Next-Generation Secure Computing Base

From Wikipedia, the free encyclopedia
Jump to: navigation, search
NGSCB essentially partitions the operating system into two discrete modes. Untrusted Mode consists of traditional applications, the Windows operating system, and its components. Trusted Mode is the environment introduced by NGSCB and consists of a new software component called the Nexus that provides NGSCB applications—Nexus Computing Agents—with security-related features.

The Next-Generation Secure Computing Base (NGSCB) (codenamed Palladium[1] and also known as Trusted Windows[2]) is a cancelled software architecture designed by Microsoft which aimed to provide users of the Windows operating system with better privacy, security, and system integrity.[3] NGSCB was the result of years of research and development within Microsoft to create a secure computing solution that equaled the security of closed architecture platforms, such as set-top boxes, while simultaneously preserving the backward compatibility, openness, and flexibility of the Windows operating system.[4][5] The primary stated objective with NGSCB was to "protect software from software."[4]

Part of the Trustworthy Computing initiative when unveiled in 2002, NGSCB was expected to be integrated with the Windows Vista operating system, then known by its codename "Longhorn."[1] NGSCB relied on hardware designed by members of the Trusted Computing Group to produce a parallel operation environment hosted by a new kernel called the "Nexus" that existed alongside Windows and provide new applications with features such as hardware-based process isolation, data encryption based on integrity measurements, authentication of a local or remote machine or software configuration, and encrypted paths for user authentication and graphics output.[3][6] NGSCB would also facilitate the creation and distribution of rights management policies pertaining to the use of information.[7]

The technology was the subject of much controversy during its development, with critics contending that it could be used to impose restrictions on users, enforce vendor lock-in, and undermine fair use rights and open-source software. NGSCB was first demonstrated by Microsoft in 2003 at the Windows Hardware Engineering Conference[8] before undergoing a revision in 2004 that would enable applications written prior to its development to benefit from its functionality.[9] In 2005, reports stated that Microsoft would scale back its plans so that the company could ship its Windows Vista operating system by its target date of 2006.[10] Development of NGSCB spanned more than half a decade before its cancellation,[5] one of the lengthiest development periods of a feature intended for the operating system.

NGSCB differed from other major features scheduled for Windows Vista, including Windows Presentation Foundation, Windows Communication Foundation, and WinFS, in that it was not built upon and did not prioritize .NET managed code during its development.[6][11] While the technology has not fully materialized, aspects of NGSCB have emerged in Microsoft's BitLocker full disk encryption feature, which can optionally use the Trusted Platform Module to validate the integrity of boot and system files prior to operating system startup,[3] the Measured Boot feature in Windows 8,[12] the certificate attestation features in Windows 8.1,[13] and the Device Guard feature of Windows 10.[14]

History[edit]

Early development[edit]

Peter Biddle speaks at the ETech conference in 2007.

Development of NGSCB began in 1997 after Peter Biddle conceived of new ways to protect content on personal computers.[1][15][16] Biddle would enlist the help of members from the Microsoft Research division during the development of the technology and other key contributors would eventually include Blair Dillaway, Brian LaMacchia, Bryan Willman, Butler Lampson, John DeTreville, John Manferdelli, Marcus Peinado, and Paul England.[17] Adam Barr, a former Microsoft employee who worked to secure the remote boot feature during development of Windows 2000, claimed that he was approached by Biddle and colleagues during his tenure with an initiative tentatively known as "Trusted Windows," which aimed to protect DVD content from being copied. To achieve this, Lampson proposed a hypervisor that would allow for the execution of a limited operating system dedicated to DVD playback alongside Windows 2000.[18] A patent for a digital rights management operating system was later filed in 1999 by DeTreville, England, and Lampson. While Microsoft is not known to have officially confirmed a relationship between NGSCB and the digital rights management operating system, one of the technology's architects, Butler Lampson, has stated that the patents pertain to NGSCB.[19] By 1999, the developers realized that the technology was far more applicable in the realms of privacy and security and the project was given the green-light in October 2001.[1][16][20]

