What to expect from Microsoft's NGSCB plan
Computerworld - Microsoft Corp. said that it was retinkering with its Next Generation Secure Computing Base (NGSCB), originally announced in 2002 with the code name Palladium. This step was taken in response to demands from users and software vendors that existing applications could take advantage of the security functions offered by the NGSCB platform without having to rewrite them (see story).
This is welcome news for users and independent software vendors. However, it may present challenges to the NGSCB design. To facilitate the discussion, Figure 1 shows the NGSCB configuration. Components of the NGSCB that require the support of new hardware are shown in Figure 1 with the image of an IC chip.
![]() |
| Figure 1: NGSCB Configuration. The green-red lines show where protected data is in encrypted or decrypted format. Encryption or decryption occurs at the junction of the red and green lines. |
The NGSCB Nexus security kernel identifies, authenticates and controls access to trusted applications and resources using a security reference monitor, a part of the Nexus security kernel. For an application to make use of the protected operating environment, either parts of it need to function as component Nexus Computing Agents, or the entire application needs to function as a stand-alone NCA. An NCA is a trusted software running in the protected operating environment and is hosted by the Nexus. The protected environment in the NGSCB was envisioned as a very restricted development environment. An application is partitioned so that only components that manage critical trusted information are run as NCAs in the protected environment, and components that manage traditional functionalities are run in the standard environment. This is summarized by Microsoft1 as: "A good rule of thumb is: If you can leave functionality in Standard mode without compromising information, you should leave it there." To achieve this partition will most likely require some rewriting and retesting of existing applications.
Another challenge to running existing applications as is without rewriting is more fundamental and may cause breaches to the security of the NGSCB. The two main enabling features of the NGSCB platform are the hardware-enforced curtained memory where the Nexus and NCAs are run, and the hardware component, namely the Security Support Component or Trusted Platform Module chip, for storing and managing encryption keys.
However, once in the protected environment, based on Microsoft documents2, the Nexus is protected from NCAs, and the NCAs are protected from each other using the same ring and virtual memory protections as used in today's computers.
Thus, once a program gets into the protected environment, the security is no different from the situation in today's PCs. To ensure the security in the protected environment, NCAs should be written as managed codes so that the Nexus can closely manage them, and it is ensured that the Nexus is protected from the NCAs and the NCAs are protected from each other. Allowing applications to run in the protected environment means that flaws or vulnerabilities in an application may compromise the ring and virtual memory protection within the protected environment, and modify or affect the Nexus or other NCAs in unintended or malicious ways.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Overcome Top 7 Admin Challenges of Active Directory
- As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
- Insiders Can Ruin Your Company. Take Action.
- Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
- Top Solutions and Tools to Prevent Devastating Malware
- Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
- X-Ray of the PCI Process-4 Proactive Steps
- This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into...
- Identity Governance: The Business Imperatives
- This white paper describes the business challenges and opportunities that are driving interest in Identity Governance while discussing considerations your organization should make... All Security White Papers
- Live Webcast
Playing Defense: Staying on Top of Your Disaster Recovery Game - When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...
- Introduction to VMware vCenter Site Recovery Manager 5
- Traditional disaster recovery solutions are often too expensive, complex and unreliable to meet business requirements. As a result, IT departments are hesitant to...
- The Top Ten Secrets to Avoiding SAN Performance Problems
- Maintaining peak performance while simultaneously addressing the root cause of SAN errors is challenging. Learn the most common SAN problems and explore new...
- Deduplication Without Compromise
- Go inside Quantum's scalable, high-performance, multi-protocol new DXi deduplication appliances, designed to make backup much more effective. Discover how the new future-proof DXi6700...
- Director of Disk Products Discusses DXi6700
- Discover how the new DXi 6700 series of deduplication appliances provide investment protection and a future-proof feature set, all while delivering fast, scalable,...
- Playing Defense: Staying on Top of Your Disaster Recovery Game
- When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing... All Security Webcasts
