Next-Generation Secure Computing Base
The Next-Generation Secure Computing Base was a cancelled software architecture designed by Microsoft which aimed to provide users of the Windows operating system with better privacy, security, and system integrity. NGSCB was the result of years of research and development within Microsoft to create a secure computing solution that equaled the security of closed platforms such as set-top boxes while simultaneously preserving the backward compatibility, flexibility, and openness of the Windows operating system. The primary stated objective with NGSCB was to "protect software from software."
Part of the Trustworthy Computing initiative when unveiled in 2002, NGSCB was expected to be integrated with the Windows Vista operating system, then known by its codename "Longhorn." NGSCB relied on hardware designed by members of the Trusted Computing Group to produce a parallel operation environment hosted by a new kernel called the "Nexus" that existed alongside Windows and provide new applications with features such as hardware-based process isolation, data encryption based on integrity measurements, authentication of a local or remote machine or software configuration, and encrypted paths for user authentication and graphics output. NGSCB would also facilitate the creation and distribution of digital rights management policies pertaining the use of information.
The technology was the subject of much controversy during its development, with critics contending that it could be used to impose restrictions on users, enforce vendor lock-in, and undermine fair use rights and open-source software. NGSCB was first demonstrated by Microsoft in 2003 at the Windows Hardware Engineering Conference before undergoing a revision in 2004 that would enable applications written prior to its development to benefit from its functionality. In 2005, reports stated that Microsoft would scale back its plans so that the company could ship its Windows Vista operating system by its target date of 2006. Development of NGSCB spanned almost a decade before its cancellation, one of the lengthiest development periods of a feature intended for the operating system.
NGSCB differed from the technologies that Microsoft billed as pillars of Windows Vista during development of the operating system, including Windows Presentation Foundation, Windows Communication Foundation, and WinFS, in that it was not built upon and did not prioritize.NET Framework managed code. While the technology has not fully materialized, aspects of NGSCB have emerged in Microsoft's BitLocker full disk encryption feature, which can optionally use the Trusted Platform Module to validate the integrity of boot and system files prior to operating system startup; the Measured Boot feature in Windows 8; the certificate attestation features in Windows 8.1; and the Device Guard feature of Windows 10.
History
Early development
Development of NGSCB began in 1997 after Peter Biddle conceived of new ways to protect content on personal computers. Biddle would enlist the help of members from the Microsoft Research division during the development of the technology and other key contributors would eventually include Blair Dillaway, Brian LaMacchia, Bryan Willman, Butler Lampson, John DeTreville, John Manferdelli, Marcus Peinado, and Paul England. Adam Barr, a former Microsoft employee who worked to secure the remote boot feature during development of Windows 2000, claimed that he was approached by Biddle and colleagues during his tenure with an initiative tentatively known as "Trusted Windows," which aimed to protect DVD content from being copied. To achieve this, Lampson proposed a hypervisor that would allow for the execution of a limited operating system dedicated to DVD playback alongside Windows 2000. Patents for a DRM operating system were later filed in 1999 by DeTreville, England, and Lampson. While Microsoft is not known to have officially confirmed a relationship between NGSCB and the DRM operating system patents, one of the technology's architects, Butler Lampson, has stated that they pertain to NGSCB. By 1999, the developers realized that the technology was far more applicable in the realms of privacy and security and the project was given the green-light in October 2001.During the 1999 Windows Hardware Engineering Conference, Microsoft discussed its intentions to create a new trusted architecture for Windows operating that leveraged new hardware components to promote trust and security while preserving backward compatibility with previous software. On October 11, 1999, the Trusted Computing Platform Alliance, a consortium of various technology companies including Compaq, Hewlett-Packard, IBM, Intel, and Microsoft, was formed in an effort to promote trust and security in the personal computing platform. The TCPA would release several detailed specifications for a trusted computing platform with focus on features such as code validation and encryption based on integrity measurements, hardware-based key storage, and machine authentication. These features required a new hardware component designed by the TCPA called the "Trusted Platform Module".
