01-04-2011, 12:29 PM
MICROSOFT_PALLADIUM.doc (Size: 3.32 MB / Downloads: 165)
1.INTRODUCTION
"Palladium" is the code name for an evolutionary set of features
for the Microsoft® Windows® operating system. When combined with a
new breed of hardware and applications, these features will give
individuals and groups of users greater data security, personal privacy,
and system integrity. In addition, "Palladium" will offer enterprise
customers significant new benefits for network security and content
protection. This topic reveals the following:
•Examines how "Palladium" satisfies the growing demands of
living and working in an interconnected, digital world
•Catalogs some of the planned benefits offered by "Palladium"
Summarizes
"Palladium"
the
software
and
hardware
components
2.The Challenge: Meeting the Emerging Requirements
of an Interconnected World
Today's personal computing environment has advanced in terms of
security and privacy, while maintaining a significant amount of
backward compatibility. However, the evolution of a shared, open
network (the Internet) has created new problems and requirements for
trustworthy computing. As the personal computer grows more central to
our lives at home, work and school, consumers and business customers
alike are increasingly aware of privacy and security issues.
Now, the pressure is on for industry leaders to take the following actions:
•Build solutions that will meet the pressing need for reliability and
integrity
•Make improvements to the personal computer such that it can
more fully reach its potential and enable a wider range of
opportunities
•Give customers and content providers a new level of confidence in
the computer experience
•Continue to support backward compatibility with existing
software and user knowledge that exists with Windows systems
today
Together, industry leaders must address these critical issues to
meet the mounting demand for trusted computing while preserving the
open and rich character of current computer functionality.
3.The Solution: "Palladium"
"Palladium" is the code name for an evolutionary set of features
for the Microsoft Windows operating system. When combined with a
new breed of hardware and applications, "Palladium" gives individuals
and groups of users greater data security, personal privacy and system
integrity. Designed to work side-by-side with the existing functionality
of Windows, this significant evolution of the personal computer platform
will introduce a level of security that meets the rising customer
requirements for data protection, integrity and distributed collaboration.
Users implicitly trust their computers with more of their valuable
data every day. They also trust their computers to perform more and
more important financial, legal and other transactions. "Palladium"
provides a solid basis for this trust: a foundation on which privacy- and
security-sensitive software can be built.
There are many reasons why "Palladium" will be of advantage to
users. Among these are enhanced, practical user control; the emergence
of new server/service models; and potentially new peer-to-peer or fully
peer-distributed
service
models.
The
fundamental
benefits
of
"Palladium" fall into three chief categories: greater system integrity,
superior personal privacy and enhanced data security. These categories
are illustrated in Figure 1.
Figure 1: Windows-based personal computer of the future
a.Core Principles of the "Palladium" Initiative
Development of "Palladium" is guided by important business and
technical imperatives and assumptions. Among these are the following:
A "Palladium"-enhanced computer must continue to run any
existing applications and device drivers.
"Palladium" is not a separate operating system. It is based on
architectural enhancements to the Windows kernel and to computer
hardware, including the CPU, peripherals and chipsets, to create a new
trusted execution subsystem (see Figure 1).
"Palladium" will not eliminate any features of Windows that users
have come to rely on; everything that runs today will continue to run
with "Palladium."
In addition, "Palladium" does not change what can be
programmed or run on the computing platform; it simply changes what
can be believed about programs, and the durability of those beliefs.
Moreover, "Palladium" will operate with any program the user specifies
while maintaining security.
"Palladium"-based systems must provide the means to protect user
privacy better than any operating system does today.
"Palladium" prevents identity theft and unauthorized access to
personal data on the user's device while on the Internet and on other
networks. Transactions and processes are verifiable and reliable (through
the attestable hardware and software architecture described below), and
they cannot be imitated.
With "Palladium," a system's secrets are locked in the computer
and are only revealed on terms that the user has specified. In addition,
the trusted user interface prevents snooping and impersonation. The user
controls what is revealed and can separate categories of data on a single
computer into distinct realms.
Finally, the "Palladium" architecture will enable a new class of
identity service providers that can potentially offer users choices for how
their identities are represented in online transactions. These service
providers can also ensure that the user is in control of policies for how
personal information is revealed to others. In addition, "Palladium" will
allow users to employ identity service providers of their own choosing.
"Palladium" will not require digital rights management technology,
and DRM will not require "Palladium."
Digital rights management (DRM) is an important, emerging
technology that many believe will be central to the digital economy of
the future. As a means of defining rules and setting policies that enhance
the integrity and trust of digital content consumption, DRM is vital for a
wide range of content-protection uses. Some examples of DRM are the
protection of valuable intellectual property, trusted e-mail and persistent
protection of corporate documents.
While DRM and "Palladium" are both supportive of Trustworthy
Computing, neither is absolutely required for the other to work. DRM
can be deployed on non-"Palladium" machines, and "Palladium" can
provide users with benefits independent of DRM. They are separate
technologies. That said, the current software-based DRM technologies
can be rendered stronger when deployed on "Palladium"-based
computers.