Microsoft Next-Generation Secure Computing Base Documentation


Recommended Posts

I had originally planned to create a post in the 2014 Random Text Thread with links to these documents, but I realized that they would reach a much broader audience if they were posted here. This topic aims to foster discussion and promote awareness of Microsoft's Next-Generation Secure Computing Base architecture.

As you may remember, Microsoft had intended to ship NGSCB with its Windows "Longhorn" operating system. Unlike the other "major" technologies slated for Windows "Longhorn" - such as Avalon (WPF), Indigo (WCF), and WinFS - NGSCB was not built on the then fairly new .NET Framework, which places it in a unique position. This strongly suggests that it could have made it into Windows Vista (and thus subsequent versions) if it had not been for the negative perception surrounding the technology - indeed, one of the main architects of the technology has stated that this was the main reason why it was cancelled. This is such a disappointment to me, as both Android and Apple have recently adopted similar technologies when it was Microsoft that was innovative.
 
Intel Developer Forum 2003
A Privacy Friendly Method for Assuring Trust (PDF)
An Opt-In Strategy for a Safer Computing Platform (PDF)
LaGrande Technology & Safer Computing Overview (PDF)
Migrating Applications to NGSCB (PDF)
Next-Generation Secure Computing Base: Nexus Fundamentals (PDF)
Recovering from Computer Failures, If TPMs Go Bad (PDF)
Software for LaGrande Technology: Impact to the Software Development Process (PDF)
TCG Credentials: Their Role in the Trust Infrastructure and Manufacturing (PDF)
Trusted Computing Group and the TPM 1.2 Specification (PDF)
Trusted Mobile Keyboard Controller Architecture (PDF)
Trusted Platform Module: Impact to Manufacturing & Testing (PDF)
 
Microsoft Content Security Business Unit
Microsoft Palladium: A Business Overview (PDF)
 
Microsoft NGSCB Technical Documentation
A Technical Introduction to NGSCB (PPT)
Building a Secure Platform for Trusted Computing (DOC)
Hardware Platform for the Next-Generation Secure Computing Base (DOC)
Privacy Enhancements in the Next-Generation Secure Computing Base (DOC)
Secure User Authentication for NGSCB (DOC)
Security Model for the Next-Generation Secure Computing Base (DOC)
Trusted Computing Base and Software Authentication (DOC)

Microsoft NGSCB Website
Microsoft Shared Source Initiative Homepage (HTML)
The Next-Generation Secure Computing Base: An Overview (HTML)
The Next-Generation Secure Computing Base: Four Key Features (HTML)

Microsoft PressPass
Microsoft "Palladium" - A Business Overview (HTML)
Q&A: Microsoft Seeks Industry-Wide Collaboration for "Palladium" Initiative (HTML)
Trustworthy Computing From Fingertips to Eyeballs (HTML)

Microsoft Research
A Logical Account of NGSCB (PDF)
John Manferdelli: Next-Generation Secure Computing Base (PPT)
NGSCB: A Trusted Open System (PDF) (PDF link #2)

Microsoft TechNet
Microsoft Next-Generation Secure Computing Base Technical FAQ (HTML)

National Institutes of Standards and Technology (NIST)
Microsoft ?Palladium? (PDF)

PDC 2003
Next-Generation Secure Computing Base: Development Considerations for Nexus Computing Agents (HTML) (HTML link #2)
Next-Generation Secure Computing Base ? Overview and Drilldown (PPT)
 
WinHEC 2000
Privacy, Security, and Content in Windows Platforms (PPT)

WinHEC 2001
Privacy, Security, and Content in Windows Platforms (PPT)

WinHEC 2003
At WinHEC 2003, Microsoft Discusses Details of Next-Generation Secure Computing Base (HTML)