At WinHEC 2000, Microsoft released a technical presentation on the topics of protection of privacy, security, and intellectual property. This session, titled "Privacy, Security, and Content in Windows Platforms" focused mainly on turning Windows into a platform of trust designed to protect the privacy and security of individual users. A similar presentation would later be shown during WinHEC 2001. Unlike traditional rights management schemes which only protect certain types of data, NGSCB was designed to be egalitarian in that it regarded all data as being equally worthy of protection.
As "Palladium"
In April 2002, Microsoft held its first design review for the NGSCB with approximately 37 different companies under a non-disclosure agreement. In June, the technology was publicly unveiled under its codename "Palladium" in an article by Steven Levy for Newsweek that focused on its origin, design, and features. Levy outlined many of the main features offered by NGSCB, including user authentication, user identification, data encryption, and access control policies pertaining to the use of information. As examples of policies that could be enforced by the technology, users could send e-mail messages accessible only by the intended recipient, or create Microsoft Word documents that could be read only a week after their creation date. Around the time of this announcement, the company was not sure whether to "expose the feature in the Windows Control Panel or present it as a separate utility," but regardless of its location, the NGSCB hardware and software features would be turned off by default, thus making the technology an opt-in solution. In July, Microsoft PressPass interviewed John Manferdelli, who restated and expanded on many of the key points discussed in the article by Newsweek. Manferdelli also characterized the technology as an evolutionary set of enhancements for the Windows operating system. In August, Microsoft posted a recruitment advertisement seeking a group program manager to provide vision and industry leadership in the development of several Microsoft technologies including NGSCB.At the Intel Developer Forum in 2002, Paul Otellini announced Intel's plan to support NGSCB with the company's set of processor, chipset, and platform extensions codenamed "LaGrande" which intended to provide a hardware foundation for all NGSCB components and capabilities and protect confidential user information from software-based attacks while preserving backward compatibility with previous software.
As NGSCB
The technology was known by its codename "Palladium" until January 24, 2003 when Microsoft announced that it had been renamed as the "Next-Generation Secure Computing Base." According to NGSCB product manager Mario Juarez, the new name was chosen to avoid any legal conflict with an unnamed company that had already acquired the rights to the Palladium name, and to reflect Microsoft's commitment to the technology in the upcoming decade; the previous name had been marred by the controversy surrounding the technology, but Juarez denied that the name change was an attempt by Microsoft to dodge criticism.In April 2003, the Trusted Computing Platform Alliance was succeeded by the Trusted Computing Group. One principal goal of the TCG was to produce a Trusted Platform Module specification compatible with NGSCB, as the previous specification, TPM 1.1, did not meet its requirements. The new TPM 1.2 specification introduced many new features for trusted platforms and was designed to be compliant with Microsoft's NGSCB. The first specification for TPM 1.2, Revision 62, was released by the Trusted Computing Group in fall of 2003.
In May 2003, Biddle emphasized that support from hardware vendors and software developers was vital to the technology's success. Microsoft released additional information and publicly demonstrated the technology for the first time at WinHEC 2003. During the demonstration, NGSCB protected information from an attacker who attempted to access information resident in memory, denied access to and alerted users of an application that had been modified, and also thwarted an attempt by a remote administration tool to capture information from an instant messaging session. Although Microsoft previously intended to demonstrate the technology on real hardware as opposed to using software emulation, the demonstration relied on emulators as only a few of the requisite hardware components were available. According to Biddle, Microsoft's primary purpose for emphasizing the NGSCB during WinHEC 2003 was so that the company could acquire feedback and insight from its partners in the hardware industry and to prepare them for the technology. Biddle reiterated that the NGSCB was a set of evolutionary enhancements to the Windows operating system, basing this assessment on the fact that it preserved backward compatibility with previous programs and employed concepts that had been in use prior to its development, but stated that the new capabilities and scenarios that it enabled would be revolutionary. At the conference, Microsoft also revealed its multi-year roadmap for NGSCB, with the next major development milestone scheduled for the company's Professional Developers Conference. The roadmap had also shown that subsequent versions would ship concurrently with pre-release builds of Windows Vista. However, reports suggested that the technology would not be integrated with the operating system upon its release, but would instead be made available as separate software.