During the 1999 Windows Hardware Engineering Conference, Microsoft discussed its intentions to create a new trusted architecture for its Windows operating system that leveraged new hardware components to promote trust and security while preserving backward compatibility with previous software.[21] On October 11, 1999, the Trusted Computing Platform Alliance, a consortium of various technology companies including Compaq, Hewlett-Packard, IBM, Intel, and Microsoft, was formed in an effort to promote trust and security in the personal computing platform.[22] The TCPA would release several detailed specifications for a trusted computing platform with focus on features such as code validation and encryption based on integrity measurements, hardware-based key storage, and machine authentication. These features required a new hardware component designed by the TCPA called the "Trusted Platform Module"—referred to as a "Security Support Component,"[7] "Security CoProcessor"[4] or "Security Support Processor"[4] in early Microsoft NGSCB documentation.

At WinHEC 2000, Microsoft released a technical presentation on the topics of protection of privacy, security, and intellectual property. This session, titled "Privacy, Security, and Content in Windows Platforms" focused mainly on turning Windows into a platform of trust designed to protect the privacy and security of individual users.[2] A similar presentation would later be shown during WinHEC 2001.[23] Unlike traditional rights management schemes which only protect certain types of data, NGSCB was designed to be egalitarian in that it regarded all data as being equally worthy of protection.[2][24]

As "Palladium"[edit]

In April 2002, Microsoft held its first design review for the NGSCB with approximately 37 different companies under a non-disclosure agreement.[16] In June, the technology was publicly unveiled under its codename "Palladium" in an article by Steven Levy for Newsweek that focused on its origin, design, and features.[25][26] Levy outlined many of the main features offered by NGSCB, including user authentication, user identification, data encryption, and access control policies pertaining to the use of information. As examples of policies that could be enforced by the technology, users could send e-mail messages accessible only by the intended recipient, or create Microsoft Word documents that could be read only a week after their creation date.[1] Around the time of this announcement, the company was not sure whether to "expose the feature in the Windows Control Panel or present it as a separate utility," but regardless of its location, the NGSCB hardware and software features would be turned off by default, thus making the technology an opt-in solution.[27]

In July, Microsoft PressPass interviewed John Manferdelli, who restated and expanded on many of the key points discussed in the article by Newsweek. Manferdelli also characterized the technology as an evolutionary set of enhancements for the Windows operating system.[20] In August, Microsoft posted a recruitment advertisement seeking a group program manager to provide vision and industry leadership in the development of several Microsoft technologies, including its NGSCB architecture.[28]

At the Intel Developer Forum in 2002, Paul Otellini announced Intel's plan to support NGSCB with the company's set of processor, chipset, and platform extensions codenamed "LaGrande"[29][30] which intended to provide a hardware foundation for all NGSCB components and capabilities and protect confidential user information from software-based attacks while preserving backward compatibility with previous software.[31]

As NGSCB[edit]

The technology was known by its codename "Palladium" until January 24, 2003 when Microsoft announced that it had been renamed as the "Next-Generation Secure Computing Base." According to NGSCB product manager Mario Juarez, the new name was chosen not only to reflect Microsoft's commitment to the technology in the upcoming decade, but also to avoid any legal conflict with an unnamed company that had already acquired the rights to the Palladium name. Juarez acknowledged that the previous name had been a source of controversy when it was announced, but denied that the decision to change the name was an attempt by Microsoft to dodge criticism.[32]

In April 2003, the Trusted Computing Platform Alliance was succeeded by the Trusted Computing Group.[33] One principal goal of the TCG was to produce a Trusted Platform Module specification compatible with Microsoft's NGSCB architecture as the previous specification, TPM 1.1, did not meet the requirements set forth for the technology.[16][34] The new specification, TPM 1.2, introduced a number of new features for trusted architecture platforms[35] and was designed to be compliant with Microsoft's NGSCB.[36] The first specification for TPM 1.2, Revision 62, was released by the Trusted Computing Group in Fall, 2003.[37]

