NGSCB The Next-Generation Secure Computing Base Ellen Cram Lead Program Manager Windows Security Microsoft Corporation ellencr@microsoft.com
Agenda NGSCB Features Writing NGSCB Agents NGSCB development Tools and Considerations What You Can Do Today Summary Q & A
Next-Generation Secure Computing Base Defined Microsoft s Next-Generation Secure Computing Base (NGSCB) is a new security technology for the Microsoft Windows platform Uses both hardware and software to protect data Offers new kinds of security and privacy protections in an interconnected world
Threats Mitigated in V1 Tampering with Data Strong process isolation prevents rogue applications from changing our data or code while it is running Sealed storage verifies the integrity of data when unsealing it Information Disclosure Sealed storage prevents rogue applications from getting at your encrypted data Repudiation Attestation enables you to verify that you are dealing with an application and machine configuration you trust Spoofing Identity Secure path enables you to be sure that you re dealing with the real user, not an application spoofing the user
Version 1 Details Fully aligned with Longhorn Ships as part of Longhorn Betas and other releases in synch with and delivered with Longhorn s Focused on enterprise applications Example opportunities: Document signing Secure IM Internal applications for viewing secure data Secure email plug-in
Four NGSCB Features Groups
History of Operating Systems In early operating systems, all process were truly isolated As we ve expanded the flexibility of the system, we ve enabled applications to share resources Window messages Debugging services Memory Even making it possible to see any memory on the system. Many of the exploits we see today exploit this flexibility This requires a special section of memory that can be managed separately than Standard mode
Strong Process Isolation How do you protect agents from Standard mode processes and each other? All of NGSCB runs in isolated memory Enforced by LT hardware Not accessible by the standard Windows kernel Not accessible by hardware DMA Not accessible by other agents The nexus manages all memory for agents Enforces that each agent has a protected memory space Enforces that an agent cannot go outside of its memory space No work is required to utilize strong process isolation Process isolation is inherent in NGSCB All communication between agents must be done through an IPC layer Memory cannot be shared in NGSCB
Attestation We know code is running in an isolated world, but how can we tell if the code is good or bad? And how do we know it hasn t been altered? Solution 1: We only sign code we trust, and configure the system to only run what we sign This is not the NGSCB solution What one company trusts, another may not Not scalable Solution 2: Provide guaranteed identity statements about what is running, and allow a third party to determine what it wants to trust. All agents can run This is the NGSCB solution
Attestation When requested, the nexus can prepare a chain of hashes that authenticates: Agent by digest, signed by the nexus Nexus by digest, signed by the TPM TPM by public key, signed by OEM or IT department Other forms of attestation are possible that provide less information Using a trusted third party Using a zero-knowledge proof The machine owner/administrator sets policy to control which forms of attestation each NCA or group of NCAs can use Secure communications agent provides higher-level services to agent developers Open a secure channel to a service using a secure session key Respond to an attestation challenge from the service based on user policy
Sealed Storage How do you protect data from unauthorized access? Sealed storage provides a method for encrypting data with a key rooted in the hardware Each nexus generates a random keyset on first load TPM chip on motherboard protects the nexus keyset Nexus uses TPM facilities to seal (encrypt and sign) private data The nexus returns a sealed blob, which the agent can persist as it wishes The nexus protects the key from any other agent/application, and the hardware prevents any other nexus from gaining access to the key. Note that an agent can specify other agents that have access to the data Future versions of the same agent Other agents the agent trusts Basic formula Seal(Data) = Blob Ks (Data x Hash) UnSeal(Blob) = (Hash nexus == Hash blob )? Data Error;
Secure Path To User How do you enable secure software and users to interact? Secure input Secure session between device and nexus Protects both keyboard and mouse Secure output Secure channel between graphics adaptor and nexus Secure I/O is inherent in NGSCB Trusted User Engine (TUE) offers higher-level services for agent developers Window layout is defined by the agent using an XML based format Window interaction is managed by TUE Events are passed to the agent
Types of Agents Application agents : stand-alone applications The entire application runs on the RHS Application agents are good for clients in multi-tier applications Example: online banking client Factored agents : components of a larger application Most of the app runs on the LHS Agents are used for specific trusted operations A LHS proxy translates between COM or.net and NGSCB IPC Good for adding trusted features to existing Windows apps Example: document signing component of a word processor
