Microsoft shows off security prototype

The prototype of the Next-Generation Secure Computing Base is the first public demonstration of the software giant's controversial technology.

Robert Lemos
Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
2 min read
Microsoft on Tuesday showed off a prototype of its controversial security technology at its Windows Hardware Engineering Conference.

The prototype of the Next-Generation Secure Computing Base, formerly known as Palladium, is based on real and emulated hardware, said Peter Biddle, product unit manager for the software giant. Small applications running on the technology demonstrated its security features.

The prototype is the first public showing of the controversial technology, which Microsoft hopes will help secure its future in the corporate market. Critics fear the technology will result in consumers losing control of their PCs and data and that Microsoft could use the technology to lock up market share. Others argue that the software and hardware could help lock down corporate data.

Microsoft plans to have 16 hours of talks at the conference dedicated to the Next-Generation Secure Computing Base, or NGSCB, a label so cumbersome internal engineers have taken to calling it "ing-scub." The software giant also has posted a Web site dedicated to the technology.

Amy Carroll, group manager for Microsoft's Security Business Unit hesitated to call the event a launch, however.

"It's the first opportunity that we have had to...pull off the covers in a way to show what (NGSCB) actually will do," she said.

Four major features will be included in the first version of NGSCB: A technology called process isolation will seal off trusted applications so they can't be attacked; sealed storage will allow applications to store data securely; secure path will encrypt data from USB (universal serial bus) hardware devices to the computer and secure video output; and so-called attestation will basically take a snapshot of key characteristics that will define the integrity of the PC. If those characteristics change, the machine will no longer be "trusted."

One demonstration showed a hacking tool grabbing words from a Notepad document but failing to steal data from a protected application. Another demonstration copied a trusted file from a computer, modified it, and then put it back onto the original system; the trusted application refused to open the data.

"These things are not graceful failure modes," Biddle said. "That's not the way we would really do it."

The company still hasn't said when the technology will be ready. However, Biddle pointed out that hardware shown at the conference frequently has a 12- to 18-month development cycle.