WinHEC 2003 Self Extracting ZIP Archives (Contain PowerPoint Slides)
Building a Next-Generation Secure Computing Base PC (EXE)
Ecosystem and Opportunities with NGSCB (EXE)
Industry Perspectives on NGSCB (EXE)
Microsoft Directions on Security (EXE)
Platform Enhancements for Trustworthy Computing (EXE)
Security Model for NGSCB (EXE)
Technical Introduction to NGSCB (EXE)
Trusted Graphics and NGSCB (EXE)
User Authentication in NGSCB (EXE)

WinHEC 2004 PowerPoint Slides
Next-Generation Secure Computing Base (PPT)
Securing the Input Path on NGSCB Systems (PPT)
TPM 1.2 ? Trusted Platform Module and its Use in NGSCB (PPT)
 
Microsoft France
NGSCB: Une Introduction (PPT)

  • 1 month later...
  • 2 weeks later...

about TrustZone, wheres the security when you can just dump the secure kernel in plaintext from the rom, then go through it and exploit all the bugs? there are instances of people doing this to unlock the bootloaders, for example.

 

And NGSCB relies on TPM to verify the kernel hash. you know how i feel about TPM.

  On 01/09/2014 at 05:30, vcfan said:

about TrustZone, wheres the security when you can just dump the secure kernel in plaintext from the rom, then go through it and exploit all the bugs? there are instances of people doing this to unlock the bootloaders, for example.

But how many people know how to do this?

 

  On 01/09/2014 at 05:30, vcfan said:
And NGSCB relies on TPM to verify the kernel hash. you know how i feel about TPM.

Correct. The TPM measures the hash of the Nexus and stores it within a Platform Configuration Register.

(I love that you know this, not many would care).

  On 01/09/2014 at 05:37, Ian William said:

But how many people know how to do this?

look at all the vulnerabilities that are discovered every day for all products. there are plenty of individuals capable of finding these holes. all is needed is only one person to release a proof of concept,and bam, every c coder on the planet can make the cpu do whatever they want it to do.

 

  On 01/09/2014 at 05:37, Ian William said:

Correct. The TPM measures the hash of the Nexus and stores it within a Platform Configuration Register.

(I love that you know this, not many would care).

thanks.

i think even if you had a the most secure, unbreakable TPM, that wouldn't even spell the end of such hacking attempt. lets say the trusted kernel was launched and passed the hash checks.

we know of a few known facts.

1. we can read the trusted kernel code at our will (disassemblies)

2. normal mode and trusted mode exchange data using the nexus manager.

see the problem here? we know exactly how the kernel behaves, and we have the power to craft the data that we send in such a way that its possible to break something and make the trusted kernel do something it was not meant to do.

  On 01/09/2014 at 05:04, Ian William said:

I am curious why you feel this way. Would you care to elaborate?

Because of locked bootloaders and last I checked they haven't found an exploit for my phone yet.

  On 01/09/2014 at 06:05, vcfan said:

look at all the vulnerabilities that are discovered every day for all products. there are plenty of individuals capable of finding these holes. all is needed is only one person to release a proof of concept,and bam, every c coder on the planet can make the cpu do whatever they want it to do.

True, but as you said this is not exclusive to TrustZone. There isn't a product in the world that is invulnerable.

 

  On 01/09/2014 at 06:05, vcfan said:

thanks.

 

No, thank you. I believe that the lack of information about the technology is one of the reasons that it is not appreciated. On top of that, there are some who just are not interested in that sort of thing, so you can just imagine my delight when I saw your response!

 

  On 01/09/2014 at 06:05, vcfan said:

see the problem here? we know exactly how the kernel behaves, and we have the power to craft the data that we send in such a way that its possible to break something and make the trusted kernel do something it was not meant to do.

Would you be willing to provide some examples? Microsoft strongly emphasized NGSCB's ability to thwart software based attacks.

 

  On 02/09/2014 at 21:05, MASTER260 said:

Because of locked bootloaders and last I checked they haven't found an exploit for my phone yet.

To each his own. I happen to have an affinity for locked bootloaders.

