Palladium may be the most misunderstood project Microsoft has ever devised. Maybe that's because the company divulged information about it more than 3 years before it will see the light of day. What is Palladium, and why should you be thinking about it now?
Palladium is Microsoft's Trustworthy Computing initiative made real—a hardware/software solution that will form the basis of next-generation computer systems. Microsoft intends Palladium to protect user privacy and present a secure environment for sensitive data. Here's what you need to know about Palladium.
Part of Longhorn
Essentially a new computing platform for security, personal privacy, and system integrity, Palladium is due to ship in 2005 as part of Longhorn, the next Windows version. But Palladium isn't just software: It will require a new type of PC with a specially designed microprocessor—Intel and AMD are on board—and security chipset. Palladium will also be optional: Users who want to load Longhorn on a non-Palladium PC can do so—and forgo Palladium's benefits.
But make no mistake: Palladium is an all-new PC architecture. And if Palladium is successful, the PC as we know it will disappear. Post-Longhorn, Palladium could easily become a requirement for future Windows versions.
A Secure PC Environment
As the agent of Microsoft's Trustworthy Computing initiative, Palladium will create a secure execution space on a PC or other Palladium-compatible device. This runtime environment encompasses three areas of integrity: machine integrity, data integrity, and user integrity. Machine integrity requires the underlying hardware to meet Palladium's standards. Data integrity uses Digital Rights Management (DRM) to protect crucial software systems and associated data, such as email. User integrity incorporates OS-type security, such as logons, smart cards, and other forms of authentication.
This three-tiered approach has two interesting—and often misunderstood—results. First, because Palladium directly handles only machine and data integrity, it requires an underlying OS to provide a complete solution, and this OS needn't be Windows—or even supplied by Microsoft. Second, Palladium essentially moves attacks and other electronic threats from the software application and OS levels down to the hardware. In this sense, Palladium is bigger than Windows or any other OS.
Digital Identity Protection
Cast aside any comparisons to Microsoft .NET Passport, Microsoft's current online identity service. With Palladium, the company is taking a different approach to creating, managing, and protecting a digital identity. Instead of using a centralized server as .NET Passport does, Palladium puts control in users' hands.
The goal is to protect users from identity masquerades and theft by providing an architecture that enables user identities to be uniquely verified. So, for example, you'll be able to securely transmit credit card transactions online or send an email message and be sure that only the intended recipient can access the enclosed data.
The Chipset Is the Key
Combining a Palladium-compatible OS such as Longhorn with Palladium-specific hardware creates a special microkernel-like environment, called the Trusted Operating Root (TOR), that can instantiate the Palladium software. As the software loads, it sets aside a secure, or trusted, processing environment called the vault within the hardware chipset. Data in the vault is physically isolated, protected, and not accessible to other applications and services on the PC. Only users, processes, services, applications, other computers, or other entities that can be verified as trustworthy can access the vault's data. Microsoft says that hardware channels inside Palladium-based PCs will be "impervious to snooping, hardware/software-based attacks, and masquerading or impersonating on the screen."
Recommendations
Palladium isn't happening this year, next year, or even the year after that. So, you have time to plan for the future—and, of course, suffer from the malicious attacks that Palladium intends to obviate. Will Palladium deliver on its promises, or is it doomed to be another far-reaching Microsoft initiative that doesn't live up to its hype? Time will tell, and we've certainly got plenty of that.
