Security Advisor

Palladium: Blessing or Curse?

Microsoft is touting its next-generation secure computing infrastructure as a giant leap for mankind. Not everyone agrees.

• By Roberta Bragg
• 01/01/2003

Goddesses and Horses
Athena, born full-grown from the head of Zeus, was trained in the fighting arts. She accidentally killed her friend, Pallas, during a game. It saddened her so much that she appended the name of her friend to her own. A statue of Pallas Athena in full armor, known as the Palladium, stood guard over the ancient city of Troy. Legend held that as long as the statue was safe, so was the city. During the 10th year of the Trojan War, Odysseus and Diomed stole the statue. The city soon fell to the nefarious Greeks, who hid inside a wooden horse.

Thus, Palladium has been defined as a safeguard, a guarantee of social institutions or a sacred object with the power to preserve the city or state it protects. And the Trojan horse? Well, I think you know the answer to that one.

Today, we find the word Palladium everywhere. It’s an element: Pd, a silvery-white metal used in watch springs, dental fillings (still got a few of those) and surgical instruments. It’s a restaurant in Philadelphia, a theatre and a band in Australia. No doubt, you can find many other interesting uses of the name—including Microsoft’s proposed secure computer infrastructure.

The End of Computing As We Know It?
According to Microsoft, Palladium will offer huge improvements in computer security. These are partially due to new operating system features and to soon-to-be-developed hardware functionality. Third-party applications can take advantage of these features to make the entire computing experience more secure—or more constrained, depending on your viewpoint.

There are those who say Palladium will signal the end to computing as we know it. Gone will be the innovation, the freedom to choose, they cry. Gone will be the ability of the little guy to make his mark on the world by inventing the next killer app or operating system.

There are others who say that Palladium will enhance computing. Gone will be the opportunity for the little guy to make his mark on the world by creating the best and baddest worm or virus.

Those who support Digital Rights Management applaud Palladium. In fact, the idea for such a project came from the Microsoft digital rights team, and two patents said to be on the process behind Palladium involves Digital Rights Management.

Microsoft says we’re years away from the actual product, but now is the time to try and to understand it. Remember, Microsoft will want to sell you this product. Maybe, you can influence its development of it. So, what will Palladium be and how can you put in your two cents?

No Longer Safe
First, make no mistake—the reason for Palladium is, at least in part, reactionary. The world’s changed and become more interconnected. This is a good thing, but it brings new problems. In a world with fewer boundaries, previous security models aren’t sufficient. Malicious code created anywhere in the world spreads across the globe with unheard-of speed. Slow transmission via floppy disk previously limited the spread of infection, but now anyone with an Internet connection can be affected within a very short time. It also used to be that patching a machine against a vulnerability might be more dangerous than the risk that someone would take advantage of the flaw; now unpatched systems risk immediate compromise.

Current security infrastructures—firewalls, intrusion detection, PKI and so on—can’t handle the variety and volume of attacks that strike with increasing speed and sophistication. At the same time, security, network and systems administrators face escalating demands to secure information. Add to that new legislation requiring protection of privacy and proprietary information, and you can see the problems facing data security.

Palladium’s Parts
Microsoft thinks the answer is Palladium. Here’s what it says Palladium will provide:

• Greater integrity: Hardware and software components will be verified both in establishing their identity and managing what data they can access.
• Superior personal privacy: Internet/network access of private data will only be allowed by authorized sources. The user, the owner of the data, will control what an authorized source is. On machines used by multiple users, each user’s data will be compartmentalized into realms so that one user’s error doesn’t compromise someone else. It will also mean that one user’s identity and data can’t be stolen by another.
• Enhanced data security: Machine identity is also authenticated. Keys are stored in sealed storage. All data is protected—user, corporate and commercial. Transactions and processes can be verified as correct.

What Will it do?
The details of how this will happen are somewhat sketchy, but here are some broad outlines of what the Palladium experience will be like:

• Legacy compatibility: Existing applications and device drivers will run, but these legacy applications won’t benefit from Palladium’s security.
• Secure identity: Users can choose an identity service provider. Identity service providers can be used to represent data in online transactions.
• Digital Rights Management (DRM) technology: DRM isn’t required. DRM provides content protection, protection of intellectual property, trusted e-mail, and protection of corporate documents. DRM deployed on Palladium will benefit from it; but DRM doesn’t require it, nor does Palladium require DRM.
• Software and hardware authentication: Trusted gateway servers provide a barrier between remote and corporate networks. The gateway only allows trusted applications to access the network and protects the network from infection by remote users while protecting remote users from intrusion via the corporate network.
• Closed spheres of trust: Data or services can be bound to users and applications.
• Default configuration: Users of Palladium systems must opt in; Palladium systems will be shipped with hardware and software features turned off.
• Code isolation: Trusted code runs in physically isolated and protected memory. While viruses can still run in Palladium, an anti-viral program can’t be corrupted by infected code, allowing it to work without danger of corruption.
• Authenticated operations: Sealed storage protects applications from subversion. Applications can be authenticated.
• Attestation: Software and hardware are cryptographically verifiable to user and computer, programs and services before information is shared. Transactions can then be assured that operations and data originate from other trusted applications and machines.
• Protected pathways: Hardware provides protection so keystrokes can’t be snooped or spoofed.
• Trusted execution space: Trusted code runs in a trusted execution space, so code can’t be observed or modified. Files are encrypted with machine-specific secrets and, therefore, are useless if stolen or copied. The machine’s private key and system secrets are embedded in hardware.
• Agents: Trusted agents from any publisher can run on Palladium. Only the user can restrict which can run.
• Certification: Organizations other than Microsoft will be able to certify Palladium systems.
• Source code: It will be published. That’s right. Palladium source code will be shared. This isn’t to say that it’ll be open source, just that it’ll be available for review.

