Report: Microsoft plans security chip for next Windows
- 25 June, 2002 07:42
Microsoft wants to change the fundamental architecture of the PC, adding security hardware to a future release of its Windows operating system, the company acknowledged Monday, after a media report and an analyst briefed by the company said as much.
The Redmond, Washington, company wants future PCs to contain a security technology called Palladium, and is in discussion with Intel Corp. and Advanced Micro Devices Inc. to develop the chips, according to a report in the July 1 issue of Newsweek magazine published Sunday on the MSNBC Web site. Microsoft owns a stake in MSNBC.
Palladium "is really about security, privacy and system integrity," said Mario Juarez, group product manager for the content security business unit at Microsoft. "We're talking here about rearchitecting the PC platform."
The new architecture, as described by Juarez, would see a new security chip used for encryption added to PCs, along with new APIs (Application-Program Interfaces) created to allow programs to be written to take advantage of Palladium, he said. Palladium may also cover chipsets, graphics processors and USB (Universal Serial Bus) input/output systems, he said.
Though Intel and AMD have been involved in design discussions to ensure that Palladium will work with existing processor architectures, it is too early to say whether they will manufacture the encryption chip, Juarez said. Other companies have also been involved in the design of the system and will continue to be part of the process, he said.
Palladium will create a secure space within a PC in which users will be able to run applications and store data, he said. The secure space will not be accessible to the rest of the PC, meaning that a virus infecting the non-Palladium part of the computer would not make its way into the secure area, Juarez said.
The timeframe for Palladium's inclusion into Windows is unsure for now, as the initiative is only in its early stages, he said.
Among possible applications of the technology are authentication of communications and code, data encryption, privacy control and digital rights management (DRM), according to the Newsweek report. Microsoft was awarded a U.S. patent on a "digital rights management operating system" in December 2001, though Juarez could not definitely say that that patent was directly related to Palladium.
The system is comprised of three components, an authentication system, hardware chips and software, called the "nub," that handles the security tasks, according to Martin Reynolds, a research fellow with market analysis firm Gartner Inc., which is based in Stamford, Connecticut. Reynolds was briefed on Palladium by Microsoft.
The three components will work in parallel to the operating system, with security tasks shunted from the operating system to the Palladium system, rather than as an integrated part of it, he said. Palladium is a security foundation upon which to build other security features, more than a system itself, he added.
As such, Palladium "is a very clever system," Reynolds said. "You can't crack it in the conventional sense."
Conventional cracking of the technology would be difficult because when an attacker tries to forge or attack the digital signatures used in the authentication component, the nub loses its encryption keys, making the system unable to communicate, he said.
"It's not impossible (to crack)," but it would likely have to be done one machine at a time and in hardware, rather than software, Reynolds said.
"Palladium does have the ability to give us truly secure PCs," he said. "Once we have security, do we want it," he added, anticipating possible user concerns about privacy and digital rights management.
Consumers will likely not be pleased about Palladium's DRM features, though "if you're the Hollywood people, you're thrilled," he said.
While most talk of DRM revolves around music, Microsoft Chairman and Chief Software Architect Bill Gates sees it as more useful for controlling e-mail: Palladium could be used to limit forwarding of messages, or to make them unreadable after a certain time interval has elapsed, the Newsweek report said.
Microsoft, for one, would benefit from being able to control e-mail in such a way. It has repeatedly fought to keep damaging internal e-mail out of court records in recent cases, including its battle with the nine non-settling states over remedies in its antitrust fight with the DOJ. [See "MS/DOJ - Judge again bars e-mail from court," May 31.]The technology needs to be widespread in order to be useful: 100 million devices will have to be shipped "before it really makes a difference," the report quotes Microsoft vice president Will Poole as saying.
Palladium grew out of a skunk-works project looking for ways to secure information stored on machines running Windows and became an official Microsoft project in October 2001, according to the report.
The first versions of Palladium "will be shipping with bugs," the report quotes one of the project's cofounders, Paul England, as saying.
This could be a problem, however, said Gartner's Reynolds.
"The whole thing has to work right and if it doesn't work right, it doesn't work at all," he said.
Microsoft's record on software security has been heavily criticized in the past, and in January of this year the company announced a new emphasis on trustworthy computing in an effort to clean up its image. [See "Gates calls for 'trustworthy computing'," Jan. 17.] This news was soon followed by word that its software developers would stop writing new code while they audited their existing code for security flaws. [See "Microsoft takes a break to clean its code," Feb. 4.]Microsoft has long maintained that keeping its source code under wraps makes its software more secure than open-source software such as rival operating system Linux, where anyone can inspect the source code and see its flaws. A recent report from a Microsoft-funded think tank, the Alexis de Tocqueville Institution, claimed that government use of open-source software represents a threat to national security. [See "Open-source hot air," Computerworld US, June 10.] Proponents of open-source software say this openness makes it more secure, as there is a greater chance that flaws will be fixed and that users will be more aware of the necessity of upgrading to a fixed version of the software.
Advocates of open software development may be winning the argument. According to the Newsweek report, Microsoft will publish the source code to its Palladium system in an effort to be more transparent.
Publishing source code openly is not the same as declaring it to be "open source." According to the Open Software Initiative, open source software must be freely distributable by third parties, including as part of derivative works, without restriction or payment.
Gartner's Reynolds backed this point, saying that "Microsoft is talking about making it open source."
Microsoft's Juarez, however, didn't entirely agree with this assessment.
When asked whether users would be required to run Windows in order to take advantage of Palladium's features, Juarez replied, "The short answer is 'yeah.'"That doesn't mean that all other platforms will be excluded, he said.
"We understand the importance of being inclusive," he said. "We do not want this to be seen as a Microsoft-only initiative."
"Our goal is to be as inclusive as possible," he said, adding that other platforms would likely see some level of interoperability.
To facilitate that broader support, Microsoft will be working with other companies, both in the hardware and software markets, as well as listening to feedback from users, Juarez said.
"This is a collaborative industry initiative ... (that) can only work if every stakeholder has a voice and participates in the process," he said.
Juarez was unable to provide more specifics about how Microsoft would offer that voice, but said that the company would be soliciting feedback from users at some point.
Transparency will be key to the system's success, according to Ari Schwartz, associate director of the Center for Democracy and Technology, based in Washington, D.C.
"It's important that there is transparency in the process," he said. "If they build it in a way that is seamless and intuitive, users will feel like they have more control. If not, there could be a major user backlash."
"It's too early in the process and it's difficult to say which way it will fall," he added.
"This system looks a lot like Hailstorm (a codename for an early version of Microsoft's .Net Services) recreated," said Chris Hoofnagle, legislative counsel for the Electronic Privacy Information Center, a non-profit Internet user rights group based in Washington, D.C.
"It's not good for consumers. Anything with verification and DRM limits consumers' ability to control their behavior," he said.
"One of the problems is that Microsoft will not be able to be transparent in order to make this scheme work," he said. Microsoft has relied on making security vulnerability information hard to discover, as opposed to fixing security flaws, he said.
(Scarlet Pruitt, an IDG News Service correspondent in Boston, contributed to this report.)