• PC World
• » Security

Microsoft's latest plan to secure desktop systems is complex and will require coordination with hardware and software manufacturers across the industry.

If successful, PCs will come with certificates stored in hardware that will control user access to the computer and validate everything sent to that computer from executable code to documents. It will let users safeguard sensitive data, stop spam and viruses, and ensure only approved software runs on the machine.

Microsoft unveiled the project last week as Palladium, software that works in conjunction with specialized chips installed on a PC to create trusted "sandboxes" where programs and operations can be executed securely. It is designed to eliminate the security holes Microsoft has been unable to plug.

Trustworthy Computing

Palladium is Microsoft's most ambitious effort under its six-month-old Trustworthy Computing initiative.

Network executives and other experts say the promise of Palladium is intriguing but that Microsoft will have to overcome its reputation for weak system security and heavy-handed tactics with business partners.

"This is one of those things that if it works like it says it will on paper it will be great," says Jeff Allred, manager of network services for Duke University Cancer Center in Durham, North Carolina. "But every lock has a key, and nothing Microsoft has put out has been hack-proof. They have a lot of hurdles to get over, including the retooling that every processor and hardware manufacturer in the world will have to go through to support Palladium."

Toughest Challenge

Experts say that is the project's major challenge. Intel and Advanced Micro Devices are among a dozen partners working with Microsoft on Palladium.

"Hardware will have to be modified and it will have to be done right, it will have to be perfect," says Martin Reynolds, a Gartner analyst. "It's the processors, the chip sets, the silicon that secures the certificates." Those certificates are stored in hardware and are used to determine what code or communication Palladium will trust.

A network of certificate authorities that issue and revoke certificates also has to be established, something that has impeded implementations of public-key infrastructure.

Reynolds says Palladium also will have to be pristine because if it is upgraded, patched, or changed in any way, the hardware security certificates become invalid and Palladium shuts down.

Regardless, Reynolds calls Palladium, "a very clever solution."

Working With Windows

Palladium will work in parallel with the Windows operating system, letting the operating system pass to Palladium its most sensitive operations. In turn, Palladium can reserve memory for those operations, performing them in a "virtual vault," which, for example, would prevent malicious code from spreading to other parts of the system.

Microsoft has not mentioned a timetable for Palladium's release, but speculation is that it could de delivered in 2004 with Longhorn, the next version of the Windows operating system.

The work is not without precedence. For the past three years, IBM has shipped millions of PCs with an embedded security processor, mostly to financial services and healthcare customers. The processor and special software work together as a gatekeeper to validate everything that happens on the machine.

The processor grew out of work begun in 1999 by the Trusted Computing Platform Alliance, founded by IBM, Intel, Hewlett-Packard, and Compaq (now part of HP), but not Microsoft. The goal is to deliver a set of hardware and operating system security capabilities that enhance trust and security in computing. Last year the TCPA published its 1.1 specification.

Pushing Ahead

"Microsoft is re-creating this work and pushing it," says Clain Anderson, director of security solutions in IBM's personal computing division. "Building right into the operating system the software to run the chip is a logical progression of this work." One change is speed--IBM runs everything on the chip, but Palladium will use operating system memory to create a much faster system.

Microsoft also must make other improvements, especially because it wants Palladium to secure communication from the keyboard to the Internet.

"Their software will require a lot of interface work and that will require new inventions and that means a lot of work for [independent software vendors]," Anderson says. IBM has only two interfaces, Microsoft's Crypto API and Public Key Cryptography System 11, to integrate products from vendors such as Entrust and RSA Security. Microsoft will need more to support features beyond cryptography.

Industry support will play a big role if Palladium is to ever succeed.

"We know this can only work if it is a collaborative process," says Mario Juarez, group product manager for the Palladium team. "But how that will shake out, we do not know. The challenge is how do you start this evolution. We need to do some things differently."

For one, Palladium's source code will be released publicly, but Juarez did not say how it would be licensed.

Secure Solution

One would-be collaborator, RSA, welcomes Microsoft's efforts, but recognizes the challenges ahead.

"When you build security from the ground up you get much better security," says John Worrall, vice president of marketing for RSA, which has been working for the past two years on its own encryption-on-a-chip project. He says that experience underscores Palladium's challenges.

"If you have an application written for our particular encryption chip and it runs on a PC without the chip, you get sub par performance," Worrall says. RSA has developed software that helps correct that problem.

Juarez says that will be an issue and that widespread adoption will be key to Palladium, which will not run by default but will have an opt-in feature.

Opt-in is a key concept.

"Microsoft has to go back to customers and say, 'You need another hardware and software upgrade,'" says Phil Schacter, an analyst with The Burton Group. "And how easy will it be for third-party vendors to write secure, certifiable software?"

But Schacter says Microsoft is showing maturity in its security thinking and now must do that in its design and execution.

"This kick-starts an interesting discussion in the industry," he says.

• See more like this:
• Microsoft,
• Palladium,
• security,
• desktop,
• certificate,
• hardware,
• chip,
• spam,
• viruses,
• software