Security Model for the Next-Generation Secure Computing Base

Microsoft’s Next-Generation Secure Computing Base (NGSCB)-another way Microsoft is building a trustworthy computing environment to help customers realize their full potential.

Since the beginning of this initiative, Microsoft’s vision has been to create new security technology for the Microsoft Windows platform that uses a unique hardware and software design to give people new kinds of security and privacy protections in an interconnected world. The vision has not changed.

Our original approach was to create a new secure computing base that would run parallel to the regular Windows environment. This environment would provide features such as strong process isolation, sealed storage, secure path to and from the user, and attestation. This architectural approach would have required that applications be rewritten to take advantage of the new secure computing base.

While our customers said they liked the enhanced level of security offered in the original NGSCB architecture, they needed higher availability, better performance, and compatibility with existing applications. We heard strong feedback requesting that we meet these critical new requirements, as customers were concerned that having to rewrite all of their applications would hinder adoption of NGSCB.

To help industry partners better understand the NGSCB security model, this white paper includes the following sections:

  1. NGSCB Fundamentals

Identifies the core elements of NGSCB, including strong process isolation, sealed storage, attestation, and secure paths to the user.

  1. How NGSCB Works

Describes how the core NGSCB elements work together, and identifies some of the key benefits that NGSCB features provide to consumers.

Provides a list of resource materials and contact information for readers who want to provide feedback or receive additional information about NGSCB.

1. NGSCB Fundamentals

On commercial computer platforms, it is not feasible to restrict the firmware, device hardware, drivers, and applications sufficiently to provide adequate process isolation. NGSCB avoids this conflict by allowing both secure and mainstream operating systems to coexist on the same computer.

Only an NGSCB-trusted application, also called a nexus computing agent (NCA), can run securely within the protected operating environment. The user defines specific policies that determine which trusted applications can run in the protected operating environment. The program code does not need to be signed in order to run on an NGSCB-capable computer.

The following core elements provide the protected operating environment for trusted applications:

  • Strong process isolation

The protected operating environment isolates a secure area of memory that is used to process data with higher security requirements.

  • Sealed storage

This storage mechanism uses encryption to help ensure the privacy of NGSCB data that persists on the hard disk of NGSCB-capable computers.

  • Attestation

This occurs when a piece of code digitally signs and attests to a piece of data, helping to confirm to the recipient that the data was constructed by a cryptographically identifiable software stack.

  • Secure paths to the user

By encrypting input and output, the system creates a secure path from the keyboard and mouse to trusted applications and from those applications to a region of the computer screen. These secure paths ensure that valuable information remains private and unaltered.

Microsoft is initially designing NGSCB features and services for the next 32-bit version of the Windows operating system, and plans are underway to support other platforms as well.

1.1. Strong Process Isolation

In NGSCB, the protected operating environment provides a restricted and protected address space for applications and services that have higher security requirements. The primary feature of the protected operating environment is curtained memory, a secure area of memory within an otherwise open operating system.

Random access memory (RAM) in current computers is divided into two sections: the operating system, which is ring 0, and the user space, which is ring 3. Two addressing-mode bits control access to these sections. Ring 0 contains important system functions, including memory management, scheduling, and peripheral device drivers. User programs that run on the computer execute in ring 3. These user programs can also call into ring 0 whenever they require a system function, such as additional memory.

Using the current memory scheme, only virtual memory protection is achievable, and it is relatively easy for an attacker to add malicious programs to both the operating system and user space memory. Connecting to the Internet exacerbates transmission of these malicious programs. NGSCB addresses this problem by isolating a specific portion of RAM within the address space to create curtained memory. An NGSCB addressing-mode bit is set to address this portion of memory, and the bit is added to the NGSCB CPU. Any subset of RAM pages can then be placed within this secure area of memory.

This protected operating environment consists of two primary system components:

  • Nexus

This is a special security kernel that establishes the protected operating environment by isolating specific areas in memory. The nexus provides encryption technology to authenticate and protect data that is entered, stored, communicated, or displayed and to help ensure that the data is not accessed by other programs or hardware devices.

  • NCAs

These are trusted software components which run in the protected operating environment and are hosted by the nexus. An NCA can be an application, a part of an application, or a service. Using NCAs to process data and transactions in curtained memory is one of the primary features of NGSCB-capable computers.

