Welcome To edutwin.com ..! Here you can see Seminar Topics & Project Ideas , assignment, question answers, career guidence ,old question papers, quiz , job posting , ppt pdf doc presentation Abstract and documentation for Computer Science ,ECE, Communication, MCA ,BCA, BBA, MBA, Electronics, Electrical, Mechanical Engineering, Civil, Medicine, Technical, Nursing, Pharmacy, Science, Physics, Mathematics, Chemistry,Gerneral,B.tech,M.tech,all degree,PG,diploma,exam result,resumes,research concepts,tutorials and lot more
Viewing mode Threaded Mode | Linear Mode
Seminar Report on MICROSOFT PALLADIUM
Thread Rating:
  • 47 Votes - 3.04 Average
  • 1
  • 2
  • 3
  • 4
  • 5
 


Offline Computer Science Professor
Senior Member
****
712 posts

Seminar Report
on
MICROSOFT PALLADIUM
Submitted by
AJITH V
in partial fulfillment for the award of the degree
of
BACHELOR OF TECHNOLOGY
IN
COMPUTER SCIENCE AND ENGINEERING
SCHOOL OF ENGINEERING
COCHIN UNIVERSITY OF SCIENCE AND
TECHNOLOGY, KOCHI - 682022
OCTOBER 2008
DIVISION OF COMPUTER ENGINEERING
SCHOOL OF ENGINEERING Page 2

COCHIN UNIVERSITY OF SCIENCE AND TECHNOLOGY
KOCHI - 682022
Certificate
Certified that this is a bonafide record of the seminars work entitled
Microsoft Palladium
done by the following students
Ajith V
of the VII
th
semester, Computer Science and Engineering in the year 2008 in partial
fulfillment of the requirements to the award of Degree of Bachelor of Technology in
Computer Science and Engineering of Cochin University of Science and Technology.
Ms Shekha Chenthara
Seminar Guide
Lecture
Division of computer science
SOE, CUSAT
Dr. David Peters S
Head of the Department
Division of computer science
SOE, CUSATPage 3

ACKNOWLEDGEMENT
First and foremost I thank almighty for his blessings. I sincerely express my
gratitude to my seminars guide, Ms.shekha chenthara, Lecturer, CUSAT, for his proper guidance and
valuable suggestions. I am equally indebted to Mr. David Peter, the HOD, Computer Science division and
other faculty members for giving me such an opportunity to learn and present this seminar. If not for the
above mentioned people my seminars would never have been completed successfully. I once again extend
my sincere thanks to all of them
AJITH V Page 4

ABSTRACT
The Next-Generation Secure Computing Base (NGSCB), formerly known as
Palladium, is a software architecture designed by Microsoft which is expected to implement
"Trusted Computing" concept on future versions of the Microsoft Windows operating system.
Palladium is part of Microsoft's Trustworthy Computing initiative. Microsoft's stated aim for
palladium is to increase the security and privacy of computer users. Palladium involves a new
breed of hardware and applications in along with the architecture of the Windows operating
system. Designed to work side-by-side with the existing functionality of Windows, this significant
evolution of the personal computer platform will introduce a level of security that meets the rising
customer requirements for data protection, integrity and distributed collaboration. It's designed to
give people greater security, personal privacy and system integrity.Page 5

i
TABLE OF CONTENTS
ABSTRACT
LIST OF FIGURES
ii
1.
INTRODUCTION
1
1.1 CORE PRINCIPLES OF PALLADIUM
4
2.
CORE PRINCIPLES OF PALLADIUM
11
2.1. HARDWARE COMPONENTS 11
2.1.1. TRUSTED SPACE
11
2.1.2. SEALED STORAGE
11
2.1.3. ATTESTATION
11
2.2. SOFTWARE COMPONENTS 12
2.2.1. NEXUS
12
2.2.2. TRUSTED AGENT
12
3.
COMPARISON OF TCPA AND PALLADIUM
20
4.
ADVANTAGES OF PALLADIUM
21
4.1. BLOCK MALICIOUS CODE
21
4.2. DIGITAL RIGHT MANAGEMENT
21
5.
DISADVANTAGES OF PALLADIUM
23
5.1. UPGRADES
23
5.2. INTEROPERABILITY 23
5.3. LEGACY PROGRAMS
24
6.
CONCLUSION
25
7.
REFERENCES
27 Page 6

ii
LIST OF FIGURES
SL No Title
Pg No
Fig 1.1
PALLADIUM ENABLED SYSTEM
2
Fig 2.1
PALLADIUM WITH CLOSED SPHERE OF TRUST
7
Fig 2.2
PALLADIUM AS AN OPT_IN SYSTEM
8Page 7

Microsoft Palladium
Division of Computer Science, SOE, CUSAT
1
1.
INTRODUCTION
The Next-Generation Secure Computing Base (NGSCB), formerly known
as Palladium, is a software architecture designed by Microsoft which is expected to implement
"Trusted Computing" concept on future versions of the Microsoft Windows operating system.
Palladium is part of Microsoft's Trustworthy Computing initiative. Microsoft's stated aim for
palladium is to increase the security and privacy of computer users. Palladium involves a new
breed of hardware and applications in along with the architecture of the Windows operating
system. Designed to work side-by-side with the existing functionality of Windows, this
significant evolution of the personal computer platform will introduce a level of security that
meets the rising customer requirements for data protection, integrity and distributed
collaboration. It's designed to give people greater security, personal privacy and system integrity.
Internet security is also provided by palladium such as protecting data from virus and hacking of
data
In addition to new core components in Windows that will move the Palladium
effort forward, Microsoft is working with hardware partners to build Palladium components and
features into their products. The new hardware architecture involves some changes to CPUs
which are significant from a functional perspective. There will also be a new piece of hardware
called for by Palladium that you might refer to as a security chip. It will provide a set of
cryptographic functions and keys that are central to what we're doing. There are also some
associated changes under the chipset, and the graphics and I/O system through the USB port--all
designed to create a comprehensive security environment.
"Palladium" is the code name for an evolutionary set of features for the
Microsoft Windows operating system. When combined with a new breed of hardware and
applications, "Palladium" gives individuals and groups of users greater data security, personal
privacy and system integrity. Designed to work side-by-side with the existing functionality of
Windows, this significant evolution of the personal computer platform will introduce a level of
security that meets the rising customer requirements for data protection, integrity and distributed
collaboration .Page 8

Microsoft Palladium
Division of Computer Science, SOE, CUSAT
2
Users implicitly trust their computers with more of their valuable data every
day. They also trust their computers to perform more and more important financial, legal and
other transactions. "Palladium" provides a solid basis for this trust: a foundation on which
privacy- and security-sensitive software can be built.
There are many reasons why "Palladium" will be of advantage to users.
Among these are enhanced, practical user control; the emergence of new server/service models;
and potentially new peer-to-peer or fully peer-distributed service models. The fundamental
benefits of "Palladium" fall into three chief categories: greater system integrity, superior personal
privacy and enhanced data security.These categories are illustrated in Fig 1.1
Fig 1.1 Palladium enabled systemPage 9