Factored Agents Agents are monolithic - no DLLs Code can be shared using statically-linked libraries Composition of agents is based on IPC IPC is blocking and message-oriented Agents and LHS processes can both use IPC Agents can communicate with other agents LHS applications can communicate with agents they start Access to IPC is controlled by policy
Factoring an Agent When factoring an agent, consider: What data you need to protect, and from what and whom What functionality you need, and whether that s available on NGSCB The amount of data you want to pass between components, and the work/time necessary to do so Fundamental principle: A piece of data or function should be moved to NGSCB if it will benefit from one or more of the four key features, and the functionality it requires is available on the RHS
Writing NGSCB Agents Languages APIs Agents may be written in C or C++, using any compiler Agents can be instantiated from managed or unmanaged code Once we have a RHS CLR, agents will be able to be written in any.net language The RHS CLR is planned to ship subsequently All NGSCB APIs are reviewed for security Some functions are fundamentally more secure on NGSCB Memory management Other functions add security, but developers must manage their usage carefully to prevent accidental data leakage File read/write Sockets
Agent Manifest Provides the information about an application that a machine user uses to determine if the app should run Signed XML document that defines: Agent components Agent properties System requirements Enforced by NGSCB E.g. Debuggable = FALSE Descriptive properties Not interpreted nor enforced by the system E.g. Version = 1.1.2.2 Agent policy requests E.g. access to trusted output, write access to a counter, etc. XML schema is an NGSCB-specific extension to the standard Longhorn manifest
System Policy NGSCB Policy is merely the observation that since the system directly and accurately knows what code is running. With NGSCB a machine owner can also set access control on the code itself The machine owner/admin determines what agents can run, and what they can do on the system. The owner may allow users the ability to override or extend The owner may choose to delegate policy and trust decisions to a 3rd party Use Foo Org s policies for any agent signed by Bar Use my IT department s policies for all agents Resources controlled by system policy include Responding to an attestation challenge Accessing a specific secret Accessing NGSCB API sets (such as the network API) Creating a child process Accessing the TUE Policy is checked at run-time for every request
User Mode Debugging Agents are only debuggable if set in the manifest Changing the manifest to enable debugging changes the identity of the agent Attestation reflects this change Policy calculations based on this identity NGSCB shadow processes are used as debug proxies for the agent being debugged Each NGSCB agent has a corresponding shadow process Each thread within an agent also has a corresponding thread in the shadow process. The Windows kernel in Longhorn can differentiate between a Standard mode process and a NGSCB shadow process The kernel redirects the Windows debugging APIs to the nexus for agents. For example, ReadProcessMemory on a shadow process will result in a request for a read of agent memory, rather than the memory of the shadow Some changes to existing debuggers may be necessary to support NGSCB
Inter-Process Communication IPC is asynchronous and message-oriented Agents and LHS processes can both use IPC Agents can communicate with other agents LHS applications can communicate with agents they start Access to IPC is controlled by policy
What You Can Do Today The Longhorn releases available on MSDN contain the NGSCB developer preview The Longhorn SDK also contains APIs for NGSCB The developer preview SDK is provided so that developers can understand the features and APIs we are providing It does not demonstrate the security of NGSCB The NGSCB developer preview will enable you to prototype most applications you might write on NGSCB V1 The SDK may change before we RTM The developer preview includes a software emulator which simulates the NGSCB environment You do not need new hardware to run it
NGSCB Developer Preview The developer preview supports: Creating an agent in Visual Studio Debugging must be done on the command line at this point Simulated Sealed Storage Simulated Attestation IPC Standard mode and CRT style APIs The developer preview does not provide: Secure Path Strong Process Isolation
Summary NGSCB enhances the security of your programs though Strong process isolation Attestation Sealed Storage Secure Path to User Agents will typically span both Standard mode and Nexus mode Careful planning must go into your program s architecture to enable this You can start prototyping NGSCB agents today
Resources NGSCB preview and SDK available now to MSDN subscribers; details at http://msdn.microsoft.com/longhorn/ Visit our site, read our white papers & specs http://www.microsoft.com/ngscb Send questions to our Q&A alias ngscb_qa@microsoft.com Sign up for e-mail updates Subscribe to the NGSB information newsletter for ongoing updates send blank e- mail to: wtpiinfo-subscribe@pens.tm500.com Participate in TCG (TPM and PC Client WGs) www.trustedcomputinggroup.org