The Four Elements
The problem is that there are few details. How will the system be built? What software can run on it? All Microsoft will say about Palladium is that four elements will be combined to create the platform:

• Architectural enhancements to the Windows kernel: Trusted data storage, encryption, authenticated boot, and hardware and software authentication are provided by the Nexus (see next page) and trusted agents.
• Architectural enhancements to computer hardware: CPU, peripherals and chipsets will create a trusted execution subsystem. The Nexus maintains trusted space and has access to Palladium services such as sealed storage. Sealed storage is an area that can be used by trusted programs to store secrets. Non-trusted programs can’t retrieve or read these secrets (booting to another OS or placing the disk on another machine won’t grant access). There will be, however, trusted backup and migration of secrets to other machines. Attestation can be used to verify whether parts of the operating environment, or Palladium itself, are running on a machine.
• The Nexus (known previously as trusted operating root or TOR): The Nexus is software adapted or written to use the Palladium environment. The Nexus manages trust functionality and executes in kernel mode in trusted space. It provides services to trusted agents, sealing and unsealing of secrets, and attestation.
• Trusted agents: These are programs or parts of a program or service that run in user mode in trusted space. Trusted agents call the Nexus for security services and critical general services such as memory management.

Censorship Concerns
All this is enough to get critics jumping. Some, such as Daniel Christle of WindoWatch (an e-mail newsletter), fear that Palladium will give Microsoft too much control over the PC, that it will be “…the self-appointed guardian of all that is digital.” He claims that Palladium is just Windows running on future Intel-led Trusted Computing Platform Alliance (TCPA) computers. He claims that far from improving hardware and software security for the consumer, Palladium will enable Microsoft and others to access your computer remotely to remove or disable pirated software or content. Good news, in other words, for Microsoft, Disney, Sony and the Record Industry Association of America, but bad news for consumers.

Is the bad news that consumers can’t run illegal copies of software or steal copyrighted works? No, the bad news is that the very software and hardware that might enable copyright holders to become the long arm of the law could also be used to prevent anything but Windows from being the OS for the new machines. It could be used to stifle competition and innovations, as only those wealthy enough to seek Microsoft certification of their products could now compete in a Palladium world.

Another critic, Ross Anderson, a Cambridge University researcher and a computer scientist, lists the possibilities: Applications will communicate securely with the vendor, allowing DVDs to be run but not copied, and permitting unlicensed and pirated software to be detected and deleted remotely; rented software can be deleted if the fee isn’t paid; documents can be classified with less chance of being compromised because they’re bound to a specific hardware device; cheating at computer games and online tactical bidding at auctions will become more difficult.

If you’re not a thief, all these things sound good, but here’s an issue: Anderson and others say remote censorship is also possible. Repressive countries and others would now have a way to suppress freedom of speech, make books unreadable or garble songs that express ideas they consider dangerous. Businesses could be prevented from moving to a competing product—as documents are encrypted by one vendor’s products, they couldn’t be read by another. Remember also the whistle-blower, the lone individual who changes destiny by alerting police or the press to immoral, unethical and illegal activities going on where he or she works. With Palladium, this person couldn’t e-mail the proof to the press, as the incriminating information couldn’t be read on non-company computers.

Criminals and terrorists may also benefit from Palladium, as they can protect their dealings from spying eyes and make their data disappear if removed from their machines (unless, of course, some master key is provided to the authorities). But if some master key is provided, could the nation that manufactured the chips shut down the computers of another country as the first salvo of war?

Christle and Anderson criticize Microsoft for using the TCPA DRM model. They ask if the security is for you and me—or for the PC vendor, software supplier and content industry. Others criticize Microsoft for breaking away from the TCPA and going it alone.

Jon Lasser, in a SecurityFocus Web site column, claims that Palladium will kill Linux and open-source. He also says that—although all code will be required to be digitally signed and enforced at the hardware level (and, thus, can eliminate attacks by code that must execute to do damage)—Palladium won’t prevent successful attacks that run from within trusted applications. Think Outlook viruses, macro viruses or the use of trusted code in some way not thought of, but that still does harm.

The Ball Is in Your Court
So there you have it: Microsoft’s proposed blueprint for safer computing, and the critics’ negative analysis of the design. It’s in your hands now, your chance to take action. Write to Microsoft requesting more information about Palladium at [email protected]. Read the TCPA standard at www.trustedcomputing.org. Get on the mailing list to be notified when more Palladium information is available by sending e-mail to [email protected] with the word “subscribe” in the subject line.

Get informed. Get involved. Get it?