In May 2003, Peter Biddle emphasized that support from hardware vendors and software developers was vital to the technology's success.[38] Microsoft released additional information and publicly demonstrated the technology for the first time at WinHEC 2003.[8][39][40] During the demonstration, NGSCB protected information from an attacker who attempted to access information resident in memory, denied access to and alerted users of an application that had been modified, and also thwarted an attempt by a remote administration tool to capture information from an instant messaging session.[41][42] Although Microsoft previously intended to demonstrate the technology on real hardware as opposed to using software emulation,[43] the demonstration relied on emulators as only a few of the requisite hardware components were available.[42] According to Peter Biddle, Microsoft's primary purpose for emphasizing the NGSCB during WinHEC 2003 was so that the company could acquire feedback and insight from its partners in the hardware industry and to prepare them for the technology. Biddle reiterated that the NGSCB was a set of evolutionary enhancements to the Windows operating system, basing this assessment on the fact that it preserved backward compatibility with previous programs and employed concepts that had been in use prior to its development, but stated that the new capabilities and scenarios that it enabled would be revolutionary.[44] At the conference, Microsoft also revealed its multi-year roadmap for NGSCB,[45] with the next major development milestone scheduled for the company's Professional Developers Conference.[42][46] The roadmap had also shown that subsequent versions would ship concurrently with pre-release builds of Windows Vista. However, reports suggested that the technology would not be integrated with the operating system upon its release, but would instead be made available as separate software.[47]

Details pertaining to adoption of the technology were also revealed, with officials stating that while NGSCB was intended to create a new value proposition for customers without significantly increasing the cost of personal computers, adoption during the year of its introductory release was not anticipated and immediate support for servers was not expected.[48][49] On the last day of the conference, Peter Biddle stated that the NGSCB needed to provide users with a way to differentiate between secure and unsecure windows, adding that a secure window should be "noticeably different" to help protect users from spoofing attacks.[47] WinHEC 2003 would represent an important milestone during the development of NGSCB. Microsoft would release several technical whitepapers and dedicate many hours of technical sessions,[50][51][52] and several suppliers including Atmel,[53] Fujitsu,[54] and SafeNet[55] would produce hardware for the demonstration of the technology.

In June 2003, Microsoft demonstrated the technology at U.S. campuses in California and in New York.[46][56]

NGSCB was among the topics discussed during Microsoft's PDC 2003 with a pre-beta software development kit, known as the Developer Preview, being distributed to attendees.[8] The Developer Preview was the first time that Microsoft made NGSCB code available to the developer community and was offered by the company as an educational opportunity for NGSCB software development.[57] With this release, Microsoft stated that it was primarily focused on supporting business and enterprise applications and scenarios with the first version of the NGSCB scheduled to ship with Windows Vista, adding that it intended to address consumers with a subsequent version of the technology, but did not provide an estimated time of delivery for this version.[6][57] At the conference, Jim Allchin said that Microsoft was continuing to work with hardware vendors so that they would be able to support the technology,[58] and Bill Gates expected a new generation of central processing units to offer full support.[59] Following PDC 2003, NGSCB was demonstrated again on prototype hardware during the annual RSA Security conference in November.[60]

Microsoft announced at WinHEC 2004 that it would revise its NSCB architecture in response to feedback from customers and independent software vendors who did not desire to rewrite their existing programs in order to benefit from its functionality.[9][61] The revised NGSCB would provide more direct support for Windows with compartmentalized environments for the operating system, its components, and applications.[62] After this announcement, there were reports that Microsoft planned to cease development of NGSCB;[63][64] the company denied these claims and reaffirmed its commitment to delivering the technology.[11][65] Reports published later that year suggested that the company would make additional changes based on feedback from the industry.[5]

In 2005, Microsoft's lack of continual updates on its progress with the technology had led some in the industry to speculate that it had been cancelled.[66] At the Microsoft Management Summit event, Steve Ballmer said that the company would build on the security foundation it had started with the NGSCB to create a new set of virtualization technologies for the Windows operating system.[67] During WinHEC 2005, there were reports that Microsoft had scaled back its plans for NGSCB in order to ship the post-reset Windows Vista operating system within a reasonable timeframe. Instead of providing compartmentalization features, the NGSCB would offer a feature known as "Secure Startup" (later renamed as "BitLocker Drive Encryption") that would utilize version 1.2 of the Trusted Platform Module to provide validation of pre-boot and operating system components, and disk volume encryption.[10][68] Microsoft planned to deliver other aspects of its NGSCB vision at a later date.[3]

