Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News

      NGSCB Spells Better Security for Windows

      By
      Jason Brooks
      -
      June 9, 2003
      Share
      Facebook
      Twitter
      Linkedin

        Microsoft Corp.s NGSCB initiative aims to improve security in future versions of Windows by providing a fine-grained level of control over applications designed to take advantage of this technology.

        Based on WinHEC talks and on Microsoft documentation, eWEEK Labs believes significant implementation hurdles must be overcome before Next-Generation Secure Computing Base can become a reality.

        NGSCB will provide what amounts to a separate, scaled-back operating system running in and alongside Windows as we know it today. The kernel of this separate operating system is called Nexus, and the applications, services or portions of applications that run atop it are called NCAs (Nexus Computing Agents).

        Microsoft describes this OS-within-an-OS situation in terms of a Standard mode, or left-hand side; and a Nexus mode, or right-hand side.

        NGSCB sets aside a portion of system RAM as “curtained.” A given section of memory in this curtained space is accessible only by the NCA that runs in it or by processes with which that NCA has a specific trust relationship. NGSCB will work with standard RAM chips but will require new CPUs and chip sets to manage this curtained memory scheme.

        NGSCB extends these controls to data stored on hard disks with encryption services that ensure that data may be accessed only by the NCA to which it belongs or to other software that that NCA trusts.

        These encryption services are rooted in an OEM-signed SSC (security support component) that will be embedded in, or at least soldered onto, the motherboard of every NGSCB-capable machine and will contain encryption keys unique to that piece of hardware. When Nexus boots, the CPU and the SSC compute a cryptographically signed digest for Nexus. Nexus, in turn, computes digests for NCAs.

        A “chain of trust” rooted in the secret keys stored in the SSC enables NGSCB systems to offer trustable authentication of hardware and software as well as user authentication. However, attestation only confirms that a signed piece of code or data is what it claims to be, and it wont guarantee its quality or benevolence. Further assurance must come from an outside party.

        Rounding out the NGSCB system security loop is the provision of a secure path between the user and Nexus. Mouse and keyboard input will travel across an encrypted path to Nexus, which directs these inputs to the appropriate NCA or back to the left-hand side, preventing keystroke logger attacks on right-hand-side applications.

        On the output side, NCAs will communicate with graphics adapters across a secure path, and a simple, XML-based graphics service on the right-hand side will be responsible for drawing interface windows for NCAs.

        These secure paths to and from the user will require changes to current input devices and/or Universal Serial Bus hubs, as well as to graphics adapters. How NGSCB will support accessibility software or wireless input devices has yet to be determined.

        At WinHEC, Microsoft announced that it will deliver a prebeta version of NGSCB at its Professional Developers Conference in October, with the system slated for completion in time to accompany “Longhorn” in 2005. Before that time comes, Microsoft must address a number of significant challenges if NGSCB is to succeed.

        Requiring CPU, chip set, graphics adapter, input device and motherboard changes, NGSCB wont run on todays hardware, which will probably slow customer uptake. In addition, NGSCB will only be as useful as the software that supports it, so its viability will depend on widespread industry support.

        NGSCB will enable much more control over systems that include it, but these expanded control options come with more management complexity. NCAs will have to communicate with one another, with portions of the Standard-mode operating system and with remote services, and each of these links will require users to monitor their trust relationship choices.

        Out of the box, Windows XP grants default Administrator rights, in a nod to convenience over security. Conversely, Microsoft officials have said that NGSCB systems will ship with Nexus switched off by default. However, unless Microsoft aces the job of implementing the policy management portions of NGSCB, users and companies may never opt to enable them.

        Senior Analyst Jason Brooks can be reached at jason_brooks@ziffdavis.com. A longer version of this story appears online at labs.eWEEK.com.

        Jason Brooks
        As Editor in Chief of eWEEK Labs, Jason Brooks manages the Labs team and is responsible for eWEEK's print edition. Brooks joined eWEEK in 1999, and has covered wireless networking, office productivity suites, mobile devices, Windows, virtualization, and desktops and notebooks. Jason's coverage is currently focused on Linux and Unix operating systems, open-source software and licensing, cloud computing and Software as a Service. Follow Jason on Twitter at jasonbrooks, or reach him by email at jbrooks@eweek.com.
        Get the Free Newsletter!
        Subscribe to Daily Tech Insider for top news, trends & analysis
        This email address is invalid.
        Get the Free Newsletter!
        Subscribe to Daily Tech Insider for top news, trends & analysis
        This email address is invalid.

        MOST POPULAR ARTICLES

        Latest News

        Zeus Kerravala on Networking: Multicloud, 5G, and...

        James Maguire - December 16, 2022 0
        I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
        Read more
        Applications

        Datadog President Amit Agarwal on Trends in...

        James Maguire - November 11, 2022 0
        I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
        Read more
        Cloud

        IGEL CEO Jed Ayres on Edge and...

        James Maguire - June 14, 2022 0
        I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
        Read more
        IT Management

        Intuit’s Nhung Ho on AI for the...

        James Maguire - May 13, 2022 0
        I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
        Read more
        Applications

        Kyndryl’s Nicolas Sekkaki on Handling AI and...

        James Maguire - November 9, 2022 0
        I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
        Read more
        Logo

        eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

        Facebook
        Linkedin
        RSS
        Twitter
        Youtube

        Advertisers

        Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

        Advertise with Us

        Menu

        • About eWeek
        • Subscribe to our Newsletter
        • Latest News

        Our Brands

        • Privacy Policy
        • Terms
        • About
        • Contact
        • Advertise
        • Sitemap
        • California – Do Not Sell My Information

        Property of TechnologyAdvice.
        © 2022 TechnologyAdvice. All Rights Reserved

        Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

        ×