The Next-Generation Secure Computing Base (NGSCB; codenamed Palladium[1] and also known as Trusted Windows'[2]) is a software architecture designed by Microsoft which aimed to provide users of the Windows operating system with better privacy, security, and system integrity.[3][4] NGSCB was the result of years of research and development within Microsoft to create a secure computing solution that equaled the security of closed platforms such as set-top boxes while simultaneously preserving the backward compatibility, flexibility, and openness of the Windows operating system.[5][6][7] Microsoft's primary stated objective with NGSCB was to "protect software from software."[5]
Integrity Pro 8.1.16
Part of the Trustworthy Computing initiative when unveiled in 2002, NGSCB was to be integrated with Windows Vista, then known as "Longhorn."[1] NGSCB relied on hardware designed by the Trusted Computing Group to produce a parallel operation environment hosted by a new hypervisor (referred to as a sort of kernel in documentation) called the "Nexus" that existed alongside Windows and provided new applications with features such as hardware-based process isolation, data encryption based on integrity measurements, authentication of a local or remote machine or software configuration, and encrypted paths for user authentication and graphics output.[3][8] NGSCB would facilitate the creation and distribution of digital rights management (DRM) policies pertaining the use of information.[9]
NGSCB was subject to much controversy during its development, with critics contending that it would impose restrictions on users, enforce vendor lock-in, and undermine fair use rights and open-source software. It was first demonstrated by Microsoft at WinHEC 2003[10] before undergoing a revision in 2004 that would enable earlier applications to benefit from its functionality.[11] Reports indicated in 2005 that Microsoft would change its plans with NGSCB so that it could ship Windows Vista by its self-imposed deadline year, 2006; instead, Microsoft would ship only part of the architecture, BitLocker, which can optionally use the Trusted Platform Module to validate the integrity of boot and system files prior to operating system startup.[12] Development of NGSCB spanned approximately a decade before its cancellation,[6][13] the lengthiest development period of a major feature intended for Windows Vista.
During WinHEC 1999, Biddle discussed intent to create a "trusted" architecture for Windows to leverage new hardware to promote confidence and security while preserving backward compatibility with previous software.[27] On October 11, 1999, the Trusted Computing Platform Alliance, a consortium of various technology companies including Compaq, Hewlett-Packard, IBM, Intel, and Microsoft was formed in an effort to promote personal computing confidence and security.[28] The TCPA released detailed specifications for a trusted computing platform with focus on features such as code validation and encryption based on integrity measurements, hardware-based key storage, and machine authentication; these features required a new hardware component designed by the TCPA called the "Trusted Platform Module" (referred to as a "Security Support Component",[9] "Security CoProcessor",[5] or "Security Support Processor"[5] in early NGSCB documentation).
2ff7e9595c
Comments