Microsoft turns to emulators for security demo

Microsoft has demonstrated its Next-Generation Secure Computing Base (NGSCB) technology, but had to fall back on emulators...

Microsoft demonstrated its Next-Generation Secure Computing Base (NGSCB) technology yesterday, but had to fall back on emulators because critical hardware parts were not ready.

The company had planned to show NGSCB - formerly known as Palladium - at its Windows Engineering Hardware Conference (WinHEC) in New Orleans working on real hardware and not emulators.

NGSCB is a combination of hardware and software that creates a second operating environment within a PC to protect the system from malicious code. It provides secure connections between applications, peripheral hardware, memory and storage.

Microsoft wanted to show the hardware makers its software in action before they place their "multimillion-dollar bets" on NGSCB, said Peter Biddle, product unit manager at Microsoft's security business unit.

"We are committed to have a beta of NGSCB less than a year from now and then we are expecting to run on real hardware," he added. Microsoft's goal is to include NGSCB in Longhorn, the successor to Windows XP, planned for release in 2005.

NGSCB includes a new software component for Windows called a "nexus," and a chip that can perform cryptographic operations called the Security Support Component (SSC). NGSCB also requires changes to a PC's processor and chipset, representatives for Microsoft chip partner Intel said yesterday.

Microsoft did have early versions of keyboards with encryption technology for its anticipated demonstration at WinHEC yesterday, but key hardware parts were missing as Intel was not ready to demo the processor, chipset and SSC for NGSCB, a technology bundle it calls LaGrande.

"The critical point of the hardware is not what we showed today," said Kevin Corbett, marketing and strategic planning director at Intel's desktop platforms group.

"At a later date you may see the hardware," he added, and hinted that Intel may have more news at the Intel Developer Forum in September.

Microsoft showed how programs protected by the technology would not work if tampered with by an attacker, and how a red flag would come up if communications were intercepted by a malicious hacker - played by a Microsoft engineer clad in a red T-shirt with a picture of a skull.

The demonstration was limited to attempts to rewrite simple programs and capture instant message traffic using the SubSeven hacker tool. Many of the NGSCB hardware functions were emulated.

The demonstration was, nevertheless, significant, Microsoft's Biddle said.

"We have a code base and that code base includes a nexus. It is real code," he said. However, he did admit It was early code, and by no means ready for commercial deployment, and it would not do anything without the supporting hardware.

Gartner research director Martin Reynolds agreed.

"I am much more worried about the software being on time than about the hardware," he said. Reynolds did not expect NGSCB-capable hardware out until mid-2004.

WinHEC attendees who watched the demonstration were still a bit apprehensive about NGSCB, afraid that it could compromise user freedom and act as a Trojan horse for strict digital rights management) technologies.

Microsoft sees its Professional Developer Conference in October as the next major milestone for NGSCB. WinHEC runs until tomorrow (Thursday), with many more hours of sessions devoted to the technology.

Read more on Business applications