Microsoft Palladium
Division of Computer Science, SOE, CUSAT
3
Today's personal computing environment has advanced in terms of security
and privacy, while maintaining a significant amount of backward compatibility. However, the
evolution of a shared, open network (the Internet) has created new problems and requirements
for trustworthy computing. As the personal computer grows more central to our lives at home,
work and school, consumers and business customers alike are increasingly aware of privacy and
security issues.
Now, the pressure is on for industry leaders to take the following actions:
¢
Buildsolutionsthatwillmeetthepressingneedforreliabilityandintegrity.
¢
Makeimprovementstothepersonalcomputersuchthatitcanmorefullyreachits
potentialandenableawiderrangeofopportunities.
¢
Givecustomersandcontentprovidersanew levelofconfidenceinthecomputer
experience.
¢
Continueto supportbackward compatibility with existing softwareand user
knowledgethatexistswithWindowssystemstoday.
Together,industryleadersmustaddressthesecriticalissuestomeetthemountingdemandfor
trusted computing while preserving the open and rich characterofcurrentcomputer
functionality.Page 10

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
4
1.1FEATURESOFPALLADIUM
Developmentof"Palladium"isguidedbyimportantbusinessandTechnical
imperativesandassumptions.Amongthesearethefollowing:
à A "Palladium"-enhanced computer must continue to run any existing applications
and device drivers.
"Palladium"isnotaseparateoperatingsystem.Itisbasedonarchitectural
enhancementstotheWindowskernelandtocomputerhardware,includingtheCPU,peripherals
andchipsets,tocreateanewtrustedexecutionsubsystem(seeFig1).
"Palladium"willnoteliminateanyfeaturesofWindowsthatusershavecome
torelyon;everythingthatrunstodaywillcontinuetorunwith"Palladium."Inaddition,
"Palladium"doesnotchangewhatcanbeprogrammedorrunonthecomputingplatform;it
simplychangeswhatcanbebelievedaboutprograms,andthedurabilityofthosebeliefs.
Moreover,"Palladium"willoperatewithanyprogram theuserspecifieswhilemaintaining
security.
à "Palladium"-based systems must provide the means to protect user privacy better than
any operating system does today.
"Palladium"preventsidentitytheftandunauthorizedaccessto
personaldataontheuser'sdevicewhileontheInternetandonothernetworks.Transactionsand
processesareverifiableandreliable(throughtheattestablehardwareandsoftwarearchitecture
describedbelow),andtheycannotbeimitated.
With"Palladium,"asystem'ssecretsarelockedinthecomputerandareonly
revealedontermsthattheuserhasspecified.Inaddition,Page 11

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
5
thetrusteduserinterfacepreventssnoopingandimpersonation.Theusercontrolswhatis
revealedandcanseparatecategoriesofdataonasinglecomputerintodistinctrealms.
Finally,the"Palladium"architecturewillenableanew classofidentity
serviceprovidersthatcanpotentiallyofferuserschoicesforhowtheiridentitiesarerepresented
inonlinetransactions.Theseserviceproviderscanalsoensurethattheuserisincontrolof
policiesforhowpersonalinformationisrevealedtoothers.Inaddition,"Palladium"willallow
userstoemployidentityserviceprovidersoftheirownchoosing.
à "Palladium" will not require digital rights management technology, and DRM will not
require "Palladium."
Digitalrightsmanagement(DRM)isanimportant,emergingtechnologythat
manybelievewillbecentraltothedigitaleconomyofthefuture.Asameansofdefiningrules
andsettingpoliciesthatenhancetheintegrityandtrustofdigitalcontentconsumption,DRM is
vitalforawiderangeofcontent-protectionuses.SomeexamplesofDRM aretheprotectionof
valuableintellectualproperty,trustede-mailandpersistentprotectionofcorporatedocuments.
WhileDRMand"Palladium"arebothsupportiveofTrustworthyComputing,
neitherisabsolutelyrequiredfortheothertowork.DRM canbedeployedonnon-"Palladium"
machines,and"Palladium"canprovideuserswithbenefitsindependentofDRM.Theyare
separatetechnologies.Thatsaid,thecurrentsoftware-basedDRM technologiescanberendered
strongerwhendeployedon"Palladium"-basedcomputers.
à User information is not a requirement for "Palladium" to work.
"Palladium"authenticatessoftwareandhardware,notusers."Palladium"is
aboutplatformintegrity,andenablesusers-whetherinacorporateorhomesetting-totake
advantageofsystemtrustworthinesstoestablishmultiple,separateidentities,eachtosuitspecific
needs.Page 12

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
6
Forexample,anemployeelogsontothecorporatenetworkfromhome.Atrustedgatewayserver
atthecorporatenetworkmediatestheremoteaccessconnection,allowingonlytrusted
applicationstoaccessthenetwork.Thisensuresthatthenetworkisprotectedagainstinfection
fromattacksbyvirusesthatthehomeusermighthavereceivedthroughpersonale-mail.Once
connected,theemployeecanuseRemoteDesktoptoaccessthecomputerattheofficeorsavea
filebacktothecorporateserverbyusinglocallyactiveTrustedAgentsandsealedstorage(see
below)ontheclient.
Withthistechnology,thecorporatenetworkisprotected,whiletheindividual
canalsobeconfidentthatthecompanyisnotusingtheremoteconnectionasanopportunityto
snoopintothecontentsoftheuser'shomecomputer.
à"Palladium" will enable closed spheres of trust.
Aclosedsphereoftrustbindsdataoraservicetobothasetofusers(logon)and
toasetofacceptableapplications.AsshowninFig2.2,thenexus(formerlyreferredtoasthe
TrustedOperatingRoot,orTOR)doesnotsimplyopenthevault;thenexuswillopenonlya
particularvault,andonlyforasmalllistofapplications.Page 13

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
7
Palladiumwithclosedspheresoftrust
Fig2.1
à"Palladium" is an opt-in system.
"Palladium"isentirely an opt-in solution;systemswillship with the
"Palladium"hardwareandsoftwarefeaturesturnedoff.Theuserofthesystemcanchooseto
simplystaywiththisdefaultsetting,leavingall"Palladium"-relatedcapabilities(hardwareand
software)disabled.
Palladiummustbehighlyresistanttosoftwareattacks(suchasTrojanhorse
viruses),andmustprovideuserswiththeintegrityofaprotected,end-to-endsystem across
networks.Page 14

