NEW ORLEANS–Microsoft employees showed off a practical application of digital-rights-management software Tuesday, in what was billed as the first public showcase of the companys Next-Generation Secure Computing Base (NGSCB).
Microsoft executives formally unveiled the Nexus, the heart of the companys software. Mike Nash, corporate vice-president of the Security Business Unit at Microsoft, and some Microsoft volunteers showed off NGSCB powering a financial trading applet and real-time chat.
For Microsoft, NGSCB means policy management, the freedom to be able to regulate what can and cant be done with company documents that are emailed to others in the company; and the security of knowing that code cant be modified without a users permission, or at least awareness.
“The key is that were looking at a major change in the structure of computing,” Nash said.
Security is also part of an overall system, both inside the PC and in the customers IT department. Many vulnerabilities arent in the “security” layers of code, but in other parts of the system, Nash said. The Microsoft Windows 2000 team set aside a month to secure the code base; it ended up taking ten weeks.
However, that structure has still not been fully disclosed. In a presentation, Kevin Corbett, group director of marketing and strategic planning at Intel, confirmed that the company has a hardware security plan in place, called LaGrande, but did not offer any further details. On Wednesday, Microsoft is scheduled to offer a few more details on how NGSCB works to encrypt communications and data, as far down as the keyboard, and even information passed through the video card. One source at Intel said the company would delay any substantive discussion of LaGrande until later, most likely the fall Intel Developer Forum show in late summer.
NGSCB works on four principles: isolating the compute process; “sealed storage” through encryption; a secure or encrypted path to and from the user, using encrypted peripherals; and attestation, or the oversight a user has of a particular process.
Many applications can run unencrypted. But if the datas policy – its ability to be read, printed, or otherwise acted upon by a set number of individuals – needs to be managed or restricted in some way, that data can be encrypted through the nexus, NGSCBs management engine.
“Its really about making sure there is a wall about the data…using hardware based secrets that are impossible to change,” Nash said.
When logging in, a user identifies himself to the system in some way, possibly a smart card. The nexus, in turn, can be cryptographically authenticated by signing in with the hardware, such as LaGrande or motherboard SSID. Applications, or agents, will then look for the combination of the unique user and nexus combination to allow them to run, using the key stored in the hardware Security Support Component. Finally, NGSCB-compliant code will be signed to prevent it from being altered. If it, the code will alert other applications that it has been changed preventing them from working with the modified code.
An early example of Microsofts stance on security will be encapsulated in the Windows Rights Management Server, shipping late this year after Windows Server 2003, according to Mike Atalla of Microsofts technical management team. Among other features, Windows Rights Management allows Outlook users to define what recipients can or can not do with forwarded or sent email. The software is designed to block a users traditional method of breaking DRM, including forwarding the email, taking a snapshot using the “Print Screen” button, and other tricks.
In a demonstration, Nash and three volunteers from his team roleplayed one users attempt to access a financial services application, while an attacker attempted to wreak havoc upon his system. In one example, the hacker used a popular hacking program to search the victims physical RAM, searching for strings like “account_number”. The same hacker then tried accessing the hard drive and modifying the financial application to search for identifying information.
Running an NGSCB version of the same agent, however, the memory was protected and encrypted. When the application was modified, the identifying code hash was altered, alerting the server and preventing the application from running.
Likewise, the hacker attempted to sniff the packets sent by a custom chat application in a hunt for confidential information. Encrypted with NGSCB, the packets turned into meaningless noise.