Next-Generation Secure Computing Base
"[1] NGSCB relied on hardware designed by the Trusted Computing Group to produce a parallel operation environment hosted by a new hypervisor (referred to as a sort of kernel in documentation) called the "Nexus" that existed alongside Windows and provided new applications with features such as hardware-based process isolation, data encryption based on integrity measurements, authentication of a local or remote machine or software configuration, and encrypted paths for user authentication and graphics output.
[9] NGSCB was subject to much controversy during its development, with critics contending that it would impose restrictions on users, enforce vendor lock-in, and undermine fair use rights and open-source software.
[11] Reports indicated in 2005 that Microsoft would change its plans with NGSCB so that it could ship Windows Vista by its self-imposed deadline year, 2006; instead, Microsoft would ship only part of the architecture, BitLocker, which can optionally use the Trusted Platform Module to validate the integrity of boot and system files prior to operating system startup.
To this end, Lampson proposed the use of a hypervisor to execute a limited operating system dedicated to DVD playback alongside Windows 2000.
[25] Biddle and colleagues realized by 1999 that NGSCB was more applicable to privacy and security than content protection, and the project was formally given the green-light by Microsoft in October, 2001.
[1][19][20][26] During WinHEC 1999, Biddle discussed intent to create a "trusted" architecture for Windows to leverage new hardware to promote confidence and security while preserving backward compatibility with previous software.
[19] NGSCB was publicly unveiled under its codename "Palladium" in a June 2002 article by Steven Levy for Newsweek that focused on its design, feature set, and origin.
Project manager Mario Juarez stated this name was chosen to avoid legal action from an unnamed company which had acquired the rights to the "Palladium" name, as well as to reflect Microsoft's commitment to NGSCB in the upcoming decade.
[48] Biddle reiterated that NGSCB was a set of evolutionary enhancements to Windows, basing this assessment on preserved backward compatibility and employed concepts in use before its development, but said the capabilities and scenarios it would enable would be revolutionary.
[50] Microsoft also revealed its multi-year roadmap for NGSCB,[51] with the next major development milestone scheduled for the Professional Developers Conference,[48][52] indicating that subsequent versions would ship concurrently with pre-release builds of Windows Vista; however, news reports suggested that NGSCB would not be integrated with Windows Vista when release, but it would instead be made available as separate software for the operating system.
Microsoft dedicated several hours to presentations and released many technical whitepapers,[57][58][59] and companies including Atmel,[60] Comodo Group,[61][62] Fujitsu,[61] and SafeNet[63][64] produced preliminary hardware for the demonstration.
[69] Microsoft announced at WinHEC 2004 that it would revise NSCB in response to feedback from customers and independent software vendors who did not desire to rewrite their existing programs in order to benefit from its functionality;[11][70] the revision would also provide more direct support for Windows with protected environments for the operating system, its components, and applications, instead of it being an environment to itself and new applications.
[71] The NGSCB secure input feature would also undergo a significant revision based on cost assessments, hardware requirements, and usability issues of the previous implementation.
[77] At the Microsoft Management Summit event, Steve Ballmer said that the company would build on the security foundation it had started with the NGSCB to create a new set of virtualization technologies for Windows,[78] which were later Hyper-V. Reports during WinHEC 2005 indicated Microsoft scaled back its plans for NGSCB, so that it could to ship Windows Vista—which had already been beset by numerous delays and even a "development reset"—within a reasonable timeframe; instead of isolating components, NGSCB would offer "Secure Startup" ("BitLocker Drive Encryption") to encrypt disk volumes and validate both pre-boot firmware and operating system components.
The reason for this split is that the Windows API has developed over many years and is as a result extremely complex and difficult to audit for security bugs.
Examples of uses cited by Microsoft include decentralized access control policies; digital rights management services for consumers, content providers, and enterprises; protected instant messaging conversations and online transactions; and more secure forms of machine health compliance, network authentication, and remote access.
[101] After NGSCB's unveiling, Microsoft drew frequent comparisons to Big Brother, an oppressive dictator of a totalitarian state in George Orwell's dystopian novel Nineteen Eighty-Four.
"[103] Steven Levy—the author who unveiled the existence of the NGSCB—claimed in a 2004 front-page article for Newsweek that NGSCB could eventually lead to an "information infrastructure that encourages censorship, surveillance, and suppression of the creative impulse where anonymity is outlawed and every penny spent is accounted for.
Anderson alleged that the technologies were designed to satisfy federal agency requirements; enable content providers and other third-parties to remotely monitor or delete data in users' machines; use certificate revocation lists to ensure that only content deemed "legitimate" could be copied; and use unique identifiers to revoke or validate files; he compared this to the attempts by the Soviet Union to "register and control all typewriters and fax machines.
"[94][105] Anderson also claimed that the TPM could control the execution of applications on a user's machine and, because of this, bestowed to it a derisive "Fritz Chip" name in reference to United States Senator Ernest "Fritz" Hollings, who had recently proposed DRM legislation such as the Consumer Broadband and Digital Television Promotion Act for consumer electronic devices.
[108] David Safford of IBM Research stated that Anderson presented several technical errors within his report, namely that the proposed capabilities did not exist within any specification and that many were beyond the scope of trusted platform design.
[94][114][115] NGSCB, however, mandates that disclosure or use of the keys provided by the TPM be based solely on user discretion;[9][41] in contrast, Intel's Pentium III included a unique serial number that could potentially be revealed to any application.
[116] NGSCB, also unlike Intel's Pentium III, would provide optional features to allow users to indirectly identify themselves to external requestors.
[101] A 2003 report published by Harvard University researchers suggested that NGSCB and similar technologies could facilitate the secure distribution of copyrighted content across peer-to-peer networks.
"[121] Scott Bekker of Redmond Magazine stated that NGSCB was misunderstood because of its controversy and that it appeared to be a "promising, user-controlled defense against privacy intrusions and security violations.
[124] David Wilson, writing for South China Morning Post, defended NGSCB by saying that "attacking the latest Microsoft monster is an international blood sport" and that "even if Microsoft had a new technology capable of ending Third World hunger and First World obesity, digital seers would still lambaste it because they view Bill Gates as a grey incarnation of Satan.
"[125] Microsoft noted that negative reaction to NGSCB gradually waned after events such as the USENIX Annual Technical Conference in 2003,[71] and several Fortune 500 companies also expressed interest in it.
