Palladium: Blessing or Curse?
Microsoft is touting its next-generation secure computing infrastructure as a giant leap for mankind. Not everyone agrees.
“There’s a lot of good stuff in Pd [Palladium], and a lot I like about
it. There’s also a lot I don’t like and am scared of. My fear is that
Pd will lead us down a road where our computers are no longer our computers,
but are instead owned by a variety of factions and companies all looking
for a piece of our wallet. To the extent that Pd facilitates that reality,
it’s bad for society. I don’t mind companies selling, renting or licensing
things to me, but the loss of the power, reach and flexibility of the
computer is too great a price to pay.”
- By Roberta Bragg
- January 01, 2003
—Bruce Schneier, Cryptogram,
Aug. 15, 2002
Goddesses and Horses
Athena, born full-grown from the head of Zeus, was trained in the
fighting arts. She accidentally killed her friend, Pallas, during a game.
It saddened her so much that she appended the name of her friend to her
own. A statue of Pallas Athena in full armor, known as the Palladium,
stood guard over the ancient city of Troy. Legend held that as long as
the statue was safe, so was the city. During the 10th year of the Trojan
War, Odysseus and Diomed stole the statue. The city soon fell to the nefarious
Greeks, who hid inside a wooden horse.
Thus, Palladium has been defined as a safeguard, a guarantee of social
institutions or a sacred object with the power to preserve the city or
state it protects. And the Trojan horse? Well, I think you know the answer
to that one.
Today, we find the word Palladium everywhere. It’s an element: Pd, a
silvery-white metal used in watch springs, dental fillings (still got
a few of those) and surgical instruments. It’s a restaurant in Philadelphia,
a theatre and a band in Australia. No doubt, you can find many other interesting
uses of the name—including Microsoft’s proposed secure computer infrastructure.
The End of Computing As We Know It?
According to Microsoft, Palladium will offer huge improvements
in computer security. These are partially due to new operating system
features and to soon-to-be-developed hardware functionality. Third-party
applications can take advantage of these features to make the entire computing
experience more secure—or more constrained, depending on your viewpoint.
There are those who say Palladium will signal the end to computing as
we know it. Gone will be the innovation, the freedom to choose, they cry.
Gone will be the ability of the little guy to make his mark on the world
by inventing the next killer app or operating system.
There are others who say that Palladium will enhance computing. Gone
will be the opportunity for the little guy to make his mark on the world
by creating the best and baddest worm or virus.
Those who support Digital Rights Management applaud Palladium. In fact,
the idea for such a project came from the Microsoft digital rights team,
and two patents said to be on the process behind Palladium involves Digital
Microsoft says we’re years away from the actual product, but now is the
time to try and to understand it. Remember, Microsoft will want to sell
you this product. Maybe, you can influence its development of it. So,
what will Palladium be and how can you put in your two cents?
No Longer Safe
First, make no mistake—the reason for Palladium is, at least in
part, reactionary. The world’s changed and become more interconnected.
This is a good thing, but it brings new problems. In a world with fewer
boundaries, previous security models aren’t sufficient. Malicious code
created anywhere in the world spreads across the globe with unheard-of
speed. Slow transmission via floppy disk previously limited the spread
of infection, but now anyone with an Internet connection can be affected
within a very short time. It also used to be that patching a machine against
a vulnerability might be more dangerous than the risk that someone would
take advantage of the flaw; now unpatched systems risk immediate compromise.
Current security infrastructures—firewalls, intrusion detection, PKI
and so on—can’t handle the variety and volume of attacks that strike with
increasing speed and sophistication. At the same time, security, network
and systems administrators face escalating demands to secure information.
Add to that new legislation requiring protection of privacy and proprietary
information, and you can see the problems facing data security.
Microsoft thinks the answer is Palladium. Here’s what it says Palladium
- Greater integrity: Hardware and software components will be
verified both in establishing their identity and managing what data
they can access.
- Superior personal privacy: Internet/network access of private
data will only be allowed by authorized sources. The user, the owner
of the data, will control what an authorized source is. On machines
used by multiple users, each user’s data will be compartmentalized into
realms so that one user’s error doesn’t compromise someone else. It
will also mean that one user’s identity and data can’t be stolen by
- Enhanced data security: Machine identity is also authenticated.
Keys are stored in sealed storage. All data is protected—user, corporate
and commercial. Transactions and processes can be verified as correct.
What Will it do?
The details of how this will happen are somewhat sketchy, but here
are some broad outlines of what the Palladium experience will be like:
- Legacy compatibility: Existing applications and device drivers
will run, but these legacy applications won’t benefit from Palladium’s
- Secure identity: Users can choose an identity service provider.
Identity service providers can be used to represent data in online transactions.
- Digital Rights Management (DRM) technology: DRM isn’t required.
DRM provides content protection, protection of intellectual property,
trusted e-mail, and protection of corporate documents. DRM deployed
on Palladium will benefit from it; but DRM doesn’t require it, nor does
Palladium require DRM.
- Software and hardware authentication: Trusted gateway servers
provide a barrier between remote and corporate networks. The gateway
only allows trusted applications to access the network and protects
the network from infection by remote users while protecting remote users
from intrusion via the corporate network.
- Closed spheres of trust: Data or services can be bound to
users and applications.
- Default configuration: Users of Palladium systems must opt
in; Palladium systems will be shipped with hardware and software features
- Code isolation: Trusted code runs in physically isolated and
protected memory. While viruses can still run in Palladium, an anti-viral
program can’t be corrupted by infected code, allowing it to work without
danger of corruption.
