Abstract
We describe Microsoft’s Next Generation Secure Computing Base (NGSCB). The system provides high assurance computing in a manner consistent with the commercial requirements of mass market systems. This poses a number of challenges and we describe the system architecture we have used to overcome them. We pay particular attention to reducing the trusted computing base to a small and manageable size. This includes operating the system without trusting the BIOS, most devices and device drivers and the bulk of the code of mass market operating systems. Furthermore, we seek to strengthen access control and network authentication in mass market systems by authenticating executable code at all system layers. We have implemented a prototype of the system and expect the full system to be mass deployed.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Abadi, M.: Trusted computing, trusted third parties and verified communications (2004)
Abadi, M., Wobber, T.: A logical account of NGSCB (2004)
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: Proceedings of the 19th Symposium on Operating Systems Principles (SOSP 2003), pp. 164–177 (2003)
Bell, D., La Padula, L.: Secure computer systems: Mathematical foundations and model. Technical Report M74-244, Mitre Corporation (1975)
Berson, T., Barksdale, G.: KSOS – a development methodology for a secure operating system. In: Proceedings of the 1979 AFIPS National Computer Conference, pp. 365–371 (1979)
Chen, Y., England, P., Peinado, M., Willman, B.: High assurance computing on open hardware architectures. Technical Report MSR-TR-2003-20, Microsoft Research (2003)
DOD, Washington, DC. Department of defense trusted computer system evaluation criteria, DOD 5200.28-STD (December 1985)
England, P., Peinado, M.: Authenticated operation of open computing devices. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 346–361. Springer, Heidelberg (2002)
Engler, D., Kaashoek, M.F., O’Toole Jr., J.: Exokernel: An operating system architecture for application-level resource management. In: Proceedings of the 15th Symposium on Operating Systems Principles (15th SOSP 1995), Operating Systems Review, pp. 251–266 (1995)
eTestingLab. Business Winstone 2002 and Multimedia Content Creation Winstone 2002 (2002), http://www.winstone.com
Fraim, L.: Scomp: A solution to the multilevel security problem. IEEE Computer 16, 26–34 (1983)
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra:A virtual-machine based platform for trusted computing. In: Proceedings of the 19th Symposium on Operating Systems Principles, SOSP 2003 (2003)
Garfinkel, T., Rosenblum, M., Boneh, D.: A broader vision of trusted computing. In: Proceedings of the 9th USENIX Workshop on Hot Topics in Operating Systems, HotOS-IX (2003)
Härtig, H., Hohmuth, M., Liedtke, J., Schönberg, S., Wolter, J.: The performance of μ-kernelbased systems. In: Proceedings of the 16th Symposium on Operating Systems Principles, SOSP 1997 (1997)
Härtig, H.: Security architectures revisited (2002)
Karger, P., Zurko, M., Bonin, D., Mason, A., Kahn, C.: A restrospective on the VAXVMM security kernel. IEEE Transactions on Software Engineering 17(11), 1147–1165 (1991)
Lampson, B.: Protection. ACM Operating Systems Review 8(1), 18–24 (1974)
Leslie, B., Heiser, G.: Towards untrusted device drivers. Technical Report UNSW-CSETR- 0303, University of New South Wales (2003)
NIST. Common Criteria for Information Technology Security Evaluation, version 2.1 edition (August 1999)
Parmelee, R., Peterson, T., Tillman, C., Hatfield, D.: Virtual storage and virtual machine concepts. IBM Systems Journal 11(2), 99–130 (1972)
Pfitzmann, B., Riordan, J., Stüble, C., Waidner, M., Weber, A.: The Perseus system architecture. Technical report, IBM Research Division (2001)
Popek, G., Goldberg, R.: Formal requirements for virtualizable third generation architectures. Communications of the ACM 17(7), 412–421 (1974)
Robin, J., Irvine, C.: Analysis of the Intel Pentium’s ability to support a secure virtual machine monitor. In: Proceedings of the 9th USENIX Security Symposium (SECURITY 2000), pp. 129–144. The USENIX Association (2000)
Schell, R., Tao, T., Heckman, M.: Designing the GEMSOS security kernel for security and performance. In: Proceedings of the 8th DoD/NBS Computer Security Conference, pp. 108–119 (1985)
Shapiro, J., Smith, J., Faber, D.: EROS: a fast capability system. In: Proceedings of the 17th Symposium on Operating Systems Principles (SOSP 1999), Operating Systems Review, pp. 170–185. ACM Press, New York (1999)
Whitaker, A., Shaw, M., Gribble, S.: Scale and performance in the Denali isolation kernel. In: Proceedings of the 5th Symposium on Operating Systems Design and Implementation (OSDI 2002), pp. 195–209 (2002)
Wright, C., Cowan, C., Smalley, S., Morris, J., Kroah-Hartman, G.: Linux security modules: General security support in the Linux kernel. In: Proceedings of the 11th USENIX Security Symposium (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Peinado, M., Chen, Y., England, P., Manferdelli, J. (2004). NGSCB: A Trusted Open System. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds) Information Security and Privacy. ACISP 2004. Lecture Notes in Computer Science, vol 3108. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-27800-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-540-27800-9_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22379-5
Online ISBN: 978-3-540-27800-9
eBook Packages: Springer Book Archive