[ISN] WinHEC: Microsoft revisits NGSCB security plan

[InfoSec News]

http://www.nwfusion.com/news/2004/0505msngscb.html

By Joris Evers
IDG News Service
05/05/04

Microsoft is revisiting its Next-Generation Secure Computing Base
(NGSCB) security plan because enterprise users and software makers
don't want to be forced to rewrite their code to take advantage of the
technology, the company said Wednesday.

In response to feedback from users and software makers, Microsoft is
retooling NGSCB so at least part of the security benefits will be
available without the need tor recode applications, Mario Juarez, a
Microsoft product manager, said in an interview Wednesday at the
vendor's Windows Hardware Engineering Conference (WinHEC).

"We're revisiting the way that the architecture needs to be built in
order to accommodate the feedback that we have gotten and provide the
broader value that we want the technology to provide," he said.  
Microsoft is making changes to NGSCB, but is not discarding previous
work or going back to the drawing board, Juarez stressed.

Microsoft announced NGSCB in 2002. The technology, formerly known by
its Palladium code name, uses a combination of software and hardware
that Microsoft says will boost PC security by providing the ability to
isolate software so it can be protected against malicious code. The
software maker plans to incorporate the technology in Longhorn, the
successor to Windows XP expected out in 2006.

NGSCB was demonstrated for the first time a year ago at the 2003
WinHEC. Attendees at Microsoft's Professional Developers Conference in
Los Angeles last October received a developer preview of NGSCB. That
preview was meant to give developers a feel of what it is like to
develop an application that uses NGSCB security.

Meanwhile, Microsoft has been gathering feedback and is now working on
incorporating that feedback, according to Juarez. As a result, NGSCB
will change. Software makers and enterprise users will be able to take
advantage of part of the technology out of the box, without the need
to rewrite their applications, Juarez said.

Originally Microsoft had limited NGSCB to provide strong protection
for very small amounts of data through protected agents. Applications
would have to be rebuilt to include a protected agent that would run
in a secured space on the system. Now Microsoft is working to revise
the NGSCB technology so it is possible to secure more bits without
having to rewrite applications, Juarez said.

"We can't provide the level of specifics that we provided last year
because we're still in the process of sorting out the details," Juarez
said. "We will have more specifics later this year about how the
technology will be implemented based on the feedback."

NGSCB includes a new software component for Windows called a "nexus,"  
and a chip that can perform cryptographic operations called the
trusted platform module. NGSCB also requires changes to a PC's
processor and chipset and the graphics card. The combination of
hardware and software creates a second operating environment within a
PC that is meant to protect the system from malicious code by
providing secure connections between applications, peripheral
hardware, memory and storage.

Microsoft has pitched NGSCB as a boon for its customers, though
critics have argued that it will curtail users' ability to control
their own PCs and could erode fair-use rights for digital music and
movie files. Corporate users will likely be first to buy in to the
technology, Microsoft has said. Early applications will include secure
messaging and other applications especially interesting for corporate
PC users, the company has said.