Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Intel Announces New Hardware-based Security Capabilities

Compute Lifecycle Assurance

Compute Lifecycle Assurance

Intel Announces New Security Capabilities and Provides Update on Supply Chain Transparency Initiative

RSA CONFERENCE 2020 – San Francisco – Intel announced four new security capabilities and provided further information on its previously-announced Compute Lifecycle Assurance supply chain transparency initiative today at RSA Conference 2020 in San Francisco.

Intel hardware is the bedrock of much of the world’s computing capability. Hardware is also, says Tom Garrison, VP and GM of client security strategy and initiatives at Intel, “the bedrock of any security solution. Just as a physical structure requires a foundation established on bedrock to withstand the forces of nature, security solutions rooted in hardware will provide the greatest opportunity to provide security assurance against current and future threats.” 

Intel believes that the next ten years will see more architecture advancements than the last 50 years — starting, perhaps, with Intel’s four new capabilities. These are application isolation, VM and container isolation, full memory encryption, and Intel platform firmware resilience.

Application isolation helps protect data in use with a narrow attack surface. This will expand the existing Intel Software Guard Extensions (SGX) to a broader range of mainstream data-centric platforms, and will provide larger protected enclaves increasing the number of usages leveraging the technology.

VM and container isolation will isolate virtual environments from each other, and from the Hypervisor and cloud provider without requiring application code modifications. Noticeably, the NSA warned in January 2020, “Vulnerabilities in cloud hypervisors (i.e., the software/hardware that enables virtualization) or container platforms are especially severe due to the critical role these technologies play in securing cloud architectures and isolating customer workloads.”

Full memory encryption provides hardware-based encryption that is transparent to the operating system and software layers. Its purpose is to better protect against physical memory attacks.

Intel platform firmware resilience is a field-programmable gate array (FPGA) -based solution that helps protect firmware by monitoring and filtering malicious traffic on the system buses. It verifies the integrity of platform firmware images, and can recover corrupted firmware back to a known good state.

Intel also announced progress on the Compute Lifecycle Assurance Initiative it introduced in December 2019. This initiative is designed to provide transparency and assurance to the complete hardware supply chain and lifecycle (build, transfer, operate and retire), starting with Intel’s own Transparent Supply Chain (TSC) tools.

The basic process is to add a root of trust and chain of trust — using the Trusted Computing Group’s (TCG) Trusted Platform Module 2.0 (TPM) standard — that can be monitored and followed from manufacture through the various different build stages to delivery and use by the customer. “This allows customers to gain traceability and accountability for platforms with component-level reporting,” says Intel.

“This chain of trust process provides essential traceability based on the TPM,” says Thorsten Stremlau, chair of TCG’s marketing work group. “Bringing component-level traceability to platforms and systems increases confidence and reduces the risk of counterfeit electronic parts while also facilitating procurement standards. This is the right direction for the industry.”

TSC is already available for Intel customers across Intel vPro platform-based PCs, Intel NUC, Intel Xeon SP systems, Intel Solid State Drives and certain Intel Core commercial PCs. Under the Compute Lifecycle Assurance Initiative, Intel also provides TSC to ecosystem partners. So far, Hyve Solutions, Inspur, Lenovo (client and server), Mitac, Quanta, Supermicro and ZT Systems have enabled Intel TSC tools. Intel also has active deployments of Intel TSC with enterprise IT and cloud service providers.

Related: Huawei and Supply Chain Security – The Great Geopolitical Debate 

Related: Firm Analyzes China, Russia-based Supply Chain Risks of eVoting Machines 

Related: Google Announces Open Source Silicon Root-of-Trust Project 

Related: Intel SGX Card Extends Memory Protections to Existing Cloud Servers 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Funding/M&A

Identity and access governance vendor Saviynt has closed a $205 million financing round.

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture

ICS/OT

Security orchestration, automation and response (SOAR) provider Swimlane on Monday announced the launch of a security automation solution ecosystem for operational technology (OT) environments.

Incident Response

Created and maintained by MITRE, MITRE D3FEND is a framework that provides a library of defensive cybersecurity countermeasures and technical components to help organizations...

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.