Digg this story   Add to del.icio.us  
Palladium holds Promise, and Peril
Tim Mullen, 2002-07-08

Whether Microsoft's ambitious project is a security solution or a Trojan horse depends much on the company's intentions.

The responses to the recent publication of Microsoft's "Palladium" project are as varied as the putative sources of the initiative's namesake in Greek Mythology.

Some say the "Palladium" is a statue of Athena; others say it was a figurine made by Athena in the image of her lost friend Pallas, whom she killed in a childhood battle. Most contend that after the Palladium was stolen from Troy, the city then became vulnerable to attack and fell victim to the original Trojan Horse.

Regardless of your personal interpretation of lore, to most people the Palladium is a representation of protection and an icon of security. With such rich symbolism and metaphoric potential, it is no wonder that Microsoft chose it as the code name to embody the goals of what I believe is their most enterprising security project to date.

In its simplest form, Palladium is the conceptualization of a toolset that will allow one to define, in a very granular way, the extent of processes' trust level in a system, and to "seal" data into a trusted object or objects. Employing both hardware and software, Palladium will provide "benefits in privacy, security and integrity," and will allow users to "create secure environments that are not possible today" according to Mario Juarez, Palladium's project manager.

These features will be built directly into a future version of Microsoft's Windows operating system and will be present in all installations -- but they will only be available to systems with a special hardware chipset required to support them. In addition to standard features like encryption and digital signatures, Palladium will support many new features such as documents that auto-expire or ones with specific portions blocked-out to certain users. Smart card-like functions could be utilized to identify a user during a Web transaction or for VPN connections. And access to some or all data could be limited to a particular program regardless of the user.

Palladium even promises to keep worms and viruses at bay by limiting what programs could be executed by the OS. The architecture is such that, according to a Palladium team member, even a kernel-mode exploit could not gain access to the key management functions due to the new protected memory and chipset designs being used.

Conspiracy Theory
If Palladium delivers on its promise, it could be a very powerful security feature; and it would be easy enough to use so that the average user could take advantage of its capabilities.

But many security experts are skeptical as to Microsoft's true intentions behind the development of Palladium. While it may enable users to utilize strong security technologies, it could also be used by vendors to tightly "bind" customers to their product line in the future.

Dr. Ross Anderson, leader of the Computer Security Group at Cambridge University, says: "The real threat of TCPA/Palladium is an economic one. In information goods and services markets, the value of a customer is often their total switching cost. Palladium offers the prospect of pushing up these switching costs dramatically. For example, if Word were ever to be seriously threatened by Staroffice, and everyone were using TCPA/Palladium PCs, then Microsoft could roll out a policy change to the effect that Word documents would be sealed using keys that would be accessible to 'good' applications such as Excel, but not to 'bad' applications such as Star[office]."

It is important to note that this is not strictly a Microsoft issue. Palladium is really just Microsoft's implementation of specifications developed by a larger body called the Trusted Computing Platform Alliance (TCPA). Founded by IBM, Compaq, HP, Intel, and of course Microsoft, the TCPA contains over 180 member companies including others like Novell, AMD, Adobe, Dell, Motorola, and Tripwire.

In the same way that Microsoft could lock down Word documents to "trusted" applications, HP could just as easily force its printers to output low resolution documents if a genuine HP color cartridge was not used in the printer. This would certainly make some customers angry, but when you consider that HP makes its "printer" money on accessories, losing a customer who isn't purchasing their brand of cartridges is not really losing that much.

Echoing Anderson's sentiments, Bruce Schneier opined "this [Palladium] has nothing to do with security; it has everything to do with protectionism."

These 180 companies are not all developing this project from a core of Evil Conspiracy; I'm sure that many have the best interests of their customers at heart. Microsoft's Mario Juarez believes in the project, and I think the excitement in his voice when he speaks of it is genuine. There are certainly lots of good things that could come out of a system like this.

But even if only the best of intentions go into the development of Palladium today, we have no idea what future management at Microsoft may choose to do with it tomorrow. And that is what we have to watch.

SecurityFocus columnist Timothy M. Mullen is Vice President of Consulting Services for NGSSoftware.
    Digg this story   Add to del.icio.us  
Comments Mode:
....only the best of intentions ... 2002-07-08
Anonymous (1 replies)
Arms race did exist 2002-07-08
The Peril of the Hardware... 2002-07-08
Nicholas Weaver
The wrong problem addressed 2002-07-09
L0k1 (1 replies)
The wrong problem addressed 2002-07-10
Anonymous (1 replies)
The wrong problem addressed 2002-07-11
What about the others? 2002-07-09
Palladium holds Promise, and Peril 2002-07-09
Wrong problem indeed,... 2002-07-10
Yea, best interest 2002-07-18


Privacy Statement
Copyright 2010, SecurityFocus