Questions for a Lecture on Microsoft's Palladium? 612
An anonymous reader asks: "Microsoft is going to be giving a lecture on Palladium
for my Computer and Network Security class at MIT this Thursday. We're told that it's going to be the most technically detailed lecture publically given to date, and that we should be armed with questions as a result. Any suggestions from the Slashdot crowd? What technical details have you been dying to know about Palladium?" It would be interesting to hear back from someone who is planning on attending this. For those who wish they were, but can't for one reason or another, what would you have asked by proxy?
LawMeme article with good facts (Score:4, Informative)
Re:Ramifications for Independent Content (Score:2, Informative)
I'm not sure if you were joking or not, but that phrase is from the declaration of independence, not the constitution
Re:major palladium concerns (Score:5, Informative)
DIDW [didw.com]
And the relavant quote (with important part bolded):
DIDW: So flexibility is a big goal, with nothing traceable locked in and no specific required PKI structure it must be part of?
Juarez: The architecture is designed to be an open platform and open environment. As an ISV or service provider you can build anything you want on top of this platform and offer up a value proposition with consumers, or with other businesses. It can do all kinds of interesting things. But there's nothing in the system that says, for example, that if you run something in one of these vaults that you've got to have the code signed, or you have to have things authenticated. It's a very basic, open environment and we're not trying to build any elements of it that are going to require verification or the participation of anything other than the ISV and the person who is using the services want to have happen.
Re:major palladium concerns (Score:2, Informative)
Re:An obvious question from the /. crowd (Score:5, Informative)
It's obvious, if you're familiar with the Palladium information that has been released. All software, whoever writes it, will be able to make use of Palladium features via a new API.
What are the Palladium features? Your software will be able to create a "virtual vault" that other software can't see into (an encrypted disk file locked to a hash of your software). You can have a "trusted agent" that runs in a secure memory area which is immune to being inspected or changed using debuggers, virtualizers, etc. You can get the OS to securely report a hash of your software to third parties, cryptographically signed by a key which is locked in the Palladium hardware.
The sense in which these features entitle your software to be called "trusted" is beyond the scope of this reply.
I strongly suggest that the OP read the Palladium docs that are available to familiarize himself with the system before he goes to this lecture.
Re:Engineering holes (Score:3, Informative)
Palladium has a concept called "curtained memory". It is immune to being touched by ordinary code, you have to be in a new CPU mode which is being defined as part of the Palladium spec (some observers call it "ring -1"). Most buffer overruns and similar bugs will not escalate your privileges high enough to touch the Palladium secure area, even if you can get into (normal) kernel mode.
My understanding is that you'd have to find a bug in the OS kernel software component that runs in the curtained area, which Microsoft calls the "nub" or "Trusted Operating Root". They intend to publish this relatively small software component for review in the hopes that it can be made bug free. If so then bugs in other parts of the software will not defeat Palladium security.
Re:Question for MIT students/faculty (Score:1, Informative)
Re:Reasons (Score:2, Informative)
To me it looks a lot like MS is trying to 'AOL' the whole multimedia side of the net. You will only be able to view what they consider appropriate/profitable.
Re:An obvious question from the /. crowd (Score:4, Informative)
If your system is offline or un-networked, you can still use the Palladium "virtual vault" and "curtained memory". This would allow your software to create a crypto key and store some data encrypted with it, such that no other software would be able to read that data. Not even the owner of the computer could get to that data except under the rules that your software enforced. He couldn't virtualize it, he couldn't emulate it, he couldn't use a debugger or patch the software.
The reason he can't virtualize your software or run it on an emulation layer is that the data is encrypted with a key that is locked in the crypto chip. The emulator doesn't have that key and so it can't decrypt the data. The reason he can't use a debugger is because (part of) your software runs in the special memory region which is off limits to debuggers. And the reason he can't patch your software (on the disk, say) is because that changes the software hash, which the crypto chip checks when it goes to decrypt the data, to see if it matches what it was then the data was encrypted. Changing the software changes the hash; changing the hash keeps you from getting at the data.
He could still get at the data if he used some hardware hacks, like dual-ported ram or exotic techniques to extract data from the secure crypto chip. These are probably outside of the expertise of the average hacker, though.
So what does "trusted" mean here? It means that your software can manage data and behave in a predictable manner, enforcing specified rules for manipulating the data.
Re:Secure Palladium? (Score:2, Informative)
I believe that Palladium is coming in two stages. First stage has a Fritz chip on the mobo that handles security. If you can intercept data on the bus between the fritz and the rest of the machine, you can get the advantageous of being declared secure by the fritz, without actually having your machine sanitized.
However, later on they plan on integrating fritz into the cpu. This would make mod-chipping next to impossible. The only way to be able to do that, Id guess, is to reverse engineer the methods they have for authenticating a computers trusted status.
What "optional" means to you... (Score:3, Informative)
Exercising this option is functionally equivalent to exercising the option to not have access to any digital content whatsoever.
So it's "optional" as in "breathing", not "optional" as in "comes with a sunroof".
-- Terry
Palladium confusion (Score:2, Informative)
One such faq was:http://www.microsoft.com/technet/treeview/defa ult.asp?url=/technet/security/news/PallFAQ2.asp [microsoft.com]
Few important notes:
Comment removed (Score:3, Informative)
Comment removed (Score:3, Informative)