Microsoft "Palladium": A Business Overview
Combining Microsoft Windows Features, Personal Computing Hardware, and Software Applications for Greater Security, Personal Privacy and System Integrity
August 2002
By Amy Carroll, Mario Juarez, Julia Polk and Tony Leininger
Microsoft Content Security Business Unit
Abstract
"Palladium" is the code name for an evolutionary set of features for the Microsoft® Windows® operating system. When combined with a new breed of hardware and applications, these features will give individuals and groups of users greater data security, personal privacy, and system integrity. In addition, "Palladium" will offer enterprise customers significant new benefits for network security and content protection. This white paper does the following:
Examines how "Palladium" satisfies the growing demands of living and working in an interconnected, digital world
Catalogs some of the planned benefits offered by "Palladium"
Summarizes the software components of "Palladium"
Presents a suggested broad business approach to enable "Palladium" to succeed
Contents
The Challenge: Meeting the Emerging Requirements of an Interconnected World
The Solution: "Palladium"
Core Principles of the "Palladium" Initiative
Aspects of "Palladium"
Hardware Components
Software Components
Business Approach
Timing
Conclusion
For More Information
The Challenge: Meeting the Emerging Requirements of an Interconnected World
Today's personal computing environment has advanced in terms of security and privacy, while maintaining a significant amount of backward compatibility. While abandoning compatibility and many features over the years might have made possible smaller, faster and/or more trusted systems, personal computer users required the preservation of investments in software, hardware and user training that came with backward compatibility.
However, the evolution of a shared, open network (the Internet) has created new problems and requirements for trustworthy computing. For example, the proliferation of private information within a digital, networked world is creating a growing challenge. As the personal computer grows more central to our lives at home, work and school, consumers and business customers alike are increasingly aware of privacy and security issues.
Now, the pressure is on for industry leaders to take the following actions:
Build solutions that will meet the pressing need for reliability and integrity
Make improvements to the personal computer such that it can more fully reach its potential and enable a wider range of opportunities
Give customers and content providers a new level of confidence in the computer experience
Continue to support backward compatibility with existing software and user knowledge that exists with Windows systems today
Together, industry leaders must address these critical issues to meet the mounting demand for trusted computing while preserving the open and rich character of current computer functionality.
The Solution: "Palladium"
"Palladium" is the code name for an evolutionary set of features for the Microsoft Windows operating system. When combined with a new breed of hardware and applications, "Palladium" gives individuals and groups of users greater data security, personal privacy and system integrity. Designed to work side-by-side with the existing functionality of Windows, this significant evolution of the personal computer platform will introduce a level of security that meets the rising customer requirements for data protection, integrity and distributed collaboration.
Users implicitly trust their computers with more of their valuable data every day. They also trust their computers to perform more and more important financial, legal and other transactions. "Palladium" provides a solid basis for this trust: a foundation on which privacy- and security-sensitive software can be built.
There are many reasons why "Palladium" will be of advantage to users. Among these are enhanced, practical user control; the emergence of new server/service models; and potentially new peer-to-peer or fully peer-distributed service models. The fundamental benefits of "Palladium" fall into three chief categories: greater system integrity, superior personal privacy and enhanced data security. These categories are illustrated in Figure 1. (Please see definition of "nexus" below.
Figure 1: Windows-based personal computer of the future
Core Principles of the "Palladium" Initiative
Development of "Palladium" is guided by important business and technical imperatives and assumptions. Among these are the following:
A "Palladium"-enhanced computer must continue to run any existing applications and device drivers.
"Palladium" is not a separate operating system. It is based on architectural enhancements to the Windows kernel and to computer hardware, including the CPU, peripherals and chipsets, to create a new trusted execution subsystem (see Figure 1).
"Palladium" will not eliminate any features of Windows that users have come to rely on; everything that runs today will continue to run with "Palladium."
In addition, "Palladium" does not change what can be programmed or run on the computing platform; it simply changes what can be believed about programs, and the durability of those beliefs. Moreover, "Palladium" will operate with any program the user specifies while maintaining security.
