WinHEC: 'Palladium' for servers a long way out

SAN FRANCISCO -- Although Microsoft and its hardware partners see clear value in using Microsoft's Next-Generation Secure Computing Base (NGSCB) in server computers, it could be many years before the hardware-based security technology moves beyond the PC.

"Servers are very important, but server hardware is very complex," said Peter Biddle, product unit manager at Microsoft's security business unit. Features such as hot swappable processors can "really cook your noodle in a trusted computing model," Biddle said at Microsoft's Windows Engineering Hardware Conference (WinHEC).

"(NGSCB) will be a server technology, but that is a long way out," said Biddle.

NGSCB, formerly known by its Palladium code name, requires changes to processors, chipsets and graphics hardware as well as an additional chip for cryptographic operations. Together with new software, the hardware creates a second operating environment within a PC that is meant to protect the system from malicious code.

Microsoft has promoted NGSCB as a way to protect computers against viruses and worms. Servers are increasingly under attack, with Code Red and its variants still listed among the top five security threats by Symantec's Security Response team almost two years after the worm first surfaced. Other worms have also hit servers, with systems running Microsoft software often the target.

"There is clear recognition that NGSCB is every bit as applicable to servers as it is to client systems," said Geoffrey Strongin, platform security architect at Sunnyvale, California, chip maker Advanced Micro Devices (AMD). "From a security point of view a server is even more exposed than a client."

NGSCB has its benefits for servers, but will play a more important role in PCs because of the ability to secure online transactions, said Martin Reynolds, a research fellow with Gartner, who is based in San Jose, Calif. "NGSCB has a value in the server environment, it can provide a root for trusted transactions," he said.

Reynolds doesn't expect NGSCB to come to servers until about two years after the first desktops with the technology ship. NGSCB is planned to be part of Windows Longhorn, the successor to Windows XP, slated for release in 2005.

"It has to move from Longhorn into the server operating system and it has to become part of server processors, which tend to move a bit slower that PC processors," Reynolds said.

Both AMD and Intel are developing PC processors that will support NGSCB and are expected to have those ready to coincide with Microsoft's launch of Longhorn.

Development of NGSCB, billed by Microsoft as the way to protect good software against malicious software, is still in the early stages. Microsoft demonstrated the technology for the first time this week at WinHEC using emulation software to mimic the hardware requirements.