Friday, May 12, 2006 1:00:22 AM
Vacationhouse: From your find re: Security
http://www.investorshub.com/boards/read_msg.asp?message_id=11078331
"...Currently, virtualization is done in software, using tools like VMWare, Xen, or Microsoft Virtual Server, but you'll soon see that functionality built into the chip set. A new protection level will be provided below Ring 0, and instruction intercepts will be provided, along with machine-specific registers and ten protection vectors. The new chip-sets will have another level of virtual memory, says Weber, with security features that include shadow page tables and recursive page table walks..."
In yesterday's CC Steven Sprague said this:
http://www.unclever.com/wavx/WAVX1Q06.htm
Intel just announced their logo program for business platforms, the vPro brand, which also includes and requires Trusted Platform Modules. I think vPro is a very interesting space to watch because what you’re seeing is really the beginnings of the next stage of Trusted Computing that will develop probably not this year as much as it will develop next year. Which is how does the root of Trust in my PC help to manage ultimately Virtualization. So this is a fairly complex topic. I won’t spend a huge amount of time on it today. It is all in the direction of how do you manage Trusted Execution on your machine. Which applications are allowed to run? Where are they allowed to run? What are they allowed to do? And you’re seeing the starting point of it.
This it the result of work that’s gone on for the last four or five years. And even in some cases result of work from relationships that Wave had prior to 2000 in trusted hardware and trusted execution. So we think it’s a very interesting space. I don’t think it’s going to drive short-term revenue. It’s an area we continue to invest in in assuring we’re in the right position and the right place to support. I think our presence in the Trusted Computing support tools will help us very well in helping to manage aspects of Virtualization or the trust models of Virtualization as that comes to market..."
And now a post from 7/25/2004
http://www.investorshub.com/boards/read_msg.asp?message_id=3646232
The Parallel Universe...
doma, thanks for this enlightening PPT link with the TrustZone theme starting at slide number 7:
http://www.jp.arm.com/kk/arm_forum2003/ppt/trust_zone.ppt
Indeed I believe Lark's speech will be all about the prallelism of secure and general operating systems executing on the same processor, like ARM is saying in the referenced PPT presentation.
What I feel is truly interesting is reading what Microsoft said in a document recently unearthed by dabears4. It appears that this document, dated July 15, 2004, represents an exciting revelation about Microsofts "evolved" Longhorn (NGSCB) OS.
I believe this paper to be the first public revelation of the "evolved" NGSCB concept. The proposed technology follows the same principal as ARM's "TrustZone" security extension.
I copy:
"...In connection with NGSCB, upcoming versions of the x86 processor will introduce a new CPU mode that is strictly more privileged than the existing ring 0. Effectively, this amounts to a new ring -1. Our isolation kernel executes in this ring. Executing the isolation kernel in ring -1 allows us to execute guest operating systems in ring 0, thus avoiding the problems entailed by the fact that the x86 instruction set is not virtualizable..."
Those that want to read the entire paper here is the link. The paper discusses in great detail all the aspects to be considered for secure computing.
http://research.microsoft.com/~yuqunc/papers/ngscb.pdf
In chapter 5 of this paper titled "System Overview" Microsoft also says:
"...We are now ready to outline how the components and concepts described so far can be combined into a complete system. The missing piece are operating systems and applications that execute on the isolation kernel..."
"...THE MISSING PIECE ARE OPERATING SYSTEM AND APPLICATIONS THAT EXECUTE ON THE ISOLATION KERNEL.."
So how can Microsoft propose an architecture if they are missing a key element?
Do I need to spell it out or will somebody else do it for me? I'll give you a hint below:
http://www.investorshub.com/boards/read_msg.asp?message_id=11078331
"...Currently, virtualization is done in software, using tools like VMWare, Xen, or Microsoft Virtual Server, but you'll soon see that functionality built into the chip set. A new protection level will be provided below Ring 0, and instruction intercepts will be provided, along with machine-specific registers and ten protection vectors. The new chip-sets will have another level of virtual memory, says Weber, with security features that include shadow page tables and recursive page table walks..."
In yesterday's CC Steven Sprague said this:
http://www.unclever.com/wavx/WAVX1Q06.htm
Intel just announced their logo program for business platforms, the vPro brand, which also includes and requires Trusted Platform Modules. I think vPro is a very interesting space to watch because what you’re seeing is really the beginnings of the next stage of Trusted Computing that will develop probably not this year as much as it will develop next year. Which is how does the root of Trust in my PC help to manage ultimately Virtualization. So this is a fairly complex topic. I won’t spend a huge amount of time on it today. It is all in the direction of how do you manage Trusted Execution on your machine. Which applications are allowed to run? Where are they allowed to run? What are they allowed to do? And you’re seeing the starting point of it.
This it the result of work that’s gone on for the last four or five years. And even in some cases result of work from relationships that Wave had prior to 2000 in trusted hardware and trusted execution. So we think it’s a very interesting space. I don’t think it’s going to drive short-term revenue. It’s an area we continue to invest in in assuring we’re in the right position and the right place to support. I think our presence in the Trusted Computing support tools will help us very well in helping to manage aspects of Virtualization or the trust models of Virtualization as that comes to market..."
And now a post from 7/25/2004
http://www.investorshub.com/boards/read_msg.asp?message_id=3646232
The Parallel Universe...
doma, thanks for this enlightening PPT link with the TrustZone theme starting at slide number 7:
http://www.jp.arm.com/kk/arm_forum2003/ppt/trust_zone.ppt
Indeed I believe Lark's speech will be all about the prallelism of secure and general operating systems executing on the same processor, like ARM is saying in the referenced PPT presentation.
What I feel is truly interesting is reading what Microsoft said in a document recently unearthed by dabears4. It appears that this document, dated July 15, 2004, represents an exciting revelation about Microsofts "evolved" Longhorn (NGSCB) OS.
I believe this paper to be the first public revelation of the "evolved" NGSCB concept. The proposed technology follows the same principal as ARM's "TrustZone" security extension.
I copy:
"...In connection with NGSCB, upcoming versions of the x86 processor will introduce a new CPU mode that is strictly more privileged than the existing ring 0. Effectively, this amounts to a new ring -1. Our isolation kernel executes in this ring. Executing the isolation kernel in ring -1 allows us to execute guest operating systems in ring 0, thus avoiding the problems entailed by the fact that the x86 instruction set is not virtualizable..."
Those that want to read the entire paper here is the link. The paper discusses in great detail all the aspects to be considered for secure computing.
http://research.microsoft.com/~yuqunc/papers/ngscb.pdf
In chapter 5 of this paper titled "System Overview" Microsoft also says:
"...We are now ready to outline how the components and concepts described so far can be combined into a complete system. The missing piece are operating systems and applications that execute on the isolation kernel..."
"...THE MISSING PIECE ARE OPERATING SYSTEM AND APPLICATIONS THAT EXECUTE ON THE ISOLATION KERNEL.."
So how can Microsoft propose an architecture if they are missing a key element?
Do I need to spell it out or will somebody else do it for me? I'll give you a hint below:
Join the InvestorsHub Community
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
