What to expect from Microsoft's NGSCB plan

Microsoft Corp. said that it was retinkering with its Next Generation Secure Computing Base (NGSCB), originally announced in 2002 with the code name Palladium. This step was taken in response to demands from users and software vendors that existing applications could take advantage of the security functions offered by the NGSCB platform without having to rewrite them (see story).

This is welcome news for users and independent software vendors. However, it may present challenges to the NGSCB design. To facilitate the discussion, Figure 1 shows the NGSCB configuration. Components of the NGSCB that require the support of new hardware are shown in Figure 1 with the image of an IC chip.

Figure 1: NGSCB Configuration. The green-red lines show where protected data is in encrypted or decrypted format. Encryption or decryption occurs at the junction of the red and green lines.

The NGSCB Nexus security kernel identifies, authenticates and controls access to trusted applications and resources using a security reference monitor, a part of the Nexus security kernel. For an application to make use of the protected operating environment, either parts of it need to function as component Nexus Computing Agents, or the entire application needs to function as a stand-alone NCA. An NCA is a trusted software running in the protected operating environment and is hosted by the Nexus. The protected environment in the NGSCB was envisioned as a very restricted development environment. An application is partitioned so that only components that manage critical trusted information are run as NCAs in the protected environment, and components that manage traditional functionalities are run in the standard environment. This is summarized by Microsoft1 as: "A good rule of thumb is: If you can leave functionality in Standard mode without compromising information, you should leave it there." To achieve this partition will most likely require some rewriting and retesting of existing applications.

Another challenge to running existing applications as is without rewriting is more fundamental and may cause breaches to the security of the NGSCB. The two main enabling features of the NGSCB platform are the hardware-enforced curtained memory where the Nexus and NCAs are run, and the hardware component, namely the Security Support Component or Trusted Platform Module chip, for storing and managing encryption keys.

However, once in the protected environment, based on Microsoft documents2, the Nexus is protected from NCAs, and the NCAs are protected from each other using the same ring and virtual memory protections as used in today's computers.

Thus, once a program gets into the protected environment, the security is no different from the situation in today's PCs. To ensure the security in the protected environment, NCAs should be written as managed codes so that the Nexus can closely manage them, and it is ensured that the Nexus is protected from the NCAs and the NCAs are protected from each other. Allowing applications to run in the protected environment means that flaws or vulnerabilities in an application may compromise the ring and virtual memory protection within the protected environment, and modify or affect the Nexus or other NCAs in unintended or malicious ways.

Microsoft envisions that the NGSCB promises four main benefits to users: protected memory, attestation, sealed storage, and secure input and output. We will analyze each of them below.

Protected memory

The NGSCB provides a hardware-enforced, curtained memory space for the Nexus and NCAs such that trusted applications running in the curtained memory are not modified or observed by programs or even the operating system in the standard environment. This is very strong protection.

However, once in the protected environment, as pointed out before, standard ring and virtual memory protection as in today's PCs is used. Thus, once a flawed or vulnerable program gets to run as an NCA, the security protection promised by the NGSCB may be compromised, and we are faced with a situation not different from today's PCs. One way to improve this is to have another layer of hardware-enforced curtained memory protection for the Nexus.


Attestation ensures the identity and authentication of a computer and the programs that run on it using public-private key pairs and digital signatures. The benefit of attesting a computer and an application is obvious for enforcing software licenses. However, the benefit to a user is not as clear.

Attestation of a computer and an application over the Internet requires that a user run the application on the same NGSCB computer each time he needs to attest to the server. If the user needs to run the application on a different computer, he will need to make sure that the computer is NGSCB-enabled, has the same application installed and both the application and the computer are authenticated to the server, either directly or indirectly.

Requiring attestation of a specific computer limits a user from using different computers, which may be needed when a user travels. Other benefits of attesting a computer and an application over the Internet include network access and traffic control, and two-factor authentication.

There are alternative solutions for such purposes that are either simpler or more essential. For network access or traffic control, security and access policies can be enforced on the switch port or the VPN tunnel to which the computer is connected. There are existing solutions for network access control based on user authentication and checking of the computer for security compliance.

Furthermore, regardless of whether the computer and application are attested, companies are finding that filtering and security checks of the contents are increasingly becoming necessary. For two-factor authentication, proven and mobile technologies such as the RSA SecurID or USB security keys work well. New USB security keys that integrate cryptographic functions, key management and VPN support are bound to a user, not to a computer, and thus are more mobile. Furthermore, when there are many non-NGSCB computers out there, only identifying the "good guys" who enable the NGSCB mode limits the scope of its intended purpose.

Sealed storage

The benefit of the sealed storage is provided by encrypting and storing a unique secret or key that an NCA used to encrypt your data and a digest of the NCA, thus eliminating the risk of storing data encryption keys unsecured on a hard drive. This is a useful function. However, since disk access is handled by the standard environment, which may be compromised, the Nexus' or an NCA's disk access may be sabotaged by a malicious program in the standard environment. Since the data is encrypted, its content is protected, but this does not prevent a malicious program in the standard environment from dropping, deleting or altering the encrypted data.

To prevent this, there needs to be a digital signature integrity check at the disk controller each time the Nexus or an NCA writes to the disk. This will require new hardware in the disk drives and new disk access protocol. Also, there are other technologies for sealed storage that are more portable. For example, you could use a USB key with embedded cryptographic functions such as public-private key-based authentication, digital signature and certificate, and encryption key generation, storage and management.

Secure input and output

The NGSCB secures the data path from the keyboard and mouse to NCAs and then from those NCAs to trusted windows under their control, and thus prevents programs in the standard environment from monitoring or intercepting a user's data or activity. This requires new keyboards with encryption chips and new graphics controller chips that decrypt data and prevent decrypted data from being read. The impact of the added encryption and decryption on the computer's power consumption and performance needs to be evaluated and is not clear at this point.

I have not found any Microsoft document mentioning this, but to achieve the secure input and output benefit promised by the NGSCB, I believe that the NGSCB will also require new printer controllers or adapters that decrypt data for printing and prevent decrypted data to be read by the computer. A secure document will need to stay encrypted in the standard environment until it reaches the printer. So the printer needs to decrypt data.

In addition, the printer controller will need to have a hardware separation of encrypted and decrypted data so that once the data is decrypted, it can only be printed, but not be read back by a program in the standard environment. Otherwise, an attacker can insert a malicious program into a printer, wait for data to be decrypted for printing, use a malicious program in the standard environment to fetch the decrypted data back and send it out over the network.

The NGSCB's requirement of new chips and new peripherals increases the cost of the solution, as well as the adoption cycle. Requiring users not only to buy new computers, but also to throw away keyboards, mice and printers that still have a long remaining working life, most likely will mean that it will take quite some time for many of the NGSCB-equipped computers to be NGSCB-enabled even if NGSCB PCs are bought.

The NGSCB offers some promising security benefits, however, there are still many challenges and unanswered questions. Given the long time before the NGSCB can take hold, other solutions offering similar security benefits, but are cheaper, easier to adopt and less disruptive to users are likely to emerge in the meantime.

1. Ellen Cram, "Next-Generation Secure Computing Base: Development Considerations for Nexus Computing Agents," Microsoft Corp., October 2003

2. Microsoft Corp., "Security Model for the Next-Generation Secure Computing Base," 2003

Ping Liang, Ph.D., is president and chief technology officer at Highercom Corp., a technology development and design service company specializing in network security, wireless networking, embedded systems and ASIC design. He can be reached at liang@highercom.com.

Copyright © 2004 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon