Microsoft readies kit for security initiative

Microsoft plans to release a preliminary software development kit for its Next-Generation Secure Computing Base (NGSCB) security...

Microsoft plans to release a preliminary software development kit for its Next-Generation Secure Computing Base (NGSCB) security technology, also known as Palladium, at the Microsoft Professional Developers Conference in October.

Palladium will give developers an early opportunity to work with the NGSCB code in preparation for developing applications that take advantage of the technology, according to Microsoft. The company hoped to introduce NGSCB itself in the Longhorn version of the Windows client operating system, which is due in 2005.

"[The kit] will give developers the ability to work with the code. It will be very preliminary and basic," said Mario Juarez, Microsoft group product manager for Windows Trusted Platform Technologies.

The kit will be an API set that functions with "standard" programming languages, Microsoft officials said.

NGSCB is intended to provide for trusted operations on a PC and requires changes to the Intel CPU architecture, meaning users would need to buy PCs to take advantage of the technology.

Microsoft is working with Intel on redesigning some CPU, chipset, and I/O components that would be required to accommodate NGSCB, Juarez said.

NGSCB is focused on enabling strong process isolation, sealed storage, a secure I/O path to and from the user, and attestation. Attestation is a way for software to be authenticated.

NGSCB will provide an environment for building a trusted infrastructure, he said. It is initially for Windows clients, with servers to be a focus afterward, he added. But the technology has been criticised as potentially curtailing user control over their own PCs, potentially eroding fair-use rights for digital music and movie files.

Juarez said Microsoft's intention is not to build an overarching digital rights management scheme with NGSCB, but acknowledged that it could be used for that purpose.

NGSCB is initially intended for enterprise business and government use and will not be available for home or consumer use for some time after that.

An analyst said NGSCB may have a limited market, for applications such as financial and government systems, but it is not about digital rights management.

"I don't think this is a backhanded, sneaky attempt to foist DRM on the market," said the analyst, Matt Rosoff, of Directions on Market, an independent research firm.

"I think [NGSCB] is an interesting effort to solve a really hard problem. I just don't see it as being a broad market technology," Rosoff said. He noted that a lot of work needs to be done on the hardware side to accommodate NGSCB and suggested it may be difficult for Microsoft to get hardware manufacturers to participate in development of compliant systems if NGSCB is a niche-market technology.

Paul Krill writes for InfoWorld

Read more on IT strategy