Slashdot Mirror

← Back to Stories (view on slashdot.org)

Questions for a Lecture on Microsoft's Palladium?

Posted by Cliff on from the tossing-out-those-pointed-questions dept.

An anonymous reader asks: "Microsoft is going to be giving a lecture on Palladium for my Computer and Network Security class at MIT this Thursday. We're told that it's going to be the most technically detailed lecture publically given to date, and that we should be armed with questions as a result. Any suggestions from the Slashdot crowd? What technical details have you been dying to know about Palladium?" It would be interesting to hear back from someone who is planning on attending this. For those who wish they were, but can't for one reason or another, what would you have asked by proxy?

4 of 568 comments (clear)

  1. LawMeme article with good facts by The+Importance+of · · Score: 4, Informative

    Read this for some good info.

  2. Re:major palladium concerns by Yankovic · · Score: 5, Informative

    The answer is yes. I don't know exactly where you have gathered this, it's completely wrong. Here's a link to an interview with the group product manager for Palladium with the answer:

    DIDW

    And the relavant quote (with important part bolded):
    DIDW: So flexibility is a big goal, with nothing traceable locked in and no specific required PKI structure it must be part of?

    Juarez: The architecture is designed to be an open platform and open environment. As an ISV or service provider you can build anything you want on top of this platform and offer up a value proposition with consumers, or with other businesses. It can do all kinds of interesting things. But there's nothing in the system that says, for example, that if you run something in one of these vaults that you've got to have the code signed, or you have to have things authenticated. It's a very basic, open environment and we're not trying to build any elements of it that are going to require verification or the participation of anything other than the ISV and the person who is using the services want to have happen.

  3. Re:An obvious question from the /. crowd by SiliconEntity · · Score: 5, Informative

    How can user written software run on a 'trusted' system?

    It's obvious, if you're familiar with the Palladium information that has been released. All software, whoever writes it, will be able to make use of Palladium features via a new API.

    What are the Palladium features? Your software will be able to create a "virtual vault" that other software can't see into (an encrypted disk file locked to a hash of your software). You can have a "trusted agent" that runs in a secure memory area which is immune to being inspected or changed using debuggers, virtualizers, etc. You can get the OS to securely report a hash of your software to third parties, cryptographically signed by a key which is locked in the Palladium hardware.

    The sense in which these features entitle your software to be called "trusted" is beyond the scope of this reply.

    I strongly suggest that the OP read the Palladium docs that are available to familiarize himself with the system before he goes to this lecture.

  4. Re:An obvious question from the /. crowd by SiliconEntity · · Score: 4, Informative

    This still leaves mostly the same question, if my machine is offline. Of course, that really could be a question in and of itself.. how does the system function with a non-networked computer?

    If your system is offline or un-networked, you can still use the Palladium "virtual vault" and "curtained memory". This would allow your software to create a crypto key and store some data encrypted with it, such that no other software would be able to read that data. Not even the owner of the computer could get to that data except under the rules that your software enforced. He couldn't virtualize it, he couldn't emulate it, he couldn't use a debugger or patch the software.

    The reason he can't virtualize your software or run it on an emulation layer is that the data is encrypted with a key that is locked in the crypto chip. The emulator doesn't have that key and so it can't decrypt the data. The reason he can't use a debugger is because (part of) your software runs in the special memory region which is off limits to debuggers. And the reason he can't patch your software (on the disk, say) is because that changes the software hash, which the crypto chip checks when it goes to decrypt the data, to see if it matches what it was then the data was encrypted. Changing the software changes the hash; changing the hash keeps you from getting at the data.

    He could still get at the data if he used some hardware hacks, like dual-ported ram or exotic techniques to extract data from the secure crypto chip. These are probably outside of the expertise of the average hacker, though.

    So what does "trusted" mean here? It means that your software can manage data and behave in a predictable manner, enforcing specified rules for manipulating the data.