Intel Announces New Security Capabilities Based on Hardware

Intel

RSA CoNFERENCE 2020— San Francisco — At today’s RSA Conference 2020 in San Francisco, Intel announced four new security capabilities and provided additional information on its previously announced Compute Lifecycle Supply Chain Transparency initiative.

Intel hardware is the cornerstone of many computing capabilities in the world. Hardware also, said Tom Garrison, VP and GM of the Intel customer security strategy and initiatives, “is the foundation of any safety solution. Just as a physical structure calls for a foundation on the rock to withstand the forces of nature, hardware-based security solutions provide the best way of providing security assurance against present and future threats.” These include application isolation, VM and container isolation, full memory encryption and firmware resilience in the Intel platform.

Isolation of application helps to protect the data used with a narrow attack surface. This extends existing Intel Software Guard Extensions (SGX) into a broader range of mainstream data-centered platforms and provides larger protected enclaves that increase the number of technology-based uses.

VM and container isolations insulate virtual environments without requiring any changes to the application code from each other and from the Hypervisor and the cloud provider. The NSA noted notablely in January 2020, “With the critical role these technologies play in securing cloud architectures and isolating customers workloads, vulnerabilities in cloud hypervisors (i.e. software / hardware for virtualization) or container platforms are particularly serious.”

Full memory encryption provides hardware-based, operator and software-layer transparent encryption. It aims to protect against physical memory attacks more effectively.

Firmware resilience of the Intel platform is a field-programmable gate array solution (FPGA) that helps protect firmware by monitoring and filtering malicious transmission on system buses. It checks the integrity of platform firmware images and can recover corrupted firmware in a known good condition.

Intel also announced its progress in December 2019 in the Compute Lifecycle Assurance Initiative. This initiative aims to ensure transparency and the complete supply chain and life cycle of hardware (construction, transfer, operation and retirement), starting from the Transparent Supply Chain (TSC) tools of Intel.

The basic process is to add a root of the trust and trust chain-using the standard Trusted Platform Group (TCG) Module 2.0 (TPM)-that can be monitored and used by the customer from manufacture to different build stages. “This enables customers to trace and be accountable for component reporting platforms,” says Intel.

“This trust chain provides essential traceability based on the TPM,” said Thorsten Stremlau, Chairman of the TCG marketing group. “Linking traceability to platforms and systèmes in component levels increases confidence and reduces risk of counterfeit electronic components, while making standards easier. This will be the right direction for industry.”

Intel vPro platform-based PCs, Intel NUC, Intel Xeon SP systems, Intel Solid State Drives, and certain Intel Core co-drives already have TSC for Intel’s customers. Intel also provides TSC to ecosystem partners under the Compute Lifecycle Assurance Initiative. To date, Intel TSC tools have been enabled by Hyve Solutions, Inspur, Lenovo (Client and Server), Mitac, Quanta, Supermicro and ZT Systems. Intel also has active Intel TSC deployments with IT company and cloud service providers.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.