Details pertaining to adoption of the technology were also revealed, with officials stating that while NGSCB was intended to create a new value proposition for customers without significantly increasing the cost of personal computers, adoption during the year of its introductory release was not anticipated and immediate support for servers was not expected. On the last day of the conference, Biddle stated that the NGSCB needed to provide users with a way to differentiate between secure and unsecure windows, adding that a secure window should be "noticeably different" to help protect users from spoofing attacks; Nvidia was among the earliest to announce support for this feature. WinHEC 2003 would represent an important milestone during the development of NGSCB. Microsoft would release several technical whitepapers and dedicate many hours of technical sessions, and several companies including Atmel, Comodo Group, Fujitsu, and SafeNet would produce prototype hardware for the demonstration of the technology.
In June 2003, Microsoft demonstrated the technology at U.S. campuses in California and in New York.
NGSCB was among the topics discussed during Microsoft's PDC 2003 with a pre-beta software development kit, known as the Developer Preview, being distributed to attendees. The Developer Preview was the first time that Microsoft made NGSCB code available to the developer community and was offered by the company as an educational opportunity for NGSCB software development. With this release, Microsoft stated that it was primarily focused on supporting business and enterprise applications and scenarios with the first version of the NGSCB scheduled to ship with Windows Vista, adding that it intended to address consumers with a subsequent version of the technology, but did not provide an estimated time of delivery for this version. At the conference, Jim Allchin said that Microsoft was continuing to work with hardware vendors so that they would be able to support the technology, and Bill Gates expected a new generation of central processing units to offer full support. Following PDC 2003, NGSCB was demonstrated again on prototype hardware during the annual RSA Security conference in November.
Microsoft announced at WinHEC 2004 that it would revise NSCB in response to feedback from customers and independent software vendors who did not desire to rewrite their existing programs in order to benefit from its functionality. The revised NGSCB would provide more direct support for Windows with compartmentalized environments for the operating system, its components, and applications; the NGSCB secure input feature would also undergo a significant revision based on cost assessments, hardware requirements, and usability issues that were results of the previous implementation. After this announcement, there were reports that Microsoft planned to cease development of NGSCB; the company denied these claims and reaffirmed its commitment to delivering the technology. Reports published later that year suggested that the company would make additional changes based on feedback from the industry.
In 2005, Microsoft's lack of continual updates on its progress with the technology had led some in the industry to speculate that it had been cancelled. At the Microsoft Management Summit event, Steve Ballmer said that the company would build on the security foundation it had started with the NGSCB to create a new set of virtualization technologies for the Windows operating system. During WinHEC 2005, there were reports that Microsoft had scaled back its plans for NGSCB in order to ship the post-reset Windows Vista operating system within a reasonable timeframe. Instead of providing compartmentalization features, the NGSCB would offer a feature known as "Secure Startup" that would utilize version 1.2 of the Trusted Platform Module to provide validation of pre-boot and operating system components, and disk volume encryption. Microsoft planned to deliver other aspects of its NGSCB vision at a later date. At the time, Jim Allchin stated that the goal with NGSCB was "to marry hardware and software to gain better security," a goal that was influential in the development of BitLocker. Allchin also stated that the next progression toward NGSCB would be to create a virtualization environment codnamed "Unity," which would rely on specialized hardware and software for virtualization, though he also stated that Microsoft was "experimenting with ways to do virtualization without requiring the hardware to do it" and that it had not abandoned its previous efforts to ensure that other NGSCB features would eventually be made available.
