Microsoft's Palladium (DRM) talk at MIT

Arnold Reinhold has posted a summary of the technical overview of Palladium that Microsoft recently presented at MIT.

Palladium is a collection of Microsoft technologies for enforcing system-wide DRM. The technologies fall into four categories: (1) “Curtained memory” ensures that code can’t observe (read) or modify (write) other code’s memory. (2) “Attestation” means that code can “attest” that it’s data was created by it and belongs to it. (3) “Sealed storage” means that only code that created the data (or code it trusts) can get to it once it’s stored to a non-volitile storage medium. (3) “Secure input and output” means that communications to the keyboard, mouse and display are encrypted. Palladium achieves all of this through a virtual PC running it’s own OS (“Nexus”) that communicates to the real PC via agents.

How to prevent the secure channel to the on-screen window from being spoofed is still an open problem. Brian suggested a secure mode LED that lights when that window has focus or having the secure window display a mother’s-maden-name type code word that you only tell Nexus. Of course this doesn’t matter for DRM since your trusting the window is not the issue.

Sheesh. Get ready for your forced move to a gated community where you can’t see what’s in the refrigerator unless you put it there. Link