Microsoft readies kit for security initiative

Developers to get early look at NGSCB

Current Job Listings

Microsoft at the Microsoft Professional Developers Conference in Los Angeles in October plans to release a preliminary software development kit for its Next-Generation Secure Computing Base (NGSCB) security technology, also known as Palladium.

The kit will give developers an early opportunity to work with the NGSCB code in preparation for developing applications that take advantage of the technology, according to Microsoft. The company hopes to introduce NGSCB itself in the Longhorn version of the Windows client operating system, which is due in 2005.

"[The kit] will give developers the ability to work with the code. It will be very preliminary and basic," said Mario Juarez, Microsoft group product manager for Windows Trusted Platform Technologies, in Redmond, Wash. Juarez demonstrated NGSCB at Microsoft offices in Mountain View, Calif., on Thursday morning.

The kit will be an API set that functions with "standard" programming languages, Microsoft officials said.

NGSCB is intended to provide for trusted operations on a PC and requires changes to the Intel CPU architecture, meaning users would need to buy new PCs to take advantage of the technology. Microsoft is working with Intel on redesign of some CPU, chipset, and I/O components that would be required to accommodate NGSCB, Juarez said.

NGSCB focuses on enabling strong process isolation, sealed storage, a secure I/O path to and from the user, and attestation. Attestation, according to Microsoft, is the ability for a piece of code to digitally sign or attest to a piece of data and further ensure the signature recipient that the data was constructed by an unforgeable, cryptographically identified software stack, according to Microsoft.

"Basically, [attestation] is a way for software to be authenticated," Suarez said.

NGSCB provides an environment for building a trusted infrastructure, he said. It is initially eyed for Windows clients, with servers to be a focus afterward, he added. But the technology has been criticized as potentially curtailing user control over their own PCs, potentially eroding fair-use rights for digital music and movie files.

Suarez said Microsoft's intention is not to build an overarching digital rights management scheme with NGSCB, but acknowledged that it could be used for that purpose. NGSCB is first intended for enterprise business and government use and will not make its way to home or consumer use for some time after that, said Suarez.

"We certainly understand the passion around the issues. We don't think those issues are particularly germane to what we're doing," Suarez said.

An analyst said NGSCB may have a limited market, for applications such as financial and government systems, but it is not about digital rights management. "I don't think this is a backhanded, sneaky attempt to foist DRM on the market," said the analyst, Matt Rosoff, of Directions on Market, an independent research firm in Kirkland, Wash.

"I think [NGSCB] is an interesting effort to solve a really hard problem. I just don't see it as being a broad market technology," Rosoff said. He noted that a lot of work needs to be done on the hardware side to accommodate NGSCB and suggested it may be difficult for Microsoft to get hardware manufacturers to participate in development of compliant systems if NGSCB is a niche-market technology.