New Hardware Components For NGSCB
The following minimum
set of hardware components is required to support the NGSCB architecture and
features:
- An NGSCB-enabled CPU
- An NGSCB-enabled chipset
- A dedicated SSC that is physically bound to the NGSCB system motherboard
- Secure input devices, including a keyboard and mouse
Abstract
The next-generation
secure computing base (NGSCB) is an industry-wide initiative that combines
computer hardware platform enhancements with trustworthy-computing capabilities
and services. NGSCB requires changes to the operating system and hardware. Some
scenarios will also require enabling via network infrastructure. While existing
programs will continue to work on a computer running NGSCB, they must be
rewritten to take advantage of the new security provided by NGSCB.
Introduction
Today's personal
computing environment is built on flexible, extensible, and feature-rich
platforms that enable consumers to take advantage of a wide variety of devices,
applications, and services. Unfortunately, the evolution of shared networks and
the Internet has made computers more susceptible to attacks at the hardware,
software, and operating system levels.
Authenticated Operation
One of the key
features of NGSCB is authenticated operation. Trusted applications running in
the protected operating environment are identified and authenticated by their
code identity, which is computed by the nexus. That code identity is the digest
of the application's manifest. The user can define policies that restrict access
to sealed secrets based on the application's code identity.
Secure Video Hardware
Secure video hardware
and software work together to ensure that secure windows cannot be obscured,
captured by unauthorized software, or altered by unauthorized software. The
focus of secure video is protecting the path used to transfer video data from
the nexus to the graphics adaptor. A secure graphics adaptor can be integrated
in the chipset with a special closed path between it and the nexus. For
example, as part of this solution, the graphics adaptor could offer a set of
registers at a fixed address, accessible only when the system is running in
nexus mode.
Conclusions
NGSCB provides a
protected run environment for programs, which isolates them from other
programs. Each program is protected from software attack, even from the
operating system. Unlike conventional authentication models, NGSCB is rooted in
software authentication and provides software isolation, secure storage,
attestation, and secure I/O operations.
0 comments:
Post a Comment