08-08-2012, 09:52 AM
Microsoft Palladium
Microsoft palladium final.pptx (Size: 168.9 KB / Downloads: 46)
What is Palladium?
Palladium (Pd) is a set of new security-oriented capabilities in Windows
Enabled by new hardware
Goal is to “protect software from software”
Defend against malicious software running in Ring 0
Four categories of new security features
Sealed storage
Attestation
Curtained memory
Secure input and output
Trusted Open Systems
Our OSs are designed for:
Features
Performance
Plug-ability/Openness
Applications
Drivers
Core OS components
Ease of use, and
Security
Contrast this with the design of a smartcard OS
Nightmare Scenarios
A virus/Trojan that launches something worse than a denial of service attack:
Trades a random stock (for mischief or profit)
Posts tax-records to a newsgroup
Orders a random book from Amazon.com
Grabs user/password for the host/web-sites and posts them to a newsgroup
Posts personal documents to a newsgroup
Trustworthy Computing
Trustworthy: worthy of confidence.
Examples:
Credit card numbers that can’t be stolen.
Personal diary that can only be written and viewed by you or people you choose.
Someone is who she says she is.
There are currently ad-hoc solutions for some of these concerns, Palladium seeks to solve them all.
Palladium’s Goals
Usher in a new era of trustworthy computing by enabling the PC to:
Perform trusted operations
Span multiple computers with this trust
Create dynamic trust policies
Allow anyone to authenticate these policies
How Palladium Will Do It
Specifically, Palladium will add four new security features that increase the trustworthiness of the machine:
Protected memory
Attestation
Sealed storage
Secure input and output
It primarily does this through cryptographic keys and algorithms.
Microsoft palladium final.pptx (Size: 168.9 KB / Downloads: 46)
What is Palladium?
Palladium (Pd) is a set of new security-oriented capabilities in Windows
Enabled by new hardware
Goal is to “protect software from software”
Defend against malicious software running in Ring 0
Four categories of new security features
Sealed storage
Attestation
Curtained memory
Secure input and output
Trusted Open Systems
Our OSs are designed for:
Features
Performance
Plug-ability/Openness
Applications
Drivers
Core OS components
Ease of use, and
Security
Contrast this with the design of a smartcard OS
Nightmare Scenarios
A virus/Trojan that launches something worse than a denial of service attack:
Trades a random stock (for mischief or profit)
Posts tax-records to a newsgroup
Orders a random book from Amazon.com
Grabs user/password for the host/web-sites and posts them to a newsgroup
Posts personal documents to a newsgroup
Trustworthy Computing
Trustworthy: worthy of confidence.
Examples:
Credit card numbers that can’t be stolen.
Personal diary that can only be written and viewed by you or people you choose.
Someone is who she says she is.
There are currently ad-hoc solutions for some of these concerns, Palladium seeks to solve them all.
Palladium’s Goals
Usher in a new era of trustworthy computing by enabling the PC to:
Perform trusted operations
Span multiple computers with this trust
Create dynamic trust policies
Allow anyone to authenticate these policies
How Palladium Will Do It
Specifically, Palladium will add four new security features that increase the trustworthiness of the machine:
Protected memory
Attestation
Sealed storage
Secure input and output
It primarily does this through cryptographic keys and algorithms.