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
8
Palladiumasanopt-insystem
Fig2.2
Palladiumprovidesatrustedprocessingenvironment.Trustedcoderunsin
memorythatisphysicallyisolated,protected,andinaccessibletotherestofthesystem,making
itinherentlyimpervioustoviruses,spy-ware,orothersoftwareattacks.Withrespecttoviruses,
thecontributionfromPalladiumisfairlystraightforward.SincePalladiumdoesnotinterferewith
theoperationofanyprogram runningintheregularWindowsenvironment,everything,
includingthenativeOSandviruses,runsthereasitdoestoday.Soantivirusmonitoringand
detectionsoftwareinWindowswillstillbeneeded.However,PalladiumdoesprovideantivirusPage 15

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
9
softwarewithasecureexecutionenvironmentthatcannotbecorruptedbyinfectedcode,soan
antivirusprogram builtontopofaPalladium applicationcouldguaranteethatithasn'tbeen
corrupted.Thisgroundingoftheantivirussoftwareallowsittobootstrapitselfintoaguaranteed
executionstate,somethingitcan'tdotoday.
OneofthekeyPalladiumbuildingblocksis"authenticatedoperation".Ifa
bankingapplicationistobetrustedtoperform anaction,itisimportantthatthebanking
applicationhasnotbeensubverted.Itisalsoimportantthatbankingdatacanonlybeaccessed
byapplicationsthathavebeenidentifiedastrustedtoreadthatdata."Palladium"systems
providethiscapabilitythroughamechanismcalledsealedstorage.
Anothercapabilityprovided byauthenticatedoperationisattestation.
"Palladium"willallowabanktoacceptonlytransactionsinitiatedbytheuserandthatarenot
virusesorotherunknownmachinesontheInternet.Because"Palladium"softwareand
hardwareiscryptographicallyverifiabletotheuserandtoothercomputers,programsand
services,thesystem canverifythatothercomputersandprocessesaretrustworthybefore
engagingthemorsharinginformation.Usersthereforecanbeconfidentthattheirintentionsare
properlyrepresentedandcarriedout,asillustratedinFigure3.Moreover,thesourcecodefor
theoperatingsystem'scriticalnexuswillbepublishedandvalidatedbythirdparties.
Finally,interactionwiththecomputeritselfistrusted."Palladium"-specific
hardwareprovidesaprotectedpathwayfromkeyboardtomonitor,andkeystrokescannotbe
snoopedorspoofed,evenbymaliciousdevicedrivers.
à "Palladium" data security features will make a Windows-based
device a trustworthy environment for any data.
The"Palladium"systemisarchitectedwithsecurityandintegrityasitsprimary
designgoals.Trustedcodecannotbeobservedormodifiedwhenrunninginthetrustedexecution
space.Filesareencryptedwithmachine-specificsecrets,makingthem uselessifstolenorPage 16

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
10
surreptitiously copied.In addition,machine-specific system secretsare physically and
cryptographicallylocked(themachine'sprivatekeyisembeddedinhardwareandnever
exposed),and the trusted hardware architecture preventssnooping,spoofing and data
interception.Coresystemsecretsarestoredinhardware,wherenosoftwareattackcanreveal
them.Evenifexposedbyasophisticatedhardwareattack,thecoresystem secretsareonly
applicabletodataonthecompromisedsystemandcannotbeusedtodevelopwidelydeployable
hacks.Finally,acompromisedsystemcanlikelybespottedbyITmanagers,serviceproviders
andothersystems,andthenexcluded.
àA "Palladium" system will be open at all levels.
"Palladium"hardwarewillrunanynexus.Someplatformsmayallowauserto
restrictthenexusesthatareallowedtorun,buttheuserwillstillbeinfullcontrolofthispolicy.
The"Palladium"TORwillalsoruntrustedagentsfrom anypublisher.Again,theusermay
choosetorestrictthetrustedagentsthatrunonthesystem,buttheuserwillremaininfullcontrol
ofthispolicy.The"Palladium"nexuswillworkwithanynetworkserviceprovideroftheuser's
choosing.Page 17

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
11
2. CORE PRINCIPLES OF PALLADIUM
"Palladium"comprisestwokeycomponents:hardwareandsoftware.
2.1HARDWARECOMPONENTS
Engineeredforensuringtheprotectedexecutionofapplicationsandprocesses,
theprotectedoperatingenvironmentprovidesthefollowingbasicmechanisms:
2.1.1 TRUSTEDSPACE:- Theexecutionspaceisprotectedfromexternalsoftwareattacks
suchasavirus.Trustedspaceissetupandmaintainedbythenexusandhasaccessto
variousservicesprovidedby"Palladium,"suchassealedstorage.
2.1.2 SEALED STORAGE:- Sealedstorageisanauthenticatedmechanism thatallowsa
programtostoresecretsthatcannotberetrievedbynontrustedprogramssuchasavirus
orTrojanhorse.Informationinsealedstoragecannotbereadbyothernontrusted
programs.(Sealedstoragecannotbereadbyunauthorizedsecureprograms,forthat
matter,andcannotbereadevenifanotheroperatingsystem isbootedorthediskis
carriedtoanothermachine.)Thesestoredsecretscanbetiedtothemachine,thenexusor
theapplication.Microsoftwillalsoprovidemechanismsforthesafeandcontrolled
backupandmigrationofsecretstoothermachines.
2.1.3 ATTESTATION:- Attestationisamechanism thatallowstheusertorevealselected
characteristicsoftheoperatingenvironmentto externalrequestors.Forexample,
attestationcanbeusedtoverifythatthecomputerisrunningavalidversionof
"Palladium."Page 18

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
12
2.2SOFTWARECOMPONENTS
Theplatform implementsthesetrustedprimitivesinanopen,programmable
waytothirdparties.Theplatformconsistsofthefollowingelements:
2.2.1 NEXUS:- (atechnologyformerlyreferredtoasthe"TrustedOperatingRoot(TOR)".
ThecomponentinMicrosoftWindowsthatmanagestrustfunctionalityfor"Palladium"
user-modeprocesses(agents).Thenexusexecutesinkernelmodeinthetrustedspace.It
providesbasicservicestotrustedagents,suchastheestablishmentoftheprocess
mechanismsforcommunicatingwithtrusted agentsandotherapplications,andspecial
trustservicessuchasattestationofrequestsandthesealingandunsealingofsecrets.
2.2.2 TRUSTEDAGENT:- Atrustedagentisaprogram,apartofaprogram,oraservice
thatrunsinusermodeinthetrustedspace.Atrustedagentcallsthenexusforsecurity-
relatedservicesandcriticalgeneralservicessuchasmemorymanagement.Atrusted
agentisabletostoresecretsusingsealedstorageandauthenticatesitselfusingthe
attestationservicesofthenexus.Oneofthemainprinciplesoftrustedagentsisthatthey
canbetrustedornottrustedbymultipleentities,suchastheuser,anITdepartment,a
merchantoravendor.Eachtrustedagentorentity ontrolsitsownsphereoftrust,and
theyneednottrustorrelyoneachother.
Together,thenexusandtrustedagentsprovidethefollowingfeatures:
¢ Trusteddatastorage,encryptionservicesforapplicationstoensure
dataintegrityandprotectionPage 19

