You say Express Gate, I say Palladium
By Simon Bisson & Mary Branscombe in Editorial
Posted in Futures, Silicon, virtualisation, Hardware, Laptop, Mobile, Security, Intel, Microsoft on
Imagine a second, simpler operating system on your PC with fixed features, so it’s more secure - after all, if you can’t add more programs you can’t add a virus either. It would have to start up quickly, so that Windows wasn’t waiting for it, so it would be ideal for listening to music and watching video. I’m not thinking about virtualization per se, although that’s one way to achieve something similar; this is two operating systems side by side, both with access to the PC hardware, but one of them does much more limited and circumscribed things.
Can you tell what it is yet?
No, actually, I’m not talking about Palladium - sorry, Microsoft Next Generation Secure Computing Base. That grew out of an attempt to reassure Sony that it would be OK to allow DVD movies to play on a PC without piracy becoming endemic and turned into a much more useful and visionary idea about using public key cryptography not to identify people but to secure machines. It would have been a good way to implement the DRM it was associated with in the public eye, though wouldn’t have forced it on anyone who didn’t want to run it. Palladium loaded a secure piece of software called the TOR that acted as a secure area that could only run trusted code (written to public APIs), where the apps would be invisible to the main OS - all secured by the machine-specific key in your TPM and some new technology from Intel.
Ironically, trust was the issue with Palladium; nobody trusted Microsoft to either be building a secure system that didn’t impact on a very robust interpretation of free speech or if it was, to do it right. The smallest part of the concept made it in a couple of versions of Vista as BitLocker; whole disk encryption secured by the TPM.
But the Palladium concepts are showing up in a lot of other places, including the NSA’s Security Enhanced Linux and Citrix’s Security Enhanced Xen - a small OS that runs as a secure virtual machine with isolated applications, using the TPM and Intel’s new hardware virtualization technology …
Intel even uses the words Trusted Computing Base, which might be a hostage to fortune given the fate of Palladium. The DRM discussion hasn’t started yet, but there’s a trusted channel to the keyboard, mouse, memory - and the graphics subsystem, which is what some thought would allow copy-protected DVDs to be watched in the secure area of Palladium, without the option to copy them. This time around it’s more likely to be copy-protected downloads: killing off HD DVD has actually made Blu-Ray less likely to get mass adoption, as player and disc prices stay high.
There are far more benefits to Palladium-style secure computing than protecting the movie industry or saving the banking industry from having to upgrade anti-fraud backends. You may keep your AV up to date and your company documents secure, but one in six of all PCs that touch the Google site has a bot and they’re all sending you spam.
And while the systems that look so much like Palladium that I get déjà vu are still a little way off, Asus is already selling machines with Express Gate. Granted, this is more like the embedded operating systems you see on a lot of media notebooks; it boots up in eight seconds and lets you see your photos and play your music. It has an Internet connection, so you can browse the Web without waiting for Windows. But it also uses the TPM in Montevina and you can treat it as an isolated operating system, says the press release: “Friends and family can use your notebook to nip online, use IM, listen to music, play and view without having access to your data, the system or the Windows environment.” Very Palladian.
-Mary
Comment by steven Sprague - August 7, 2008 on 5:49 pm
Great article. You should also point out that the TPM which is now on about 150 million pcs is a fantastic way to have a common authentication platform for all web services. This will be the technology that kill UID and PW. Every VPN and Wireless access point be putting the keys in the TPM. It works today, Its easy to do however most IT professionals haven’t tried. Best Practice is all software certificates need to be moved to hardware.
Steven Sprague
Comment by Simon Bisson & Mary Branscombe - August 7, 2008 on 6:44 pm
Good point Steve; I actually like Intel’s notion of a trusted PC and a trusted platform as the root of trust for user identity feeding into an Internet identity layer (I’m a big fan of Kim Cameron’s infocard approach). But how do we get things to move forward? So far I’ve found nothing mainstream but fingerprint password vaults that actually use TPM in the real world (and vPro, but that still seems to be in demo mode)…
Make a comment
Tag cloud
Archives
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
Most commented posts
- Java’s SSVAGENT.EXE: training the monkey
5 comments
- Wubi Tuesday
- Not very open, not very social
- The best mobile game ever
- A Big Day In The Enterprise IT World
- Employees are our most valuable asset (snigger)
- Biometrics - it's not the technology that's broken
- More battery life, fewer explosions
- Spam Fighting in Exchange
- IDF: Will SSD mean the end of 5GB free?
Highest Rated Blog Posts
- Nobody knows what Web 2.0 really is (100%)
- Songs of distant satellites (100%)
- Log in and lock in (100%)
- Mommy, why is there a home server in the office? (100%)
- Employees are our most valuable asset (snigger) (100%)
- Locking down IT or blocking creativity (100%)
- Video opera? What would you do with huge bandwidth and millions of pixels? (100%)
- Consumer BlackBerrys are good for business (100%)
- HD Trek (100%)
- Top tips for speeding up Vista (100%)

