Microsoft Next-Generation Secure Computing Base

Q: What is the Next-Generation Secure Computing Base?

A: The Next-Generation Secure Computing Base (NGSCB), also referred to as "Palladium" is a new security technology for the Microsoft® Windows® platform. It will be included as part of an upcoming version of the Microsoft Windows operating system, code-named "Longhorn." NGSCB employs a unique hardware and software design to enable new kinds of secure computing capabilities to provide enhanced data protection, privacy and system integrity.

NGSCB will transform the PC into a platform that can perform trusted operations spanning multiple computers under a trust policy that can be dynamically created and whose integrity anyone can authenticate.

The technology being developed as part of NGSCB includes new software that will work on a new breed of PC hardware. This new architecture will provide unprecedented capabilities for enabling secure processing on the Microsoft Windows PC platform. In addition, it will preserve the flexibility and extensibility that contributes so much to today's PC ecosystem.

Microsoft is building base-level software components, including a new operating system module called a nexus that will enable secure interaction with applications, peripheral hardware, memory and storage. A nexus-aware PC will be designed to offer four categories of new security features:

• Strong process isolation. Users can wall off and hide pages of main memory so that each nexus-aware application can be assured that it is not modified or observed by any other application or even the operating system.

• Sealed storage. Information can be stored in such a way that only the application from which data is saved (or a trusted designated application or entity) can open it. With sealed storage, a nexus-aware application or module can mandate that the information be accessible only to itself or to a set of other trusted components that can be identified in a cryptographically secure manner.

• Secure path to and from the user. Secure channels allow data to move safely from the keyboard/mouse to nexus-aware applications, and for data to move from nexus-aware applications to a region of the screen.

• Attestation. Users have the ability to authenticate software or a combination of software and hardware. With attestation, a piece of code can digitally sign or otherwise attest to a piece of data and thus assure the recipient that the data was constructed by an unforgeable, cryptographically identified trusted software stack.

The Windows technologies that NGSCB introduces — the nexus and the special processes that the nexus commissions, called nexus computing agents (NCAs) — will offer a parallel execution environment to the traditional Windows kernel- and user-mode stacks. NGSCB creates a new environment that runs alongside the operating system, not underneath it.

A key goal in the development of NGSCB is to protect software from software-based attacks in the PC environment. In other words, NGSCB is designed to provide a set of features and services that a software application can use to defend against malicious code that might also be running on the machine, such as viruses running in the main operating system, keyboard sniffers or frame grabbers. This technology is not designed to provide defenses against hardware-based attacks that originate from someone in control of the local machine.

Q: What's new in NGSCB? What's the difference between NGSCB and Microsoft Windows today?

A: NGSCB extends the Windows operating system to provide a set of new secure computing capabilities. NGSCB will not change anything in Windows, but rather will sit beside with the regular Windows environment. To make NGSCB possible, both the software and the hardware will evolve. On the hardware side, the CPU, chipset, USB I/O and GPU hardware components will be redesigned, and a new component will be added, called the Security Support Component (SSC). On the software side, a new operating system component will be added, called the nexus, along with some associated code to enable the NGSCB environment. Collectively, this software comprises the trusted computing base (TCB) for NGSCB.

Q: How can I learn more about NGSCB ?

A: Microsoft will publish additional technical information about NGSCB as it makes progress. To be notified when this information is available, those interested can send e-mail to ngscb_qa@microsoft.com with "subscribe" in the subject line. Microsoft has established this announce-only mailing list to alert subscribers whenever new information has been posted to Microsoft.com.