Architecture and technical details[edit]

A complete Microsoft-based Trusted Computing-enabled system will consist not only of software components developed by Microsoft but also of hardware components developed by the Trusted Computing Group. The majority of features introduced by NGSCB are heavily reliant on specialized hardware and so will not operate on PCs predating 2004.

In current Trusted Computing specifications, there are two hardware components: the Trusted Platform Module (TPM), which will provide secure storage of cryptographic keys and a secure cryptographic co-processor, and a curtained memory feature in the Central Processing Unit (CPU). In NGSCB, there are two software components, the Nexus, a security kernel that is part of the Operating System which provides a secure environment (Nexus mode) for trusted code to run in, and Nexus Computing Agents (NCAs), trusted modules which run in Nexus mode within NGSCB-enabled applications.

Secure storage and attestation[edit]

At the time of manufacture, a cryptographic key is generated and stored within the TPM. This key is never transmitted to any other component, and the TPM is designed in such a way that it is extremely difficult to retrieve the stored key by reverse engineering or any other method, even to the owner. Applications can pass data encrypted with this key to be decrypted by the TPM, but the TPM will only do so under certain strict conditions. Specifically, decrypted data will only ever be passed to authenticated, trusted applications, and will only ever be stored in curtained memory, making it inaccessible to other applications and the Operating System. Although the TPM can only store a single cryptographic key securely, secure storage of arbitrary data is by extension possible by encrypting the data such that it may only be decrypted using the securely stored key.

The TPM is also able to produce a cryptographic signature based on its hidden key. This signature may be verified by the user or by any third party, and so can therefore be used to provide remote attestation that the computer is in a secure state.

Curtained memory[edit]

NGSCB also relies on a curtained memory feature provided by the CPU. Data within curtained memory can only be accessed by the application to which it belongs, and not by any other application or the Operating System. The attestation features of the TPM(Trusted Platform Module) can be used to confirm to a trusted application that it is genuinely running in curtained memory; it is therefore very difficult for anyone, including the owner, to trick a trusted application into running outside of curtained memory. This in turn makes reverse engineering of a trusted application extremely difficult.

Applications[edit]

NGSCB-enabled applications are to be split into two distinct parts, the NCA, a trusted module with access to a limited Application Programming Interface (API), and an untrusted portion, which has access to the full Windows API. Any code which deals with NGSCB functions must be located within the NCA.

The reason for this split is that the Windows API has developed over many years and is as a result extremely complex and difficult to audit for security bugs. To maximize security, trusted code is required to use a smaller, carefully audited API. Where security is not paramount, the full API is available.

One immediately notices the irony in the "extreme complexity and difficulty of audit" championed above. Department of Defense-sponsored computer security initiatives that began in the late 1970s recognized very early that, the more trustworthy a system, the more transparently engineered its trusted components must be. Extreme complexity stands in direct opposition to these requirements, as does inability fully to audit. Truly, one must even wonder about Microsoft's commitment and expertise when internal criticisms arise over "difficult[y] to audit for security bugs," since nowhere do any applicable criteria offer this raison d'etre to audit. Rather, audit is intended to capture all security-relevant operations transacted by the system; the very statement that concern arises because "security bugs will be difficult to audit," or some such, reflects a very tortured understanding of the purpose of audit and of the stricture with which the descriptor "secure" (in actuality, the descriptor "trusted") is assigned. Read another way, this concern seems to say, "This system can't be called secure, since the audit isn't comprehensive enough to capture evidence of the known (viz., a priori) security bugs."

Uses[edit]

NGSCB is meant as an implementation of Trusted Computing, its potential uses are therefore similar. Proponents claim that TC will make computers safer, less prone to viruses and malware, and thus more reliable from an end-user perspective. In addition, they also claim that Trusted Computing will allow computers and servers to offer improved computer security over that which is currently available.

