Security SIG: POSTPONED!
October's Monthly Meeting
Microsoft's Next-Generation Secure Computing Base (NGSCB or Palladium) will be included in a future version of the Windows operating system. Employing a unique hardware and software architecture, NGSCB will create a protected computing environment inside of a Windows PC-a "virtual vault" that will sit side by side with the regular Windows environment to enable new kinds of security and privacy protections for computers.
NGSCB is a key milestone on the journey towards Trustworthy Computing, and it is up to developers and security professionals to ensure that we arrive at the right answer for the digital community -- One that balances the user's own privacy, the computer owner's control, computer security, and the protection of Intellectual Property rights.
What is the right answer to these controversial questions? Come listen to Microsoft and EFF experts on this new technology, and get informed and join the discussion!
Microsoft touts these benefits:
- Critical data is in the user's control
- Programs and computers can "prove" themselves to each other (even over networks) before engaging in communications and transactions, ensuring a safe environment before exposing critical data
- Important information can be stored so that only the program that created it can access it, protecting it from loss due to theft or viruses
- Personal information can be distributed so that it can only be used by entities the user authorizes, ensuring that data will remain safe during a remote transaction
- Data can be protected with a secure pathway from the keyboard through the computer to the monitor screen, preventing it from being secretly intercepted or spied on
EFF has these concerns:
EFF's position is that it may be helpful to add hardware features to the PC to improve security, but improving security should always be seen as a matter of enhancing the platform owner's knowledge of and control over the state of the platform. It should not be stretched to include enforcing policies against the platform owner or giving third parties information which helps them enforce policies against the platform owner. Current trusted computing design proposals have gone astray by including support for security models in which the platform owner is treated as an adversary; as a result, these features will be abused to the detriment of computer owners. This problem can be remedied easily by adding features to help platform owners override policies they disapprove.
About The Presenters:
First Speaker: Seth Schoen, Staff Technologist, Electronic Frontier Foundation
Seth Schoen is one of the lead developers of the LNX-BBC rescue system (formerly the Linuxcare Bootable Business Card). He worked as a Senior Linux Consultant at Linuxcare for two years; he has also been an intern at Toronto Dominion Bank and at the Lawrence Berkeley National Laboratory. His long-time interest in civil liberties led him to his current position as Staff Technologist at the Electronic Frontier Foundation, a non-profit organization based in San Francisco. He has been active in the Bay Area free software community since he moved to the Bay Area in 1997 from Massachusetts.
Seth has been studying trusted computing for over a year, conducting over a dozen meetings with Microsoft, Intel, AMD, and representatives of the former TCPA and current TCG promoters, as well as independent experts. Seth prepared EFF's position on trusted computing.
Based in San Francisco, EFF is a donor-supported membership organization working to protect our fundamental rights regardless of technology; to educate the press, policymakers and the general public about civil liberties issues related to technology; and to act as a defender of those liberties. Among our various activities, EFF opposes misguided legislation, initiates and defends court cases preserving individuals' rights, launches global public campaigns, introduces leading edge proposals and papers, hosts frequent educational events, engages the press regularly, and publishes a comprehensive archive of digital civil liberties information at one of the most linked-to websites in the world: www.eff.org
Second Speaker: Mike Wolfe, CISSP, MCSE, Microsoft Northern California
Mike Wolfe is a Certified Information Systems Security Professional (CISSP) and Windows 2000 MCSE providing local security consulting and assistance to Microsoft customers on security topics. Mike has 20+ years experience in the data processing profession, is an author of several books, and holds an MS in Management Information Systems and an MBA in Human Resources Management. He is an evangelist and advisor for Microsoft on improving customer security efforts. He can be reached at firstname.lastname@example.org.
Nokia Internet Communications
323 Fairchild Dr.
Mountain View, CA 94043
7:00-9:00pm presentation and discussion
$15 at the door for non-SDForum members
No charge for SDForum members
Free to Bay.NET Members for the month of October.
Please call 408.494.8378 for student memberships
No registration required