributes so much to the entire PC ecosystem, while still providing end users with a safe place to do important work?

In particular, how can you keep anything secret, when pluggable kernel components control the machine?


AgentAgent

App

OS

User

Kernel

Sta

nd

ard

Tru

ste

d

Nexus

The solution: subdivide the execution environment by adding a new mode flag to the CPU.

The CPU is either in “standard” mode or “trusted” mode.

Pages of physical memory can be marked as “trusted.” Trusted pages can only be accessed when the CPU is in trusted mode.


User

Kernel

App

OS

Sta

nd

ar d

Tru

ste

d

Agent

Nexus

Agent

TPMPub/Pri KeysTrusted

GPUTrustedUSB Hub

Agents also need to let the user enter secrets and to display secrets to the user.

Input is secured by a trusted USB ‘hub’ and mouse that carries on a protected conversation with the nexus.

Output is secured by a trusted GPU that carries on a crypto-protected conversation with the nexus.

This gives us “fingertip-to-eyeball” security.COLLEGE OF ENGINEERING AND TECHNOLOGY, BBSR

Hardware Extension

Security Support Component (SSC)/Trusted Platform Module(TPM)

New chip on the Motherboard

Curtained MemoryAccessible to those application to which it belongs


Software Extension

Nexus (the kernel)shared source

Nexus Computing Agent(NCA) (the applications)


TPM

Trusted Platform Module

also called SSC - Security Support Component

Stores hardware secret key

Base of trust Cryptographic co-

processorCOLLEGE OF ENGINEERING AND TECHNOLOGY, BBSR

Component of TPM


The NEXUS

Essentially the kernel of an isolated software stack

runs alongside the existing OS software stack. not underneath it

Provides a limited set of applications and services for applications, including sealed storage and attestation functions.

Special processes that work with nexus are called “Agents”

Can run different nexuses on a machine But only one nexus at a timeCOLLEGE OF ENGINEERING AND TECHNOLOGY, BBSR

USES

Palladium could be used to implement very strong access controls on confidential documents.

Governments and other entities would love this.

A corporation could set up its documents such that they would only be readable on its PCs.

Documents could be set up with automatic expiration dates.


CONCLUSION

Palladium is a hardware as well as software-based secure execution environment

TPM is its hardware-based secure execution environment. Palladium processes are isolated from each other by the

hardware Palladium processes can store & retrieve secrets securely

The nexus provides an execution environment and security/crypto-services to hosted agents Hardware provides crypto services to the nexus Recursively, the nexus provides these same services to

agents running on top of it.COLLEGE OF ENGINEERING AND TECHNOLOGY, BBSR

REFERENCEhttp://www.microsoft.com/PressPass/features/2002/jul02/0724palladiumwp.asp

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/NGSCB.asp

http://www.activewin.com/articles/2002/pd.html

http://vitanuova.loyalty.org/2002-07-03.html

http://www.epic.org/privacy/consumer/microsoft/palladium.html

http://www.extremetech.com/article2/0,3973,837726,00.asp



Date post:	08-May-2015
Category:	Software
Upload:	suryakanta-rout
View:	692 times
Download:	2 times