- Authenticated operations: Sealed storage protects applications
from subversion. Applications can be authenticated.
- Attestation: Software and hardware are cryptographically verifiable
to user and computer, programs and services before information is shared.
Transactions can then be assured that operations and data originate
from other trusted applications and machines.
- Protected pathways: Hardware provides protection so keystrokes
can’t be snooped or spoofed.
- Trusted execution space: Trusted code runs in a trusted execution
space, so code can’t be observed or modified. Files are encrypted with
machine-specific secrets and, therefore, are useless if stolen or copied.
The machine’s private key and system secrets are embedded in hardware.
- Agents: Trusted agents from any publisher can run on Palladium.
Only the user can restrict which can run.
- Certification: Organizations other than Microsoft will be
able to certify Palladium systems.
- Source code: It will be published. That’s right. Palladium
source code will be shared. This isn’t to say that it’ll be open source,
just that it’ll be available for review.
The Four Elements
The problem is that there are few details. How will the system
be built? What software can run on it? All Microsoft will say about Palladium
is that four elements will be combined to create the platform:
- Architectural enhancements to the Windows kernel: Trusted
data storage, encryption, authenticated boot, and hardware and software
authentication are provided by the Nexus (see next page) and trusted
- Architectural enhancements to computer hardware: CPU, peripherals
and chipsets will create a trusted execution subsystem. The Nexus maintains
trusted space and has access to Palladium services such as sealed storage.
Sealed storage is an area that can be used by trusted programs to store
secrets. Non-trusted programs can’t retrieve or read these secrets (booting
to another OS or placing the disk on another machine won’t grant access).
There will be, however, trusted backup and migration of secrets to other
machines. Attestation can be used to verify whether parts of the operating
environment, or Palladium itself, are running on a machine.
- The Nexus (known previously as trusted operating root or TOR):
The Nexus is software adapted or written to use the Palladium environment.
The Nexus manages trust functionality and executes in kernel mode in
trusted space. It provides services to trusted agents, sealing and unsealing
of secrets, and attestation.
- Trusted agents: These are programs or parts of a program or
service that run in user mode in trusted space. Trusted agents call
the Nexus for security services and critical general services such as
All this is enough to get critics jumping. Some, such as Daniel
Christle of WindoWatch (an e-mail newsletter), fear that Palladium will
give Microsoft too much control over the PC, that it will be “…the self-appointed
guardian of all that is digital.” He claims that Palladium is just Windows
running on future Intel-led Trusted Computing Platform Alliance (TCPA)
computers. He claims that far from improving hardware and software security
for the consumer, Palladium will enable Microsoft and others to access
your computer remotely to remove or disable pirated software or content.
Good news, in other words, for Microsoft, Disney, Sony and the Record
Industry Association of America, but bad news for consumers.
Is the bad news that consumers can’t run illegal copies of software or
steal copyrighted works? No, the bad news is that the very software and
hardware that might enable copyright holders to become the long arm of
the law could also be used to prevent anything but Windows from being
the OS for the new machines. It could be used to stifle competition and
innovations, as only those wealthy enough to seek Microsoft certification
of their products could now compete in a Palladium world.
Another critic, Ross Anderson, a Cambridge University researcher and
a computer scientist, lists the possibilities: Applications will communicate
securely with the vendor, allowing DVDs to be run but not copied, and
permitting unlicensed and pirated software to be detected and deleted
remotely; rented software can be deleted if the fee isn’t paid; documents
can be classified with less chance of being compromised because they’re
bound to a specific hardware device; cheating at computer games and online
tactical bidding at auctions will become more difficult.
If you’re not a thief, all these things sound good, but here’s an issue:
Anderson and others say remote censorship is also possible. Repressive
countries and others would now have a way to suppress freedom of speech,
make books unreadable or garble songs that express ideas they consider
dangerous. Businesses could be prevented from moving to a competing product—as
documents are encrypted by one vendor’s products, they couldn’t be read
by another. Remember also the whistle-blower, the lone individual who
changes destiny by alerting police or the press to immoral, unethical
and illegal activities going on where he or she works. With Palladium,
this person couldn’t e-mail the proof to the press, as the incriminating
information couldn’t be read on non-company computers.
Criminals and terrorists may also benefit from Palladium, as they can
protect their dealings from spying eyes and make their data disappear
if removed from their machines (unless, of course, some master key is
provided to the authorities). But if some master key is provided, could
the nation that manufactured the chips shut down the computers of another
country as the first salvo of war?
Christle and Anderson criticize Microsoft for using the TCPA DRM model.
They ask if the security is for you and me—or for the PC vendor, software
supplier and content industry. Others criticize Microsoft for breaking
away from the TCPA and going it alone.
Jon Lasser, in a SecurityFocus
Web site column, claims that Palladium will kill Linux and open-source.
He also says that—although all code will be required to be digitally signed
and enforced at the hardware level (and, thus, can eliminate attacks by
code that must execute to do damage)—Palladium won’t prevent successful
attacks that run from within trusted applications. Think Outlook viruses,
macro viruses or the use of trusted code in some way not thought of, but
that still does harm.
The Ball Is in Your Court
So there you have it: Microsoft’s proposed blueprint for safer
computing, and the critics’ negative analysis of the design. It’s in your
hands now, your chance to take action. Write to Microsoft requesting more
information about Palladium at firstname.lastname@example.org.
Read the TCPA standard at www.trustedcomputing.org.
Get on the mailing list to be notified when more Palladium information
is available by sending e-mail to email@example.com
with the word “subscribe” in the subject line.
Get informed. Get involved. Get it?