Digital Rights Management[edit]

By utilizing the attestation, curtained memory and cryptographic features of the TPM, a secure form of Digital Rights Management (DRM) may be developed; critics charge that although it does not provide DRM features itself, DRM is nevertheless the primary motivation for the development of NGSCB.

DRM would be implemented by encrypting DRM-protected files and only making the decryption key available to corporate trusted applications. A wide range of copy-protection and similar features could thereby be implemented, limited only by the imagination. For example, it would be possible to create a file that can only be read on one computer, or within one organization, or a file that can only be opened for reading three times. While any DRM-protected file could be just as easily copied or read as an unprotected file, it would be extremely difficult to decrypt the file at an unauthorized destination, rendering it useless.

Network access[edit]

In corporate and educational networking environments, a desirable feature of NGSCB is the ability of each workstation to securely attest that no unauthorized modifications have been made either to its hardware or software. A workstation that is unable to authenticate itself can then be automatically denied access to some or all network services at will.

Criticism[edit]

NGSCB and Trusted Computing can be used to intentionally and arbitrarily lock certain users out from use of certain files, products and services, for example to lock out users of a competing product, potentially leading to severe vendor lock-in. This is analogous to, but worse than, a contemporary problem in which many businesses feel compelled to purchase and use Microsoft Word in order to be compatible with associates who use that software. Today this problem is partially solved by products such as OpenOffice.org which provide limited compatibility with Microsoft Office file formats. Under NGSCB, if Microsoft Word were to encrypt documents it produced, no other application would be able to decrypt them, regardless of its ability to read the underlying file format.

NGSCB and Trusted Computing are ineffectual at solving the majority of contemporary security problems, for example computer viruses and trojans.[citation needed] Despite this fact, Microsoft has in the past claimed that NGSCB was necessary to combat the threat of future virus outbreaks against Microsoft Windows users.[69] Microsoft is no longer making claims that NGSCB will solve these virus problems.[70]

Bruce Schneier in his Crypto-Gram Newsletter wrote[71]

"There's a lot of good stuff in Pd, and a lot I like about it. There's also a lot I don't like, and am scared of. My fear is that Pd will lead us down a road where our computers are no longer our computers, but are instead owned by a variety of factions and companies all looking for a piece of our wallet. To the extent that Pd facilitates that reality, it's bad for society. I don't mind companies selling, renting, or licensing things to me, but the loss of the power, reach, and flexibility of the computer is too great a price to pay."

Vulnerability[edit]

In an article in 2003, D. Boneh and D. Brumley indicated that NGSCB was vulnerable to timing attack.[72]

Availability[edit]

When originally announced, NGSCB was expected to be part of the then next major version of the Windows Operating System, Windows Vista (then known as Longhorn). However, in May 2004, Microsoft was reported to have shelved the NGSCB project.[73] This was quickly denied by Microsoft who released a press release stating that they were instead "revisiting" their plans.[74] The majority of features of NGSCB are now not expected to be available until well after the release of Windows Vista. However, Vista includes "BitLocker", which can make use of a Trusted Platform Module chip to facilitate secure startup and full-drive encryption. TPMs are already integrated in many systems using Intel's Core 2 Duo processors or AMD's Athlon 64 processors using the AM2 socket.[citation needed]

History of the name[edit]

Microsoft originally publicized the NGSCB technology under the code name Palladium, which was the word for a mythical talisman that guaranteed the security of Troy. Its working title was "Next-Generation Secure Computing Base," much as .NET's working title was "Next-Generation Windows Services." In early 2006, Microsoft renamed the NGSCB team at Microsoft to the System Integrity Team.