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
13
¢ Authenticatedboot,facilitiestoenablehardwareandsoftwareto
authenticateitself
Fromtheperspectiveofprivacy(andanti-virusprotection),oneofthekey
benefitsof"Palladium"istheabilityforuserstoeffectivelydelegatecertificationofcode.
Anyonecancertify"Palladium"hardwareorsoftware,anditisexpectedthatmanycompanies
andorganizationswillofferthisservice.Allowingmultiplepartiestoindependentlyevaluateand
certify"Palladium"-capablesystemsmeansthatuserswillbeabletoobtainverificationofthe
system'soperationfromorganizationsthattheytrust.Inaddition,thiswillformthebasisfora
strongbusinessincentivetopreserveandenhanceprivacyandsecurity.Moreover,"Palladium"
allowsanynumberoftrustedinternalorexternalentitiestointeractwithatrustedcomponentor
trustedplatform. TheinitialversionofPalladiumwillrequirechangestofivepartsofthePC's
hardware.ChangeswillberequiredtotheCPU,thechipset(onthemotherboard),theinput
devices(e.g.keyboard),andthevideooutputdevices(graphicsprocessor).Inaddition,anew
componentmustbeadded:atamper-resistantsecurecryptographicco-processor,which
MicrosoftcallsSCPorSPP
¢ AlthoughtheSCPistamper-resistant,itislikelythataskilledattackerwithphysical
accesstotheinsideofaPalladiumPCcanstillcompromiseitorsubvertitspoliciesin
someway.
¢ Soitispossiblethatanattackerwithphysicalaccesscanstillcompromisethesystem,
eventhoughtheSCPismeanttobetamper-resistant,partlybecauseothercomponents
(likeRAM)arelessrobustagainstmodification.Palladiumprimarilydefendseffectively
againsttwoclassesofattacksSad1)remotenetworkmountedattacks(bufferoverflowsand
otherprogrammingflaws,maliciousmobilecode,etc.),becauseevenifsomemalicious
codeisinstalledinonepartofthesystem,itstillcan'teffectivelysubvertthepolicyof
anotherpartofthesystem,and(2)localsoftware-basedattacks,includingthingslike
usingadebuggertotrytoreadaprogram'sinternalstatewhileit'sexecutingortotryto
subvertitspolicy.Thus,Palladium canprobablyguaranteethatyoucan'twriteorPage 20

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
14
downloadanysoftware(andnobodyelsecanwriteoruploadtoyouanysoftware)which
wouldcompromisethepolicyofsoftwarerunninglocallywhichismakinguseof
Palladiumtrustfeatures.
¢ Palladium'schangestotheCPUallowittobeplacedintoanewmodewherecertain
areasofmemoryarerestrictedviaatechniquecalled"codecurtaining"toanultra-
privilegedpieceofcodecalledthe"nub"or"TOR".("Nub"isthePalladiumteam'sterm
forthiscode,and"TOR",for"TrustedOperatingRoot",istheofficialpublicterm.)The
nubisakindoftrustedmemorymanager,whichrunswithmoreprivilegethanan
operatingsystemkernel.ThenubalsomanagesaccesstotheSCP.
¢ TheSCPisan8-bittamper-resistantcryptographicsmart-cardwhichcontainsunique
keys,includingpublickeypairs(2048-bitRSA),andsymmetrickeysforAESinCBC
mode.ThesekeysareuniquepermachineandtheSCPdoesnotrevealthemtoanything
outsidetheSCP'ssecurityperimeter.Italsocontainsavarietyofothercryptographic
functionality,includingSHA-1,RSA,AES,andothercipherimplementations,asmall
amountofmemory,and amonotone counter.TheSCPcandoanumberof
cryptographicprotocols.ItalsocontainsathingcalledaPCR.(Ithinkthatstandsfor
"platformconfigurationregister".)
¢ WhenyouwanttostartaPalladiumPCintrustedmode(notethatitdoesn'thave tostart
intrustedmode,and,fromwhatMicrosoftsaid,itsoundslikeyoucouldevenimagine
bootingthesameOSineithertrustedoruntrustedmode,basedonauser'schoiceatboot
time),thesystemhardwareperformswhat'scalledan"authenticatedboot",inwhichthe
systemisplacedinaknownstateandanubisloaded.Ahash(Ithinkit'sSHA-1)istaken
ofthenubwhichwasjustloaded,andthe160-bithashisstoredunalterablyinthePCR,
andremainsthereforaslongasthesystemcontinuestooperateintrustedmode.Then
theoperatingsystem kernelcanboot,butthekeytothetrustinthesystem isthePage 21

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
15
authenticationofthenub.Aslongasthesystemisup,theSCPknowsexactlywhichnub
iscurrentlyrunning;becauseofthewaytheCPUworks,itisnotpossibleforanyother
softwaretomodifythenuboritsmemoryorsubvertthenub'spolicies.Thenubisin
somesenseinchargeofthesystematalowlevel,butitdoesn'tusuallydothingswhich
othersoftwarewouldnoticeunlessit'saskedto.
¢ Thenubinterfaceswithothersoftwareonthesystembymeansofprograms(outsidethe
nub)calledtrustedagents(orTAs).TheTAscanimplementsophisticatedpoliciesand
authenticationmethods,wherethenub(andSCP)justimplementfairlysimpleprimitives.
ATAcanalsocommunicatewithuser-spaceprograms(atleast,thatwillbeafeatureof
Microsoft'snub;otherpeoplecanwritetheirownnubswhichcansupportdifferentkinds
ofTAsorevendowithoutTAsentirely).TheTAsareprotectedbyhardwarefromone
anotherandfromtherestofthesystem.
¢ EvenPCIDMAcan'treadorwritememorywhichhasbeenreservedtoanub'sorTA's
use(includingthenub'sorTA'scode).Thismemoryiscompletelyinaccessibleandcan
onlybeaccessedindirectlythroughAPIcalls.Thechipsetonthemotherboardis
modifiedtoenforcesthissortofrestriction.
¢ TheSCPprovidesafeaturecalled"sealedstorage"bymeansoftwoAPIcalls(called
SEALandUNSEAL).IfaTArunningonasystemintrustedmodewantstousesealed
storage,itcancallintotheAPIsimplementedinthenub.
¢ Sealedstorageisimplementedbymeansofencryption(sealing)ordecryption(unsealing)
withasymmetriccipherWhentheSCPisgivendatatoseal,it'sgiventwoarguments:the
dataitselfanda160-bit"nubidentifier"
¢ Sealingisperformedbyprependingthenubidentifiertothedatatobesealed,andthen
encryptingtheresultwithaprivatesymmetrickey--the"platform-specifickey",whichPage 22