Architecture and technical details
A complete Microsoft-based Trusted Computing-enabled system will consist not only of software components developed by Microsoft but also of hardware components developed by the Trusted Computing Group. The majority of features introduced by NGSCB are heavily reliant on specialized hardware and so will not operate on PCs predating 2004.In current Trusted Computing specifications, there are two hardware components: the Trusted Platform Module, which will provide secure storage of cryptographic keys and a secure cryptographic co-processor, and a curtained memory feature in the Central Processing Unit. In NGSCB, there are two software components, the Nexus, a security kernel that is part of the Operating System which provides a secure environment for trusted code to run in, and Nexus Computing Agents, trusted modules which run in Nexus mode within NGSCB-enabled applications.
Secure storage and attestation
At the time of manufacture, a cryptographic key is generated and stored within the TPM. This key is never transmitted to any other component, and the TPM is designed in such a way that it is extremely difficult to retrieve the stored key by reverse engineering or any other method, even to the owner. Applications can pass data encrypted with this key to be decrypted by the TPM, but the TPM will only do so under certain strict conditions. Specifically, decrypted data will only ever be passed to authenticated, trusted applications, and will only ever be stored in curtained memory, making it inaccessible to other applications and the Operating System. Although the TPM can only store a single cryptographic key securely, secure storage of arbitrary data is by extension possible by encrypting the data such that it may only be decrypted using the securely stored key.The TPM is also able to produce a cryptographic signature based on its hidden key. This signature may be verified by the user or by any third party, and so can therefore be used to provide remote attestation that the computer is in a secure state.
Curtained memory
NGSCB also relies on a curtained memory feature provided by the CPU. Data within curtained memory can only be accessed by the application to which it belongs, and not by any other application or the Operating System. The attestation features of the TPM can be used to confirm to a trusted application that it is genuinely running in curtained memory; it is therefore very difficult for anyone, including the owner, to trick a trusted application into running outside of curtained memory. This in turn makes reverse engineering of a trusted application extremely difficult.Applications
NGSCB-enabled applications are to be split into two distinct parts, the NCA, a trusted module with access to a limited Application Programming Interface, and an untrusted portion, which has access to the full Windows API. Any code which deals with NGSCB functions must be located within the NCA.The reason for this split is that the Windows API has developed over many years and is as a result extremely complex and difficult to audit for security bugs. To maximize security, trusted code is required to use a smaller, carefully audited API. Where security is not paramount, the full API is available.
One immediately notices the irony in the "extreme complexity and difficulty of audit" championed above. Department of Defense-sponsored computer security initiatives that began in the late 1970s recognized very early that, the more trustworthy a system, the more transparently engineered its trusted components must be. Extreme complexity stands in direct opposition to these requirements, as does inability fully to audit. Truly, one must even wonder about Microsoft's commitment and expertise when internal criticisms arise over "difficult to audit for security bugs," since nowhere do any applicable criteria offer this raison d'etre to audit. Rather, audit is intended to capture all security-relevant operations transacted by the system; the very statement that concern arises because "security bugs will be difficult to audit," or some such, reflects a very tortured understanding of the purpose of audit and of the stricture with which the descriptor "secure" is assigned. Read another way, this concern seems to say, "This system can't be called secure, since the audit isn't comprehensive enough to capture evidence of the known security bugs."
Uses and scenarios
The Next-Generation Secure Computing Base enables new categories of applications and scenarios. Examples of uses cited by Microsoft include protected instant messaging conversations and online transactions; rights management services for consumers, content providers, and enterprises; decentralization of access control; and more secure forms of remote access, network authentication, and machine health compliance. A more secure form of virtual private network access was one of the earliest scenarios envisaged by Microsoft. NGSCB can also strengthen software update mechanisms such as those belonging to antivirus software or Windows Update.An early NGSCB privacy scenario conceived of by Microsoft is the "wine purchase scenario," where a user can safely conduct a transaction with an online merchant without divulging personally identifiable information during the transaction. With the release of the NGSCB Developer Preview during PDC 2003, Microsoft had emphasized the following enterprise applications and scenarios: document signing, secure instant messaging, applications for viewing secured data, and secure e-mail plug-ins.
