|
L12-TCPA-PALLADIUM Datasheet, PDF (6/12 Pages) List of Unclassifed Manufacturers – TCPA and Palladium | |||
|
◁ |
6
Palladium
6 MOTIVATION
Brian LaMacchia of Microsoft talked about Palladium during the second half of the lecture. Brian
joined the Palladium team this May, having worked the past 3 years on the .NET Framework Security.
Before that, he worked at AT&T labs, performing research on policy regarding technologyâs impact
on society.
6 Motivation
What is Palladium?
Palladium (Pd) is a set of new security-oriented capabilities in Windows. Palladium is enabled by
new hardware. The goal is to âprotect software from software.â Protecting against hardware attacks
(dual ported memory, physically tampering with the PC, etc.) is not Palladiumâs goal. Palladiumâs
goal is to protect against malicious software.
Palladium is built on top of TCPA hardware and share some characteristics with TCPA, but is NOT
Microsoftâs implementation of TCPA.
Peter Biddle of Microsoft Research conceived of and started working on Palladium in 1997.
New Security Features
Palladium oï¬ers four categories of new security features.
1. Sealed Storage: seal oï¬ storage so that only some programs can get at it
2. Attestation: software and hardware makes a signed statement about some part of the process
stack
3. Curtained memory: the ability to segment the physical memory of the machine into standard
and trusted modes.
4. Secure Input/Output: user input (i.e. mouse, keyboard)/output (i.e. monitor) are encrypted
and thus cannot be sniï¬ed or spoofed
Sealed storage and attestation are characteristics shared with TCPA. Curtained memory and secure
I/O are not.
Trusted open systems
Currently, Windows operating systems are designed ï¬rst for features and performance, then for plug
and play and ease of use, and only last for security.
|
▷ |