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
16
variesfrommachinetomachineandissecret.ThatkeyiskeptwithintheSCPandisa
uniqueidentifierforthemachinewhichperformedthesealingoperation
¢ TheSCPactuallyalsoprependsarandom noncetothedatatobesealedbefore
encryption(anddiscardsthenonceupondecryption).Thisisacleverprivacyfeature
whichpreventssomeonefromcreatinganapplicationwhich"cookiesyou"byrecording
theoutputofsealinganemptystring(andthenusingtheresultasapersistentunique
identifierforyourmachine).Aprogramwhichtriedto"cookieyou"thiswaywouldfind
that,becauseoftherandom nonce,theresultofsealingagivenstringisconstantly
completelydifferent,andnousefulinformationabouttheidentityofthemachineis
revealedbythesealingoperation.
¢ Afterencryption,theSCPreturnstheencryptedresultasthereturn
valueoftheSEALoperation.
¢ WhenanSCPisgivenencrypteddatatoUNSEAL,itinternallyattemptstodecryptthe
encrypteddatausingitsplatform-specifickey.Thismeansthat,iftheencrypteddatawas
originallysealedonadifferentmachine,theUNSEALoperationwillfailoutright
immediately.(Youcan'ttakeasealedfileandtransferittoanothermachineandunsealit
there;becausetheplatform-specifickeyis
usedforencryptionanddecryption,andcan'tbeextractedfromtheSCP,youcanonly
UNSEALdataonthesamemachineonwhichitwasoriginallySEALed.)
¢ Ifthedecryptionissuccessful,theSCPperformsasecondcheck:itexaminesthenub
identifierwhichresideswithinthedecrypteddata.Thenubidentifierwasspecifiedatthe
timethedatawasoriginallySEALed,andindicateswhichnubisallowedtoreceivethe
decrypteddata.Ifthenubidentifierforthedecrypteddataisidenticaltothenubidentifier
whichiscurrentlystoredinthePCR(whichistheSHA-1hashofthecurrently-running
nubonthemachineatthemomentUNSEALwascalled),theUNSEALissuccessfuland
thedecrypteddataisreturnedtothecallingnub.However,ifthenubidentifierdoesnotPage 23

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
17
matchthecontentsofthePCR,theSCPconcludesthatthenubwhichiscurrentlyrunning
isnotentitledtoreceivethisdata,anddiscardsit.
¢ Thus,sealingisspecific to a physical machine andalsospecific to a nub.Datasealedon
onemachineforaparticularnubcannotbedecryptedonadifferentmachineorundera
differentnub.Anapplicationwhichtrustsaparticularnub(andisrunningunderthatnub)
cansealimportantsecretdataandthenstoretheresultingsealeddatasafelyonan
untrustedharddrive,orevensenditoveranetwork.
¢ Ifyourebootthemachineunderadebugger,thereisnotechnicalproblem,andyoucan
debugthesoftwarewhichcreatedtheencryptedfile.However,sinceyouaren'trunning
theproper(nodebugger-friendly)nub,thedebuggerwillwork,buttheUNSEALcall
won't.TheSCPwillreceivetheUNSEALcall,examinethePCR,andconcludethatthe
currently-runningnubisnotcleared(sotospeak)toreceivethesealeddata.Your
applicationscanonlydecryptsealeddataiftheyarerunningunder the same machine
andunder the same software environment withinwhichtheyoriginallysealedthatdata!
¢ Thisisremarkablyclever.Whenyouarerunningunderatrustednub,yourapplications
canusetheSCPtodecryptandprocessdata,butyoucan'trunsoftwarewhichsubvertsa
TA'spolicy(becausethenubwillnotpermitthepolicytobesubverted).
¢ Whenyouarenotrunningunderatrustednub,youcanrunsoftwarewhichsubvertsa
TA'spolicy(becausethenubisn'tabletopreventit),butyourapplicationswillno
longerbeabletodecryptanysealeddata,becausetheSCPwon'tbewillingtoperform
thedecryption.
¢ Thereisalongdiscussionofhowyoucanmakeabackup,orupgradeyoursystem,or
migrateyoursoftwareanddatatoanewsystem,etc.Thedefaultwithsealedstorageis
thatanysealeddatawillbeunusablewhenmigratedtoanewsystem.TheMicrosoftnub
provideswrappersaroundtheSCP'ssealingfeatureswhichallowthesoftwarewhichPage 24

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
18
performsthesealingoperationtospecifyamigrationpolicyatthetimethesealing
operationisoriginallyperformed.Themigrationpolicycanbe(approximately)oneofthe
following,atthesoftware'ssoleoptionSad1)Migrationispreventedentirely,andthedata
mustdiewiththecurrentPCwhereitwascreated.(2)Migrationispermitteduponsome
kind
ofauthenticationbyalocaluser(e.g.apassword)whichwilldecryptorcommandthe
decryptionofdatatemporarilyinordertopermitittobemigrated.(3)Migrationis
permittedwiththeassistanceandconsentofa3rdparty.
¢ Palladium'smodificationstoinputandoutputhardwarewillpreventsoftwarefromdoing
certainkindsofmonitoringandspoofing,aswellas"screenscraping".Aprogramwill
beabletoaskPalladiumtodisplayadialogboxwhichcan'tbe"obscured"or"observed"
byothersoftware,andPalladiumhardwarecanenforcetheseconditions.Andthereisa
waytobesurethatinputiscomingfromaphysicalinputdeviceandnotspoofedby
anotherprogram.
¢ Thesecureoutputfeaturesalsopermit,e.g.,aDVDplayerprogramtopreventother
softwarefrommakingscreencaptures.TheinitialversionofPalladiumdoesnotcontrol
audiooutputinthisway,soyoucanstillrecordallsoundoutputviasomethinglike
TotalRecorder.
¢ Inprinciple,nubandkernelareindependent,soanon-Microsoftkernelcouldrunona
Microsoftnub,orviceversa.Patentandcopyrightissuesmightpreventthisfrombeing
doneinpractice,butitisapparentlytechnicallypossiblewithinthedesignofPalladium.
¢ Microsoft'snub,includingitssourcecode,willbepublishedforreviewbyanyonewho
wantstoexamineit,inordertoallow allofMicrosoft'sclaimsaboutitssecurity
propertiestobeverified.ThereisnopartofPalladium'sdesignorcodewhichneedsto
bekeptsecret,althougheachSCPwillcontainsecretcryptographickeysloadedatthe
timeofitsmanufacture.Microsoftwillencouragenon-MicrosoftpeopletoreadandPage 25

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
19
discussitsnub.Youwillalsobeabletocreateyourownnub,exceptthatchangingthe
nubwill(asdiscussedabove)preventpreviously-sealeddatafrombeingdecrypted.
¢ MicrosoftsuggeststhatPalladiumisflexibleenoughthatmanyentitiescoulduseitto
createtheirownpolicies,judgments,certificationservices,etc.Palladiumhasamore
robusttechnicalenforcementmechanismthaneitherofthosestandards.Page 26