WinHEC 2004 scenarios
During WinHEC 2004, Microsoft revealed two features based on its revision of NGSCB, Cornerstone and Code Integrity Rooting:- Cornerstone would protect a user's login and authentication information by securely transmitting it to NGSCB-protected Windows components for validation, finalizing the user authentication process by releasing access to the SYSKEY if validation was successful. It was intended to protect data on laptops that had been lost or stolen to prevent hackers or thieves from accessing it even if they had performed a software-based attack or booted into an alternative operating system.
- Code Integrity Rooting would validate boot and system files prior to the startup of Microsoft Windows. If validation of these components failed, the SYSKEY would not be released.
Reception
Reaction to NGSCB after its unveiling by Newsweek was largely negative. While its security features were praised, critics contended that NGSCB could be used to impose restrictions on users; lock-out competing software vendors; and undermine fair use rights and open source software such as Linux. Microsoft's characterization of NGSCB as a security technology was subject to criticism as its origin focused on DRM. NGSCB's announcement occurred only a few years after Microsoft was accused of anticompetitive practices during the United States v. Microsoft Corporation antitrust case, a detail which called the company's intentions for the technology into question—NGSCB was regarded as an effort by the company to maintain its dominance in the personal computing industry. The notion of a "Trusted Windows" architecture—one that implied Windows itself was untrustworthy—would also be a source of contention within the company itself.After NGSCB's unveiling, Microsoft drew frequent comparisons to Big Brother, an oppressive dictator of a totalitarian state in George Orwell's dystopian novel Nineteen Eighty-Four. The Electronic Privacy Information Center legislative counsel, Chris Hoofnagle, described Microsoft's characterization of the NGSCB as "Orwellian." Big Brother Awards bestowed Microsoft with an award because of NGSCB. Bill Gates addressed these comments at a homeland security conference by stating that NGSCB "can make our country more secure and prevent the nightmare vision of George Orwell at the same time." Steven Levy—the author who unveiled the existence of the NGSCB—claimed in a 2004 front-page article for Newsweek that NGSCB could eventually lead to an "information infrastructure that encourages censorship, surveillance, and suppression of the creative impulse where anonymity is outlawed and every penny spent is accounted for." However, Microsoft outlined a scenario enabled by NGSCB that allows a user to conduct a transaction without divulging personally identifiable information.
Ross Anderson of Cambridge University was among the most vocal critics of NGSCB and of Trusted Computing. Anderson alleged that the technologies were designed to satisfy federal agency requirements; enable content providers and other third-parties to remotely monitor or delete data in users' machines; use certificate revocation lists to ensure that only content deemed "legitimate" could be copied; and use unique identifiers to revoke or validate files; he compared this to the attempts by the Soviet Union to "register and control all typewriters and fax machines." Anderson also claimed that the TPM could control the execution of applications on a user's machine and, because of this, bestowed to it a derisive "Fritz Chip" name in reference to United States Senator Ernest "Fritz" Hollings, who had recently proposed DRM legislation such as the Consumer Broadband and Digital Television Promotion Act for consumer electronic devices. Anderson's report was referenced extensively in the news media and appeared in publications such as BBC News, The New York Times, and The Register. David Safford of IBM Research stated that Anderson presented several technical errors within his report, namely that the proposed capabilities did not exist within any specification and that many were beyond the scope of trusted platform design. Anderson later alleged that BitLocker was designed to facilitate DRM and to lock out competing software on an encrypted system, and, in spite of his allegation that NGSCB was designed for federal agencies, advocated for Microsoft to add a backdoor to BitLocker. Similar sentiments were expressed by Richard Stallman, founder of the GNU Project and Free Software Foundation, who alleged that Trusted Computing technologies were designed to enforce DRM and to prevent users from running unlicensed software. In 2015, Stallman stated that "the TPM has proved a total failure" for DRM and that "there are reasons to think that it will not be feasible to use them for DRM."