References[edit]

  1. ^ a b c d e Levy, Steven (24 June 2002). "The Big Secret". Newsweek. Retrieved January 30, 2015. 
  2. ^ a b c Microsoft. "Privacy, Security, and Content in Windows Platforms" (PPT). Retrieved January 30, 2015. 
  3. ^ a b c d Microsoft. "Shared Source Initiative Home Page". Retrieved January 30, 2015. 
  4. ^ a b c d Aday, Michael. "Palladium" (PDF). Microsoft. Retrieved January 30, 2015. 
  5. ^ a b c Fried, Ina (September 8, 2004). "Controversial Microsoft plan heads for Longhorn". CNET. CBS Interactive. Retrieved January 30, 2015. 
  6. ^ a b c Kaplan, Keith; Cram, Ellen (2003). "Next-Generation Secure Computing Base - Overview and Drilldown" (PPT). Microsoft. Retrieved January 30, 2015. 
  7. ^ a b Microsoft. "Next-Generation Secure Computing Base - Technical FAQ". Retrieved February 16, 2015. 
  8. ^ a b c "A Review of Microsoft Technology for 2003, Preview for 2004". News Center. Microsoft. December 15, 2003. Retrieved January 30, 2015. 
  9. ^ a b Evers, Joris (May 5, 2004). "WinHEC: Microsoft revisits NGSCB security plan". Network World. IDG. Retrieved January 30, 2015. 
  10. ^ a b Sanders, Tom (April 26, 2005). "Longhorn security gets its teeth kicked out". Incisive Media. Retrieved January 30, 2015. 
  11. ^ a b "Microsoft: Palladium is still alive and kicking". eWeek. QuinStreet. May 5, 2004. Retrieved January 30, 2015. 
  12. ^ Microsoft. "Secured Boot and Measured Boot: Hardening Early Boot Components against Malware" (DOCX). MSDN. Retrieved January 30, 2015. 
  13. ^ Microsoft (July 24, 2013). "What's Changed in Security Technologies in Windows 8.1". MSDN. Retrieved March 6, 2015. 
  14. ^ Thomson, Iain (April 23, 2015). "Windows 10 Device Guard: Microsoft's effort to keep malware off PCs". The Register. Situation Publishing. Retrieved April 25, 2015. 
  15. ^ Schoen, Seth (July 5, 2002). "Palladium summary". Archived from the original on August 2, 2002. Retrieved January 30, 2015. 
  16. ^ a b c d Merritt, Rick (July 15, 2002). "Microsoft scheme for PC security faces flak". EE Times. UBM plc. Retrieved January 30, 2015. 
  17. ^ LaMacchia, Brian. "An Overview of Palladium" (PPT). Microsoft. Retrieved February 17, 2015. 
  18. ^ Barr, Adam (July 9, 2002). "TCPA and Palladium: Sony Inside". Kuro5hin. Retrieved January 30, 2015. 
  19. ^ Lampson, Butler. "Cirriculum Vitae" (DOC). Microsoft. Retrieved January 30, 2015. 
  20. ^ a b "Q&A: Microsoft Seeks Industry-Wide Collaboration for Palladium Initiative". News Center. Microsoft. July 1, 2002. Retrieved January 30, 2015. 
  21. ^ Nash, Mike (2003). "Microsoft Directions In Security: Making It Real". Microsoft. Archived from the original (EXE) on August 8, 2003. Retrieved February 16, 2015. 
  22. ^ Gorman, Ray (October 11, 1999). "Compaq, Hewlett Packard, IBM, Intel, and Microsoft Announce Open Alliance to Build Trust and Security into PCs for e-business". IBM. Retrieved February 16, 2015. 
  23. ^ Microsoft (2001). "Privacy, Security, and Content Protection" (PPT). Retrieved January 30, 2015. 
  24. ^ Biddle, Peter. "Re: Privacy-enabling uses for TCPA - MARC". MARC. Retrieved May 1, 2015. 
  25. ^ Geek.com (June 24, 2002). "Palladium: Microsoft's big plan for the PC". Geek.com. Ziff Davis Media. Retrieved January 30, 2015. 
  26. ^ ExtremeTech (June 24, 2002). "Palladium: Microsoft Revisits Digital Rights Management". Ziff Davis Media. Retrieved January 30, 2015. 