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
20
3. COMPARISON OF TCPA AND PALLADIUM
TCPAstandsforËœTrustedComputingPlatformAllianceâ„¢,aninitiativeledby
Intel.TheirstatedgoalisaËœnewcomputingplatformforthenextcenturythatwillprovidefor
improvedtrustinthePCplatformâ„¢.Palladium isasoftwarethatMicrosoftsaysitplansto
incorporateinfutureversionsofWindows;itwillbuildontheTCPAhardwareandwilladd
somenewfeatures.
TheTCPAandPalladiumrelyontheadditiontothehardwareofnormalPCâ„¢s.
WhilePalladiumcallsformoreextensivechanges,the modificationsareremarkablysimilar.
Bothcallforanewchiptobeplacedonthemotherboardofallfuturecomputers.Thechipwould
includenewencryptionfunctionsaswellasasmallamountofmemorythatwouldactasa
digitalvaulttostoreimportantkeystodecryptprotecteddata.TheTCPAreferstothechipasthe
TrustedPlatformModule,asuccessortotheIntelâ„¢sprocessor.Microsoftreferstothehardware
componentsofPalladiumasSecureCryptographicCoprocessororSCP.Page 27

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
21
4. ADVANTAGES OF PALLADIUM
4.1BLOCKMALICIOUSCODE
OneofthemorepromisingaspectsthatPalladiumwillbringtoend-users
istheabilitytoauthenticatetheprogramstheyuse.Auserwillallowcertainapplications
accesstoresources.Originally,itwasthoughtthatPalladiumwouldnotpermitunauthorized
codetorunonasystem;thereforeitwouldstoptheexecutionofprogramslikeviruses.
Recently,however,MicrosofthasbackedofftheseclaimsaboutPalladium.Nowitsimply
claimsthatPalladiumwillprovideasecureexecutionenvironmentforanti-virusprograms
(MSPalladium TechnicalFAQ).Thebenefitofasecureenvironmentisthatvirusesand
othermaliciouscodecannotalterthebehaviorofaPalladium-enabledanti-virusprogram.
MicrosofthasdecidedthatlegacysupportforexistingWindowsapplicationsisimportant
enoughsoasnottorequireallprogramstoberewrittenforPalladium.Thismeansthat
existingprogramsandviruseswillstillrunonaPalladiumsystem.Theimpliedbenefitto
Palladium,asidefrom theaddedprotectionto anti-virusprograms,istheincreased
authenticationwithnewPalladiumenabledprograms.IfPalladiumproliferatesasMicrosoft
hopes,therewillcomeatimewhenlegacysupportwillnotbeimportantanymore,and
unauthorizedprogramswillnotberun.Itappearsasthoughthisisthefirststepontheway
tothatidea.
4.2DIGITALRIGHTMANAGEMENT
Thedigitalrightsmanagement(DRM)potentialwithaPalladiumsystem
iswhatcontentproducersanddistributorsareinterestedwith.Digitalrightsmanagementhas
todowithcontrollingwhomandhowlongcontentisdistributed.MicrosofttoutsPalladium
asbeingindependentofanyexistingDRM technologytoday(MSPalladium Technical
FAQ).Ontheotherhand,itacknowledgesthatPalladiumsystemsarebeingdesignedto
coincidewithDRMtechnologiestohelpcontentdevelopers(MSPalladiumTechnicalFAQ).
APalladiumsystemissupposedtomakeiteasierforindividualuserstoimplementDRMonPage 28

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
22
theirownpersonaldata. Forexample,ausermaysetupavaultcontainingcreditcard
information.Palladiumwouldallowtheusertosetupagroupoftrustedagentsthatwould
haveaccesstoallorcertainpartsofthatdata.Alongwithdata,Palladiumpromisestogive
userstheoptiontoregulatetimeintervalthatdataisavailabletothetrustedagentstheyhave
specified.Page 29

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
23
5. DISADVANTAGES OF PALLADIUM
5.1UPGRADES
InordertotakeadvantageofwhatPalladiumissupposedtooffer,users
willhavetoupgradeboththeircurrentoperatingsystemsandhardware.Thenextversionof
Windows,dueoutin2004,willneedhardwaresupportforPalladiumfeaturestoworkatall
(MSPalladiumTechnicalFAQ).ItisunclearatthispointwhetherthenextmajorWindows
releasewillrunonnon-Palladiumcompatiblehardware.Thecentralprocessingunitwill
havetosupportthetrustedexecutionmodethatPalladium offers.Itisclearthatfuture
motherboardswillneedtocontainthesecuritychipforPalladium torunproperly(MS
Palladium TechnicalFAQ). Moreupgradesmaybeofconcernintheareaofgraphic
hardwareandperipheralssuchaskeyboardsandmicebecauseoftheencryptioninbetween
thesehardwaredevicesandthesoftwaretheyareinteractingwith.
5.2INTEROPERABILITY
Palladiumhasreceivedwidecriticismforbeingaso-calledGeneralPublic
License(GPL)killer(Anderson).Now,MicrosoftclearlystatesthatthePalladium-enabled
operatingsystemwillbeabletoco-existwithanyLinuxbasedsystem,justastheiroperating
systemsdotoday.Thequestionthatcomestomindis,willthatchangewithwidespread
adoptionofthePalladiumarchitecture?Forexample,ifabankswitchesovertoexclusively
Palladiumsystems,wouldcustomersofthatbankwhodonâ„¢trunPalladiumsystemsbeable
tousethebankâ„¢sservices?PalladiumisnotadirectattackonGPLorLinuxbasedsystem,
butisanattempttochangetherulesofthenames.Page 30

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
24
5.3LEGACYPROGRAMS
ByMicrosoftâ„¢sownadmission,thePalladium-enabledoperatingsystemwill
nothaveperfectlegacysupport(MSPalladiumTechnicalFAQ).Allexistingdebuggerswill
needtobeupdatedinordertoworkunderPalladium. Performancetoolsthatmonitor
operatingsystemoruserprocesseswillneedtobeupdated.Anymemorydumpsoftware
willnotworkcorrectlywithoutchangestosupportPalladium. Hibernationfeaturesof
motherboardswillneedtobeupdatedaswell.Memoryscrubroutines,atthehardwarelevel,
willneedtoberewrittentoaccommodatePalladium.Thereasonforalloftheseupdatesis
thetrustedagentpolicythatPalladium enforces. Noprogram isallowedtoinvadethe
executionspaceforanyotherprogram. Inthecaseofadebugger,itwillneedspecial
permissionfromtheoperatingsystemtomonitortheexecutionspaceofthetargetprogram.
EvensoftwaredevelopedfortheTCPAspecificationwillneedtoberewrittenifittriesto
directlywritetoanyTCPAhardware.Thisdescriptionofincompatiblelegacyprogramsis
bynomeanscomprehensive;itissimplywhatMicrosoftisdisclosingatthistime(MS
PalladiumTechnicalFAQ).Page 31