After the release of Anderson's report, Microsoft stated in an NGSCB FAQ that "enhancements to Windows under the NGSCB architecture have no mechanism for filtering content, nor do they provide a mechanism for proactively searching the Internet for 'illegal' content Microsoft is firmly opposed to putting 'policing functions' into nexus-aware PCs and does not intend to do so" and that the idea was in direct opposition with the design goals set forth for NGSCB, which was "built on the premise that no policy will be imposed that is not approved by the user." Concerns about the NGSCB TPM were also raised in that it would use what are essentially unique machine identifiers, which drew comparisons to the Intel Pentium III processor serial number, a unique hardware identification number of the 1990s viewed as a risk to end-user privacy. NGSCB, however, mandates that disclosure or use of the keys provided by the TPM be based solely on user discretion; in contrast, Intel's Pentium III included a unique serial number that could potentially be revealed to any application. NGSCB, also unlike Intel's Pentium III, would provide optional features to allow users to indirectly identify themselves to external requestors.
In response to concerns that NGSCB would take control away from users for the sake of content providers, Bill Gates stated that the latter should "provide their content in easily accessible forms or else it ends up encouraging piracy." Bryan Willman, Marcus Peinado, Paul England, and Peter Biddle—four NGSCB engineers—realized early during the development of NGSCB that DRM would ultimately fail in its efforts to prevent piracy. In 2002, the group released a paper titled "The Darknet and the Future of Content Distribution" that outlined how content protection mechanisms are demonstrably futile. The paper's premise circulated within Microsoft during the late 1990s and was a source of controversy within Microsoft; Biddle stated that the company almost terminated his employment as a result of the paper's release. A 2003 report published by Harvard University researchers suggested that NGSCB and similar technologies could facilitate the secure distribution of copyrighted content across peer-to-peer networks.
Not all assessments were negative. Paul Thurrott praised NGSCB, stating that it was "Microsoft's Trustworthy Computing initiative made real" and that it would "form the basis of next-generation computer systems." Scott Bekker of Redmond Magazine stated that NGSCB was misunderstood because of its controversy and that it appeared to be a "promising, user-controlled defense against privacy intrusions and security violations." In February 2004, In-Stat/MDR, publisher of the Microprocessor Report, bestowed NGSCB with its Best Technology award. Malcom Crompton, Australian Privacy Commissioner, stated that "NGSCB has great privacy enhancing potential Microsoft has recognised there is a privacy issue we should all work with them, give them the benefit of the doubt and urge them to do the right thing." When Microsoft announced at WinHEC 2004 that it would be revising NGSCB so that previous applications would not have to be rewritten, Martin Reynolds of Gartner praised the company for this decision as it would create a "more sophisticated" version of NGSCB that would simplify development. David Wilson, writing for South China Morning Post, defended NGSCB by saying that "attacking the latest Microsoft monster is an international blood sport" and that "even if Microsoft had a new technology capable of ending Third World hunger and First World obesity, digital seers would still lambaste it because they view Bill Gates as a grey incarnation of Satan." Microsoft noted that negative reaction to NGSCB gradually waned after events such as the USENIX Annual Technical Conference in 2003, and several Fortune 500 companies also expressed interest in it.
When reports announced in 2005 that Microsoft would scale back its plans and incorporate only BitLocker with Windows Vista, concerns pertaining erosion of user rights, vendor lock-in, and other potential abuses remained. In 2008, Biddle stated that negative perception was the most significant contributing factor responsible for the cessation of NGSCB's development.