Intel Trusted Execution Technology Evolves Integrity
IT@Intel White Paper: Intel IT Business Solutions Information Security and Cloud Computing, August 2010
Evolution of Integrity Checking with Intel® Trusted Execution Technology: an Intel IT Perspective
Intel IT is transitioning to a private cloud-computing environment to improve efficiency and agility. This highly virtualized multi-tenant environment creates new security challenges, including those presented by emerging threats such as rootkit attacks. We carefully examine these security concerns and analyze technologies that can potentially address them. As part of this effort, we evaluated Intel® Trusted Execution Technology (Intel® TXT), a new security technology in Intel® processors. Intel TXT enables hardware-enforced integrity checks of hypervisors and other key system components at server startup. Our evaluation highlighted a potential use case that utilizes Intel TXT to conduct periodic hypervisor integrity checks across a server cluster, without interrupting business applications. This could let us detect attacks more quickly, contain the spread of malware, and reduce the need to rebuild hypervisors if a compromise is detected. We envision this use case as a key step in an evolution of integrity-checking capabilities built on Intel TXT. The evolution begins with one-time integrity checks at system startup, progresses to more frequent periodic integrity checks, and culminates in runtime integrity checks on individual virtual machines.
We analyzed the performance and power-management implications of this use case, as well as the ecosystem support required. Our analysis suggests that all servers in a large cluster could be checked within a few hours and that the use case has considerable potential synergy with virtualization power-management schemes. With appropriate ecosystem enabling for Intel TXT, we believe that this use case could significantly enhance security in our virtualized environment. Intel is working with suppliers to encourage this support. We are deploying Intel® Xeon® processor 5600 series-based servers, which include Intel TXT, as a core element of our private cloud infrastructure. Intel TXT is a foundation technology that can be applied to enhance security in multiple usage models; the use case described here is only one of these, and we expect to continue exploring other applications in the future.
Read the full Intel® Trusted Execution Technology Evolves Integrity: White Paper.