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
25
6. CONCLUSION
Today,ITmanagersfacetremendouschallengesduetotheinherentopenness
ofend-usermachines,andmillionsofpeoplesimplyavoidsomeonlinetransactionsoutoffear.
However,withtheusageof"Palladium"systems,trustworthy,secureinteractionswillbecome
possible.Thistechnologywillprovidetoughersecuritydefensesandmoreabundantprivacy
benefitsthaneverbefore.With"Palladium,"userswillhaveunparalleledpoweroversystem
integrity,personalprivacyanddatasecurity.
Independentsoftwarevendors(ISVs)thatwanttheirapplicationstotake
advantageof"Palladium"benefitswillneedtowritecodespecificallyforthisnewenvironment.
Anewgenerationof"Palladium"-compatiblehardwareandperipheralswillneedtobedesigned
andbuilt.The"Palladium"developmentprocesswillrequireindustrywidecollaboration.Itcan
onlyworkwithbroadtrustandwidespreadacceptanceacrosstheindustry,businessesand
consumers.
"Palladium"isnotamagicbullet.Clearly,itsbenefitscanonlyberealizedif
industryleadersworkcollaborativelytobuild"Palladium"-compatibleapplicationsandsystems
-andthenonlyifpeoplechoosetousethem.Butthe"Palladium"visionendeavorstoprovide
thetrustworthinessnecessarytoenablebusinesses,governmentsandindividualstofullyembrace
theincreasingdigitizationoflife.
TheInternetandtheproliferationofdigitalcontenthavesparkedtheneedfor
moreprivacyandsecurityofdata.Theloomingquestionwheneveranyonetalksaboutsecurity
andprivacyis:forwhom?Palladiumcertainlygivesdigitalcontent 16providersthecontrol
overtheirproductthattheyhavewantedforalongtime.Inrecentmonths,Microsofthasclearly
emphasizedthebenefitsthatthemarriageofPalladium andDRM canbringtoend-users.
Microsoftclaimsthatuserswillhavecompletecontroloftheirpersonalinformation. The
Palladium-enabledoperatingsystemisnâ„¢tdueforatleastanotheryear.Itcouldtakemonthsafter
theinitialreleaseforanyonetofeelitseffects.Itisclear,however,thatwidespreadadoptionofPage 32

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
26
Palladiumwillfundamentallychangehowweusearepersonalcomputers.Thequestionis,will
thischangebeforthebetterortheworse?Page 33

MicrosoftPalladium
DivisionofComputerScience,SOE,CUSAT
27
7. REFERENCES
1. Anderson, R. TCPA / Palladium Frequently Asked Questions Version 1.0. July
2002. University of Cambridge Online. 5 Jan 2003
<http://www.cl.cam.ac.uk/users/rja14/tcpa-faq.html>.
2. Microsoft Palladium. 11 Nov. 2002. Electronic Privacy Information Center Online.
5 January 2003 <http://www.epic.org/privacy/consumer/microsoft/palladium.html>.
3. Boutin, Paul. Palladium: Safe or Security Flaw?. 12 Jul. 2002. Wired News
Online. 31 Jan 2003 <http://www.wired.com/news/antitrust/0,1551,53805,00.html>.
4. Hachman M., and Rupley S. Microsoft's Palladium: A New Security Initiative. 25
Jun. 2002. ExtremeTech Online. 5 Jan 2003
Quote this message in a replyQuote
Offline sabna op
Junior Member
**
1 posts

i want seminars report on microsoft palladium with pictures. plz............
Quote this message in a replyQuote
Offline sruthipavithran
Junior Member
**
6 posts

Plz send me a report on "MICROSOFT PALLADIUM"
Quote this message in a replyQuote
Offline computer science guru
Senior Member
****
610 posts

[3892]

MICROSOFT PALLADIUM
Abstract
Palladium is the code name for an evolutionary set of features for the Microsoft Windows system. When combined with a new breed of hardware and applications, these features will give individuals and groups of users greater data security, personal privacy and system integrity. Palladium provides a solid basis for users trust : a foundation on which privacy and security-sensitive software can be built. There are many reasons why palladium will be of advantage
Quote this message in a replyQuote
Offline akhilesh00799
Junior Member
**
1 posts

Plz send me Microsoft Palladium PPT File to bilalsaifudeen[at]gmail.com

Pleeez
Quote this message in a replyQuote
Offline academic expert
Posting Freak
*****
5,360 posts

[11491]
1.INTRODUCTION
"Palladium" is the code name for an evolutionary set of features
for the Microsoft® Windows® operating system. When combined with a
new breed of hardware and applications, these features will give
individuals and groups of users greater data security, personal privacy,
and system integrity. In addition, "Palladium" will offer enterprise
customers significant new benefits for network security and content
protection. This topic reveals the following:
•Examines how "Palladium" satisfies the growing demands of
living and working in an interconnected, digital world
•Catalogs some of the planned benefits offered by "Palladium"
Summarizes
"Palladium"
the
software
and
hardware
components
2.The Challenge: Meeting the Emerging Requirements
of an Interconnected World

