Microsoft Corp.’s latest plan to secure desktop systems is complex and will require coordination with hardware and software manufacturers across the industry.
If successful, PCs will come with certificates stored in hardware that will control user access to the computer and validate everything sent to that computer from executable code to documents. It will let users safeguard sensitive data, stop spam and viruses, and ensure only approved software runs on the machine.
Microsoft unveiled its project in June as Palladium, software that works in conjunction with specialized chips installed on a PC to create trusted “sandboxes” where programs and operations can be executed securely. It is designed to eliminate the security holes Microsoft has been unable to plug.
Palladium is Microsoft’s most ambitious effort under its seven-month-old Trustworthy Computing initiative.
Network executives and other experts say the promise of Palladium is intriguing but that Microsoft will have to overcome its reputation for weak system security and heavy-handed tactics with business partners.
“This is one of those things that if it works like it says it will on paper it will be great,” says Jeff Allred, manager of network services for Duke University Cancer Center in Durham, N.C. “But every lock has a key, and nothing Microsoft has put out has been hack-proof. They have a lot of hurdles to get over, including the retooling that every processor and hardware manufacturer in the world will have to go through to support Palladium.”
Experts say that is the project’s major challenge. Intel and Advanced Micro Devices are among a dozen partners working with Microsoft on Palladium.
“Hardware will have to be modified and it will have to be done right, it will have to be perfect,” says Martin Reynolds, a Gartner Inc. analyst. “It’s the processors, the chip sets, the silicon that secures the certificates.” Those certificates are stored in hardware and are used to determine what code or communication Palladium will trust.
A network of certificate authorities that issue and revoke certificates also has to be established, something that has impeded implementations of public-key infrastructure.
Reynolds says Palladium also will have to be pristine because if it is upgraded, patched or changed in any way, the hardware security certificates become invalid and Palladium shuts down.
Regardless, Reynolds calls Palladium, “a very clever solution.”
Palladium will work in parallel with the Windows operating system, letting the OS pass to Palladium its most sensitive operations. In turn, Palladium can reserve memory for those operations, performing them in a “virtual vault,” which, for example, would prevent malicious code from spreading to other parts of the system.
Microsoft has not mentioned a timetable for Palladium’s release, but speculation is that it could de delivered in 2004 with Longhorn, the next version of the Windows operating system.
The work is not without precedence. For the past three years, IBM Corp. has shipped millions of PCs with an embedded security processor, mostly to financial services and healthcare customers. The processor and special software work together as a gatekeeper to validate everything that happens on the machine.
The processor grew out of work begun in 1999 by the Trusted Computing Platform Alliance (TCPA), founded by IBM, Intel Corp., Hewlett-Packard Co., Compaq (now part of HP), but not Microsoft. The goal is to deliver a set of hardware and operating system security capabilities that enhance trust and security in computing. Last year the TCPA published its 1.1 specification.
“Microsoft is re-creating this work and pushing it,” says Clain Anderson, director of security solutions in IBM’s personal computing division. “Building right into the operating system the software to run the chip is a logical progression of this work.” One change is speed – IBM runs everything on the chip, but Palladium will use operating system memory to create a much faster system.
Industry support will play a big role if Palladium is to ever succeed.
“We know this can only work if it is a collaborative process,” says Mario Juarez, group product manager for the Palladium team. “But how that will shake out, we do not know. The challenge is, how do you start this evolution? We need to do some things differently.”
For one, Palladium’s source code will be released publicly, but Juarez did not say how it would be licensed.