Page 13 - EE|Times Europe Magazine - December 2020
P. 13
EE|Times EUROPE — The Memory Market 13
Memory Only a Piece of the Security Puzzle
trusted execution environment (TEE) Intel also enables TEEs for cloud providers
such as Microsoft Azure through its Intel
x App App x Software Guard Extensions.
Confidential computing requires shared
responsibility for security. Simon Johnson,
Cloud senior principal engineer for Intel’s Product
tenant Operating system Assurance and Security Architecture, said that
and humans remain the weakest link.
data Virtual machine manager Intel supports developers in executing code
provider to secure data, Johnson said. Meanwhile, the
confidential computing movement stems
®
Hardware Intel from enterprise requirements to process data
SGX
without regard to origin, including sensitive
health-care information, financial records,
Intel SGX enables the creation of a trusted execution environment, a secure area of a main and intellectual property.
processor that guarantees that the code and data loaded inside are protected with respect Johnson said that the platform provider
to confidentiality and integrity. (Source: Intel) shouldn’t be able to see data. “You want to
keep as many people out of your things as
possible.”
bandwidth requirements in cloud and edge Computing Group’s Opal spec can reach the Intel SGX includes hardware-based memory
computing. Meanwhile, Infineon Technolo- BIOS level for pre-boot authentication, con- encryption that isolates specific application
gies has expanded its Cypress Semiconductor figurations and centralized management are code and data in memory. It allows user-level
Semper NOR flash memory to reflect the critical to guard against hacks, Phillips said. code to allocate private memory “enclaves,”
inevitability of every system being connected “Even a decent-sized company doesn’t designed to be isolated from processes run-
— with hackers tampering with the contents enable a lot of holistic, sophisticated secu- ning at higher privilege levels. The result is
of a flash device. rity,” he added. more granular control and protection to pre-
That tampering could affect any number As 5G ramps up, efforts are under way to vent attacks such as cold-boot attacks against
of different computing platforms, including enable data path protection across to the data memory in RAM.
an autonomous vehicle, which is essentially center and between, but challenges remain to The Intel framework is also designed to
a server on wheels. Add to that industrial, realize the benefits of hardware-based security. help protect against software-based attacks
medical, and IoT scenarios enhanced by 5G even if the operating system, drivers, BIOS, or
networking. Security not only needs to be INTEGRATION REQUIREMENTS virtual machine manager is compromised.
integrated but also must be managed over In industrial markets, consolidation requires Confidential computing would enable work-
the lifetime of many devices, some of which integration of different systems. Meanwhile, loads such as analytics on large datasets not
may last a decade with embedded memory. hyperscalers such as Amazon Web Services owned by the user. It also enables the execu-
Memory-heavy applications remain the most and Microsoft Azure are promoting data secu- tion of encryption keys closer to the workload,
appealing to hackers. rity, said Phillips. Still, those defenses must be improving latency. “Today, we really only have
Encryption key management remains criti- implemented all the way to the end user. software to provide protections,” Johnson
cal for securing systems, said analyst Thomas Despite a growing list of standards and said. “We don’t have hardware protections on
Coughlin. Baking security into embedded requirements, compatibility issues remain those sorts of environments.”
systems is increasingly important as nonvol- for security methodologies. Vendors are still Confidential computing would protect
atile memory technology proliferates. That’s trying to position themselves as leaders in either the processing of data or the code,
because data persists even when a device is secure products and services, said Phillips. through hardware and the software ecosystem,
powered down. “Hackers are always one step ahead,” he represented by the Confidential Computing
The challenge isn’t so much adding security said. “They know where all those little loop- Consortium’s mandate, said Johnson.
features, Coughlin said. Data on an SSD can holes are. Those are the things they check for. Ease of use nearly always boosts security,
be encrypted, for example. “The big issue is It takes a centralized, super-meticulous IT noted Virtium’s Phillips. Pushbutton memory
whether it’s easy for the user to use these person or department to go through and close encryption is the goal, “whereas full security
features, because usually, the weakest link is all those loopholes.” will come from additional functions on top of
the human link.” The idea of embedding security into a that,” he added.
The smartphone serves as an authenti- memory device rather than bolting it on is not The idea is not just to encrypt the memory
cation agent, with biometrics replacing the unlike software approaches. “DevSecOps” is but to guarantee full data isolation to ensure
traditional password. That scenario leaves about making security and privacy integral to a secure environment, he said. “Confidential
open the possibility that unencrypted data the application development process. computing is a wider story than just encrypt-
can be exposed accidentally. Coughlin said An emerging framework dubbed “confidential ing the memory.”
that the danger lies in implementation flaws computing” is designed to protect data in use by It’s also about accommodating a heteroge-
or complexity. “Making security easy is the isolating computations within a hardware-based neous world. “When data is in use, you’ve got
key, and that goes beyond encrypting data and trusted execution environment (TEE). Data is to provide a layer of access control and be able
putting it into the hardware.” encrypted in memory and elsewhere outside the to demonstrate that you’re using the software,
Encrypting SSDs goes only so far, said CPU while it is being processed. and that data is in a certain area. It builds all
Scott Phillips, vice president of marketing for Confidential computing is being promoted these things up a ladder.” ■
Virtium, an SSD and memory vendor. A multi- by both software and hardware vendors,
layered, managed approach is needed. While including Google, which recently announced Gary Hilson is a contributing editor for
storage specifications such as the Trusted capabilities to apply it to container workloads. AspenCore.
www.eetimes.eu | DECEMBER 2020
