2. What is Palladium ?
Trustworthy Computing
Palladium’s Goal
Architecture of
Palladium
TPM
NEXUS
USES
CONCLUSION
REFERENCE
3. A set of hardware and software
extensions to make the PC more
trustworthy.
Today’s apps will still run just fine.
You can disable Palladium extensions if
you choose.
What exactly is trustworthy computing ?
4. Trustworthy: worthy of confidence.
Examples:
Credit card numbers that can’t be stolen.
Personal diary that can only be written and viewed by you or
people you choose.
Someone is who she says she is.
There are currently ad-hoc solutions for some of
these concerns, Palladium seeks to solve them all.
5. Applications ?
Operating systems can programmatically subvert
applications.
Operating System ?
Hardware can programmatically subvert operating
system.
Hardware ?
Humans can subvert hardware, but not
programmatically.
So we have to start off trusting the hardware.
6. Perform trusted operations
Span multiple computers with this
trust
Create dynamic trust policies
Allow anyone to authenticate these
policies
7. Specifically, Palladium will
add four new security
features that increase the
trustworthiness of the
machine:
Protected memory
Attestation
Sealed storage
Secure input and output
It primarily does this through
cryptographic keys and
8.
9. App
OS
User
Kernel
How do you preserve the flexibility and extensibility that
contributes so much to the entire PC ecosystem, while still
providing end users with a safe place to do important work?
In particular, how can you keep anything secret, when
pluggable kernel components control the machine?
10. Agent
Agent
App
OS
User
Kernel
Standard
Trusted
Nexus
The solution: subdivide the execution environment by adding
a new mode flag to the CPU.
The CPU is either in “standard” mode or “trusted” mode.
Pages of physical memory can be marked as “trusted.” Trusted
pages can only be accessed when the CPU is in trusted mode.
11. User
Kernel
App
OS
Standard
Trusted
Agent
Nexus
Agent
TPM
Pub/Pri Keys
Trusted
GPU
Trusted
USB Hub
Agents also need to let the user enter secrets and to display
secrets to the user.
Input is secured by a trusted USB ‘hub’ and mouse that carries
on a protected conversation with the nexus.
Output is secured by a trusted GPU that carries on a crypto-
protected conversation with the nexus.
This gives us “fingertip-to-eyeball” security.
12. Security Support Component (SSC)/
Trusted Platform Module(TPM)
New chip on the Motherboard
Curtained Memory
Accessible to those application to which it belongs
13. Nexus
(the kernel)
shared source
Nexus Computing Agent(NCA)
(the applications)
14. Trusted Platform Module
also called SSC - Security
Support Component
Stores hardware secret
key
Base of trust
Cryptographic co-
processor
15.
16. Essentially the kernel of an isolated software stack
runs alongside the existing OS software stack.
not underneath it
Provides a limited set of applications and services for
applications, including sealed storage and attestation
functions.
Special processes that work with nexus are called
“Agents”
Can run different nexuses on a machine
But only one nexus at a time
17. Palladium could be used to implement very
strong access controls on confidential
documents.
Governments and other entities would love this.
A corporation could set up its documents such
that they would only be readable on its PCs.
Documents could be set up with automatic
expiration dates.
18. Palladium is a hardware as well as software-based
secure execution environment
TPM is its hardware-based secure execution
environment.
Palladium processes are isolated from each other by the hardware
Palladium processes can store & retrieve secrets securely
The nexus provides an execution environment and
security/crypto-services to hosted agents
Hardware provides crypto services to the nexus
Recursively, the nexus provides these same services to agents
running on top of it.