01-03-2013, 12:03 PM
An Overview of Palladium
Palladium.ppt (Size: 359 KB / Downloads: 100)
What is Palladium?
Palladium (Pd) is a set of new security-oriented capabilities in Windows
Enabled by new hardware
Goal is to “protect software from software”
Defend against malicious software running in Ring 0
Four categories of new security features
Sealed storage
Attestation
Curtained memory
Secure input and output
Trusted Open Systems
Our OSs are designed for:
Features
Performance
Plug-ability/Openness
Applications
Drivers
Core OS components
Ease of use, and
Security
Contrast this with the design of a smartcard OS
Nightmare Scenarios
A virus/Trojan that launches something worse than a denial of service attack:
Trades a random stock (for mischief or profit)
Posts tax-records to a newsgroup
Orders a random book from Amazon.com
Grabs user/password for the host/web-sites and posts them to a newsgroup
Posts personal documents to a newsgroup
Palladium At 50,000 Feet: 1
How do you preserve the flexibility and extensibility that contributes so much to the entire PC ecosystem, while still providing end users with a safe place to do important work?
In particular, how can you keep anything secret, when pluggable kernel components control the machine?
Hardware Summary
CPU changes
MMU changes
Southbridge (LPC bus interface) changes
Security Support Component (SSC)
New chip on the motherboard (LPC bus)
Trusted USB hub
May be on motherboard, in keyboard, or anywhere in between
Trusted GPU
What Palladium Provides
Separate protected execution environment for applications (computing agents) that need higher security
Hardware-based memory isolation
Privileged services for these agents
Mostly cryptographic services
Agents can be
Standalone
Provide services to other applications
In the long term
“Project trust” into the main OS
Code Identity in Palladium
The Palladium security model assigns access rights to code identities
Palladium always knows what code is running in the right-hand side
Booting a nexus (security kernel) causes the SSC to compute the hash of the nexus and store it in a read-only register (PCR)
Change the nexus, change its identity
The nexus recursively provides similar features for notarized computing agents executing in trusted mode
Attestation
Attestation lets a remote client know what SW is running
OS / Nexus
Application
Client policy (virus checker, admin access, etc.)
Attestation is an authentication technology
But more than “simple signing”
Enables authentication of a software configuration (nexus, application process)
Summary
Palladium is a hardware-based secure execution environment
Palladium processes are isolated from each other by the hardware
Palladium processes can store & retrieve secrets securely (based on their hash value)
The nexus provides an execution environment and security/crypto-services to hosted agents
Hardware provides crypto services to the nexus
Recursively, the nexus provides these same services to agents running on top of it