  27. ^ Rooney, Paula (June 25, 2002). "Channel Positive About Microsoft Palladium Security Project". The Channel Company. Retrieved January 30, 2015. 
  28. ^ Lettice, John (August 13, 2002). "MS recruits for Palladium microkernel and/or DRM platform". The Register. Situation Publishing. Retrieved January 30, 2015. 
  29. ^ "Paul Otellini Keynote -- IDF Fall 2002". Intel. September 9, 2002. Retrieved February 16, 2015. 
  30. ^ Greene, Thomas (September 10, 2002). "Intel's new chip for security Renaissance". The Register. Situation Publishing. Retrieved February 16, 2015. 
  31. ^ Girard, Luke; Jones-Ferron, Mike (2003). "LaGrande Technology & Safer Computing Overview" (PDF). Archived from the original (PDF) on December 17, 2003. Retrieved March 6, 2015. 
  32. ^ Lemos, Robert (January 24, 2003). "What's in a name? Not Palladium". CNET. CBS Interactive. Retrieved January 30, 2015. 
  33. ^ Merritt, Rick (April 8, 2003). "New group aims to secure PCs, PDAs, cell phones". EETimes. UBM plc. Retrieved February 16, 2015. 
  34. ^ Biddle, Peter (August 5, 2002). "Re: Dangers of TCPA/Palladium" (TXT). Retrieved February 16, 2015. 
  35. ^ Heil, Stephen; Zeman, Pavel (2004). "TPM 1.2 Trusted Platform Module And Its Use In NGSCB". Microsoft. Archived from the original (PPT) on August 27, 2006. Retrieved February 21, 2015. 
  36. ^ "Privacy-Enabling Enhancements in the Next-Generation Secure Computing Base". Microsoft. 2003. Archived from the original (DOC) on December 28, 2005. Retrieved February 21, 2015. 
  37. ^ Trusted Computing Group. "Trusted Computing Group - TPM Main Specification". Retrieved February 21, 2015. 
  38. ^ Fisher, Dennis (May 5, 2003). "Microsoft to Get More Control of the PC?". eWeek. QuinStreet. Retrieved January 30, 2015. 
  39. ^ Lemos, Robert (May 6, 2003). "Microsoft shows off security prototype". CNET. CBS Interactive. Retrieved January 30, 2015. 
  40. ^ Bekker, Scott (May 6, 2003). "Palladium on Display at WinHEC". Redmond Magazine. 1105 Media Inc. Retrieved January 30, 2015. 
  41. ^ Hachman, Mark (May 7, 2003). "Microsoft Demos NGSCB Rights Scheme". ExtremeTech. Ziff Davis Media. Retrieved January 30, 2015. 
  42. ^ a b c Evers, Joris (May 7, 2003). "Microsoft turns to emulators for security demo". Network World. IDG. Retrieved January 30, 2015. 
  43. ^ Evers, Joris (March 26, 2003). "Microsoft plans Palladium demo in May". Computer World. IDG. Retrieved January 30, 2015. 
  44. ^ Microsoft (May 7, 2003). "At WinHEC, Microsoft Discusses Details of Next-Generation Secure Computing Base". Retrieved January 30, 2015. 
  45. ^ Foley, Jo Mary (April 8, 2003). "Microsoft To Do More Than Just Demo 'Palladium'". PC Magazine. Ziff Davis Media. Retrieved January 30, 2015. 
  46. ^ a b Krill, Paul (June 19, 2003). "Microsoft readies kit for security initiative". InfoWorld. IDG. Retrieved January 30, 2015. 
  47. ^ a b Kanellos, Michael (May 8, 2003). "Microsoft: A separate look for security". CNET. CBS Interactive. Retrieved January 30, 2015. 
  48. ^ Evers, Joris (May 8, 2003). "WinHEC: Microsoft expects slow adoption for NGSCB". InfoWorld. IDG. Retrieved January 30, 2015. 
  49. ^ Evers, Joris. (May 9, 2003). "WinHEC: Palladium for servers a long way out". InfoWorld. IDG. Retrieved January 30, 2015. 