The following diagram shows the typical NGSCB configuration, which consists of two largely isolated subcomponents. The vertical line between the two components represents a hardware- and software-based isolation mechanism. The components to the left of the vertical line are part of the traditional operating system with some special support for NGSCB. The existing applications and operating systems (and any harmful programs) on the computer continue to operate as they do now. The components to the right of the vertical line comprise the nexus and the trusted applications that run on it. These NCAs run in the secure area of memory where they are protected from any harmful programs running on the traditional operating system. Both sets of subcomponents share the main hardware resources, including the CPU, RAM, and some input/output (I/O) devices.

Figure : Typical NGSCB Configuration

1.1.1 Nexus

The nexus is a small security kernel that manages the security hardware and protected operating environment and provides system services to the applications that the user wants to run in that protected environment. The nexus is authenticated during computer startup. After it is authenticated, the nexus creates the protected operating environment within Windows. Programs can then request that the nexus perform trusted services such as starting an NCA.

The nexus also:

  • Offers services to store cryptographic keys and encrypt and decrypt information.
  • Identifies and authenticates NCAs.
  • Controls access to trusted applications and resources by using a security reference monitor, which is part of the nexus security kernel.
  • Manages all essential NGSCB services, including memory management, exclusive access to device memory and secure input and output, and access to any non-NGSCB system services.

The nexus executes in kernel mode within the curtained memory. It uses standard ring and virtual memory protections to isolate itself from the trusted applications and to isolate those applications from each other. After the nexus is authenticated successfully, the NGSCB hardware allows the nexus to access “secrets,” which are keys, hashes, and other cryptographic methods and objects that are bound to its code identity and enable the nexus to identify the trusted applications. The nexus can then use these secrets to provide decryption and authentication services for trusted applications. The nexus also obtains privileged access to certain I/O devices, including the keyboard and monitor, which creates secure paths between the user and the nexus.

The nexus provides a limited set of application programming interfaces (APIs) and services for trusted applications, including sealed storage and attestation functions. The set of nexus system components was chosen to guarantee the confidentiality and integrity of the nexus data, even when the nexus encounters malicious behavior from the main operating system.

1.2. Sealed Storage

Because file access controls are only as secure as the operating system that implements the access check, NGSCB also strengthens access-control mechanisms for data stored on the hard disk. NGSCB provides sealed data storage by using a special security support component (SSC). The SSC provides the nexus with individualized encryption services to manage the cryptographic keys, including the NGSCB public and private key pairs and the Advanced Encryption Standard (AES) key from which keys are derived for trusted applications and services. An NCA uses these derived keys for data encryption; file system operations by the standard operating system provide the storage services.

Sealed storage securely stores information so an NCA can mandate that its information is only accessible to itself and other applications and services that the user and NCA identify as trustworthy. Any time the nexus must protect information, it can encrypt the data by using keys derived from the SSC.

1.3. Secure Paths to the User

Secure input and output in NGSCB refers to a secure path from the keyboard and mouse to trusted applications and from those applications to a region of the screen. To achieve secure input and output, NGSCB uses secure input and output devices to ensure that user data comes from and goes to authorized locations without being intercepted. The following diagram shows the interaction of secure input and output devices with other NGSCB components.

Figure : Secure Paths to the User

2. How NGSCB Works

The NGSCB platform was designed with security and system integrity as its primary goals. The protected operating environment physically isolates memory from the rest of the system, making the memory resistant to malicious programs or other software attacks. Trusted code cannot be recorded or modified when it is running in the isolated execution space. NGSCB-capable computers also encrypt files with computer-specific secrets, making the files useless if stolen or surreptitiously copied. This trusted hardware architecture prevents snooping, spoofing, and data interception.

The following diagram shows the interaction between applications, operating systems, and hardware devices that make up the trusted architecture on an NGSCB-capable computer.

Figure : How NGSCB Works

Figure : How NGSCB Architecture

Next-Generation Secure Computing Base (NGSCB): The traditional ” left-hand side ” of a computer’s chipset and CPU joins a new, ” right-hand side ” security computing chipset, designed to protect against malicious software while preserving Windows’ openness. Click image for high-resolution version.