Today's personal computing environment has advanced in terms of
security and privacy, while maintaining a significant amount of
backward compatibility. However, the evolution of a shared, open
network (the Internet) has created new problems and requirements for
trustworthy computing. As the personal computer grows more central to
our lives at home, work and school, consumers and business customers
alike are increasingly aware of privacy and security issues.
Now, the pressure is on for industry leaders to take the following actions:
•Build solutions that will meet the pressing need for reliability and
integrity
•Make improvements to the personal computer such that it can
more fully reach its potential and enable a wider range of
opportunities
•Give customers and content providers a new level of confidence in
the computer experience
•Continue to support backward compatibility with existing
software and user knowledge that exists with Windows systems
today
Together, industry leaders must address these critical issues to
meet the mounting demand for trusted computing while preserving the
open and rich character of current computer functionality.
3.The Solution: "Palladium"
"Palladium" is the code name for an evolutionary set of features
for the Microsoft Windows operating system. When combined with a
new breed of hardware and applications, "Palladium" gives individuals
and groups of users greater data security, personal privacy and system
integrity. Designed to work side-by-side with the existing functionality
of Windows, this significant evolution of the personal computer platform
will introduce a level of security that meets the rising customer
requirements for data protection, integrity and distributed collaboration.
Users implicitly trust their computers with more of their valuable
data every day. They also trust their computers to perform more and
more important financial, legal and other transactions. "Palladium"
provides a solid basis for this trust: a foundation on which privacy- and
security-sensitive software can be built.
There are many reasons why "Palladium" will be of advantage to
users. Among these are enhanced, practical user control; the emergence
of new server/service models; and potentially new peer-to-peer or fully
peer-distributed
service
models.
The
fundamental
benefits
of
"Palladium" fall into three chief categories: greater system integrity,
superior personal privacy and enhanced data security. These categories
are illustrated in Figure 1.
Figure 1: Windows-based personal computer of the future
a.Core Principles of the "Palladium" Initiative
Development of "Palladium" is guided by important business and
technical imperatives and assumptions. Among these are the following:
A "Palladium"-enhanced computer must continue to run any
existing applications and device drivers.
"Palladium" is not a separate operating system. It is based on
architectural enhancements to the Windows kernel and to computer
hardware, including the CPU, peripherals and chipsets, to create a new
trusted execution subsystem (see Figure 1).
"Palladium" will not eliminate any features of Windows that users
have come to rely on; everything that runs today will continue to run
with "Palladium."
In addition, "Palladium" does not change what can be
programmed or run on the computing platform; it simply changes what
can be believed about programs, and the durability of those beliefs.
Moreover, "Palladium" will operate with any program the user specifies
while maintaining security.
"Palladium"-based systems must provide the means to protect user
privacy better than any operating system does today.
"Palladium" prevents identity theft and unauthorized access to
personal data on the user's device while on the Internet and on other
networks. Transactions and processes are verifiable and reliable (through
the attestable hardware and software architecture described below), and
they cannot be imitated.
With "Palladium," a system's secrets are locked in the computer
and are only revealed on terms that the user has specified. In addition,
the trusted user interface prevents snooping and impersonation. The user
controls what is revealed and can separate categories of data on a single
computer into distinct realms.
Finally, the "Palladium" architecture will enable a new class of
identity service providers that can potentially offer users choices for how
their identities are represented in online transactions. These service
providers can also ensure that the user is in control of policies for how
personal information is revealed to others. In addition, "Palladium" will
allow users to employ identity service providers of their own choosing.
"Palladium" will not require digital rights management technology,
and DRM will not require "Palladium."
Digital rights management (DRM) is an important, emerging
technology that many believe will be central to the digital economy of
the future. As a means of defining rules and setting policies that enhance
the integrity and trust of digital content consumption, DRM is vital for a
wide range of content-protection uses. Some examples of DRM are the
protection of valuable intellectual property, trusted e-mail and persistent
protection of corporate documents.
While DRM and "Palladium" are both supportive of Trustworthy
Computing, neither is absolutely required for the other to work. DRM
can be deployed on non-"Palladium" machines, and "Palladium" can
provide users with benefits independent of DRM. They are separate
technologies. That said, the current software-based DRM technologies
can be rendered stronger when deployed on "Palladium"-based
computers.
Quote this message in a replyQuote
Offline project maker
Posting Freak
*****
6,457 posts

to get information about the topic "micro soft palladium" full report ppt and related topic refer the link bellow

http://kguru.info/t-seminar-report-on-mi...-palladium

http://kguru.info/t-seminar-report-on-mi...0#pid42860

http://kguru.info/t-Palladium
Quote this message in a replyQuote
Offline project source code cheker
Super Moderator
******
10,121 posts

Microsoft Palladium

[30473]

What is Palladium?

Palladium (Pd) is a set of new security-oriented capabilities in Windows
Enabled by new hardware
Goal is to “protect software from software”
Defend against malicious software running in Ring 0
Four categories of new security features
Sealed storage
Attestation
Curtained memory
Secure input and output

Trusted Open Systems

Our OSs are designed for:
Features
Performance
Plug-ability/Openness
Applications
Drivers
Core OS components
Ease of use, and
Security
Contrast this with the design of a smartcard OS

Nightmare Scenarios

A virus/Trojan that launches something worse than a denial of service attack:
Trades a random stock (for mischief or profit)
Posts tax-records to a newsgroup
Orders a random book from Amazon.com
Grabs user/password for the host/web-sites and posts them to a newsgroup
Posts personal documents to a newsgroup

Trustworthy Computing

Trustworthy: worthy of confidence.
Examples:
Credit card numbers that can’t be stolen.
Personal diary that can only be written and viewed by you or people you choose.
Someone is who she says she is.
There are currently ad-hoc solutions for some of these concerns, Palladium seeks to solve them all.

Palladium’s Goals

Usher in a new era of trustworthy computing by enabling the PC to:
Perform trusted operations
Span multiple computers with this trust
Create dynamic trust policies
Allow anyone to authenticate these policies

How Palladium Will Do It

Specifically, Palladium will add four new security features that increase the trustworthiness of the machine:
Protected memory
Attestation
Sealed storage
Secure input and output
It primarily does this through cryptographic keys and algorithms.
Quote this message in a replyQuote
Guest
Unregistered
 
plz send me seminar report for macrosoft palladium eaerly plz
Quote this message in a replyQuote



Marked Labels: palladium doc, microsoft, technical seminar report on microsoft palladium, ms palladium, scp chip on tcpa palladium, palladium seminar report, seminar report on palladium, palladium project on computer science, papers onmicrosoft palladium, tcpa palladium seminar report, microsoft palladium videos for seminar, microsoft palladium report, microsoft palladium pdf, palladium ppt, free seminar report on microsoft palladium, microsoft palladium seminar report, ieee paper on microsoft palladium, principles of palladium microsoft, palladium is the codename for an evolutionary set of features for microsoft windows operating system, microsoft palladium ppt withi notes,

[-]
Quick Reply
Message
Type your reply to this message here.


Image Verification
Image Verification
(case insensitive)
Please enter the text within the image on the left in to the text box below. This process is used to prevent automated posts.

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Artificial Intelligence full report electronics seminar guru 47 33,026 26-06-2014 11:49 PM
Last Post: askguru100
  broadband mobile full report seminar topics maker 4 1,055 17-05-2014 11:57 PM
Last Post: askguru100
  4G Wireless Systems Full Seminar Report Download computer science crazy 114 84,824 17-05-2014 11:38 PM
Last Post: askguru100
  Palladium Cryptography (Download Seminar Report) Computer Science Professor 23 15,173 17-05-2014 11:29 PM
Last Post: askguru100
  XML encryption full report new technology thinker 6 4,859 26-03-2014 07:44 PM
Last Post: report maker
  Seminar Topics - Mining Web Graphs, Malicious Flux and Network Intrusion detection academics 0 422 24-03-2014 08:23 PM
Last Post: academics
  COMPUTER SCIENCE ENGINEERING (C.S.E) SEMINAR TOPICS navasspecials 0 272 21-03-2014 04:37 PM
Last Post: navasspecials
  cyber crime full report new technology thinker 29 34,310 21-03-2014 10:34 AM
Last Post: MichaelPn
Music Computer Science Seminar Abstract And Report computer science crazy 3 8,911 19-03-2014 09:00 AM
Last Post: MichaelLona
  web spoofing full report new technology thinker 10 7,230 19-03-2014 02:06 AM
Last Post: Michaelnuar



User(s) browsing this thread: 1 Guest(s)