  50. ^ Microsoft (2003). "Trusted Platform Technologies". Windows Hardware Engineering Conference. Archived from the original on June 20, 2003. Retrieved January 30, 2015. 
  51. ^ "Microsoft's Longhorn 3D UI - More Info Emerges". ExtremeTech. Ziff Davis Media. May 9, 2003. Retrieved January 30, 2015. 
  52. ^ Bennett, Amy (May 2, 2003). "Microsoft to get technical on Longhorn and Palladium". ITWorld. IDG. Retrieved January 30, 2015. 
  53. ^ Business Wire (May 7, 2003). "Atmel and Microsoft Demonstrate New Secure USB Keyboard Prototype at WinHEC 2003". Retrieved January 30, 2015. 
  54. ^ Linden, Marielle (May 6, 2003). "Fujitsu Components and Comodo Demonstrate the Future of Secure Input at WINHEC 2003". Fujitsu. Retrieved January 30, 2015. 
  55. ^ SafeNet (May 6, 2003). "SafeNet Supplies Encryption Technology to Microsoft for its Next-Generation Secure Computing Base Demonstration". Retrieved January 30, 2015. 
  56. ^ Evers, Joris (June 12, 2003). "Microsoft takes 'Palladium' on tour". InfoWorld. IDG. Retrieved January 30, 2015. 
  57. ^ a b Evers, Joris (October 30, 2003). "Developers get hands on Microsoft's NGSCB". NetworkWorld. IDG. Retrieved January 30, 2015. 
  58. ^ "Speech Transcript – Jim Allchin, Microsoft Professional Developers Conference 2003". News Center. Microsoft. October 27, 2003. Retrieved January 30, 2015. 
  59. ^ Lettice, John (October 28, 2003). "NGSCB, aka Palladium, in next generation of CPU, says Gates". The Register. Situation Publishing. Retrieved January 30, 2015. 
  60. ^ "Microsoft Details New Security Innovations at RSA Conference 2003, Europe". News Center. Microsoft. November 4, 2003. Retrieved January 30, 2015. 
  61. ^ Sanders, Tom (May 6, 2004). "Microsoft shakes up Longhorn security". Incisive Media. Retrieved January 30, 2015. 
  62. ^ Biddle, Peter (2004). "Next-Generation Secure Computing Base". Microsoft. Archived from the original (PPT) on August 27, 2006. Retrieved January 30, 2015. 
  63. ^ Bangeman, Eric (May 5, 2004). "Microsoft kills Next-Generation Secure Computing Base". Ars Technica. Condé Nast. Retrieved January 30, 2015. 
  64. ^ Rooney, Paula (May 5, 2004). "Microsoft shelves NGSCB project as NX moves to center stage". The Channel Company. Retrieved January 30, 2015. 
  65. ^ Thurrott, Paul (May 7, 2004). "WinHEC 2004 Show Report and Photo Gallery". Supersite for Windows. Penton. Retrieved January 30, 2015. 
  66. ^ Evers, Joris (February 24, 2005). "Silence Fuels Speculation on Microsoft Security Plan". PCWorld. IDG. Retrieved January 30, 2015. 
  67. ^ Microsoft (April 20, 2005). "Steve Ballmer: Microsoft Management Summit". Retrieved January 30, 2015. 
  68. ^ Lemos, Robert (April 26, 2005). "Microsoft reveals hardware security plans, concerns remain". SecurityFocus. Symantec. Retrieved January 30, 2015. 
  69. ^ "MS blames PC architecture for viruses". Retrieved 2007-05-24. 
  70. ^ "Microsoft Next-Generation Secure Computing Base - Technical FAQ". Retrieved 2007-05-24. 
  71. ^ Crypto-Gram Newsletter August 15, 2002
  72. ^ "Boneh Publications: Remote timing attacks are practical". Retrieved 2014-09-22. 
  73. ^ "Microsoft Shelves NGSCB Project As NX Moves To Center Stage". Archived from the original on 2007-03-11. Retrieved 2007-05-24. 
  74. ^ "Microsoft: 'Palladium' Is Still Alive and Kicking". Retrieved 2007-05-24. 

External links[edit]