It is important to note that while today's applications and devices will continue to work in "Palladium," they will gain little to no benefit from "Palladium" services. To take advantage of "Palladium," existing applications must be adapted to utilize the "Palladium" environment or new applications must be written. This software - whether a component of a Microsoft Win32®-based application or a new application - is called a "Trusted Agent."
"Palladium"-based systems must provide the means to protect user privacy better than any operating system does today.
"Palladium" prevents identity theft and unauthorized access to personal data on the user's device while on the Internet and on other networks. Transactions and processes are verifiable and reliable (through the attestable hardware and software architecture described below), and they cannot be imitated.
With "Palladium," a system's secrets are locked in the computer and are only revealed on terms that the user has specified. In addition, the trusted user interface prevents snooping and impersonation. The user controls what is revealed and can separate categories of data on a single computer into distinct realms. Like a set of vaults, realms provide the assurance of separability. With distinct identifiers, policies and categories of data for each, realms allow a user to have a locked-down work environment and fully open surfing environment at the same time, on the same computer.
Finally, the "Palladium" architecture will enable a new class of identity service providers that can potentially offer users choices for how their identities are represented in online transactions. These service providers can also ensure that the user is in control of policies for how personal information is revealed to others. In addition, "Palladium" will allow users to employ identity service providers of their own choosing.
"Palladium" will not require digital rights management technology, and DRM will not require "Palladium."
Digital rights management (DRM) is an important, emerging technology that many believe will be central to the digital economy of the future. As a means of defining rules and setting policies that enhance the integrity and trust of digital content consumption, DRM is vital for a wide range of content-protection uses. Some examples of DRM are the protection of valuable intellectual property, trusted e-mail and persistent protection of corporate documents.
While DRM and "Palladium" are both supportive of Trustworthy Computing, neither is absolutely required for the other to work. DRM can be deployed on non-"Palladium" machines, and "Palladium" can provide users with benefits independent of DRM. They are separate technologies. That said, the current software-based DRM technologies can be rendered stronger when deployed on "Palladium"-based computers.
User information is not a requirement for "Palladium" to work.
"Palladium" authenticates software and hardware, not users. "Palladium" is about platform integrity, and enables users - whether in a corporate or home setting - to take advantage of system trustworthiness to establish multiple, separate identities, each to suit specific needs.
For example, an employee logs onto the corporate network from home. A trusted gateway server at the corporate network mediates the remote access connection, allowing only trusted applications to access the network. This ensures that the network is protected against infection from attacks by viruses that the home user might have received through personal e-mail. Once connected, the employee can use Remote Desktop to access the computer at the office or save a file back to the corporate server by using locally active Trusted Agents and sealed storage (see below) on the client.
With this technology, the corporate network is protected, while the individual can also be confident that the company is not using the remote connection as an opportunity to snoop into the contents of the user's home computer.
"Palladium" will enable closed spheres of trust.
A closed sphere of trust binds data or a service to both a set of users (logon) and to a set of acceptable applications. As shown in Figure 2, the nexus (formerly referred to as the Trusted Operating Root, or TOR) does not simply open the vault; the nexus will open only a particular vault, and only for a small list of applications.
Figure 2: Closed Sphere of Trust
"Palladium" is an opt-in system.
"Palladium" is entirely an opt-in solution; systems will ship with the "Palladium" hardware and software features turned off. The user of the system can choose to simply stay with this default setting, leaving all "Palladium"-related capabilities (hardware and software) disabled.
"Palladium" will not require digital rights management technology, and DRM will not require "Palladium."
While DRM and "Palladium" are both supportive of Trustworthy Computing, neither is absolutely required for the other to work. DRM can be deployed on non-"Palladium" machines, and "Palladium" can provide users with benefits independent of DRM. They are separate technologies. That said, the current software-based DRM technologies can be rendered stronger when deployed on "Palladium"-based computers.
Turning "Palladium" completely off includes turning it off in hardware, which prevents any software from turning it back on. Users have the ultimate control over their systems and their information; "Palladium" does not entail any global requirements.
here is a summary break it down as to why this is bad
it says that dvr is seperate and this can be turned off?
eventually they will have to stop internet theft
break it down as to why this is bad?am i missing something
thanks
mike
Facebook
Twitter