This topic is now closed to further replies.
  • Posts

    • It was easy enough in Task Manager Performance tab already.
    • GeForce NOW adds support for 25 games in June, including Rematch and Dune: Awakening by Pulasthi Ariyasinghe A new month is here, and Nvidia is starting it off with a big GeForce NOW announcement as usual. The latest reveal has support for 25 games that are incoming in June alone, with some highlights including Rematch, The Alters, FBC: Firebreak, Dune: Awakening, and even the Borderlands trilogy from Gearbox and 2K. Just this week alone, Nvidia is adding support for the following ten games for GeForce NOW subscribers: Symphonia (New release on Xbox, available on PC Game Pass, June 3) Pro Cycling Manager 25 (New release on Steam, June 5) Tour de France 2025 (New release on Steam, June 5) Dune: Awakening – Advanced Access (New release on Steam, June 5) 7 Days to Die (Xbox) Clair Obscur: Expedition 33 (Epic Games Store) Cubic Odyssey (Steam) Drive Beyond Horizons (Steam) Police Simulator: Patrol Officers (Xbox, available on PC Game Pass) Sea of Thieves (Battle.net) Nvidia also has plans to add a bunch more games in the rest of June, which is when most of the biggest new releases are coming: Dune: Awakening (New release on Steam, June 10) MindsEye (New release on Steam, June 10) The Alters (New release on Steam and Xbox, available on PC Game Pass, June 13) Architect Life: A House Design Simulator (New release on Steam, June 19) Crime Simulator (New release on Steam, June 17) FBC: Firebreak (New release on Steam and Xbox, available on PC Game Pass, June 17) Lost in Random: The Eternal Die (New release on Steam and Xbox, available on PC Game Pass, June 17) Broken Arrow (New release on Steam, June 19) REMATCH (New release on Steam and Xbox, available on PC Game Pass, June 19) DREADZONE (New release on Steam, June 26) System Shock 2: 25th Anniversary Remaster (New release on Steam, June 26) Borderlands Game of the Year Enhanced (Steam) Borderlands 2 (Steam and Epic Games Store) Borderlands 3 (Steam and Epic Games Store) Easy Red 2 (Steam) The company has a tendency to add many more games to its cloud gaming service outside of these early announcements, so check back as weeks go by to see what's new. Steam Deck owners recently received a better way of using GeForce NOW too, all thanks to a dedicated app. As summer continues, don't forget that the GeForce NOW 40% off sale is still active too, with Nvidia cutting the price of the Performance membership plan until July. As always, keep in mind that unlike subscription services like Game Pass, a copy of a game must be owned by the GeForce NOW member (or at least have a license via PC Game Pass) to start playing via Nvidia's cloud servers.
    • Thought I'd quote myself as reference to what was happening yesterday. I wasn't getting the pop up then in Firefox, but I did just now using it.
    • With DARPA the military can do their own research and then the tech can enter the public domain and benefit the people. If we use public money to buy privatized tech then we don't get that benefit and even worse we will probably pay higher prices in the end. Unfortunately we are ditching NASA for private tech. If you look at all of the technologies developed by NASA that benefit us, you can see why going private can be a huge loss and jack up prices for consumers when private patents are involved. This could have a detrimental effect on innovation by monopolizing certain advancements and reduce access to advancements for the average person, even though our tax dollars would be funding these advancements.
  • Recent Achievements

    • Week One Done
      jbatch earned a badge
      Week One Done
    • First Post
      Yianis earned a badge
      First Post
    • Rookie
      GTRoberts went up a rank
      Rookie
    • First Post
      James courage Tabla earned a badge
      First Post
    • Reacting Well
      James courage Tabla earned a badge
      Reacting Well
  • Popular Contributors

    1. 1
      +primortal
      405
    2. 2
      +FloatingFatMan
      181
    3. 3
      snowy owl
      175
    4. 4
      ATLien_0
      170
    5. 5
      Xenon
      135
  • Tell a friend

    Love Neowin? Tell a friend!