Read Time:2 Minute, 48 Second

Intel today announced the rollout of the fourth generation of its Xeon family of server chipsets, detailing several new features under the company’s confidential computing umbrella of security features. Improvements to Intel’s trusted execution environment and a new technique for combatting jump- and return-oriented programming attacks were the most notable upgrades.

Xeon’s fourth generation introduces a number of new features across the board, including marked improvements to energy efficiency, AI processing, and edge workload handling, but the security side’s highlights are virtual machine (VM) isolation technology and control flow enforcement. The former technique provides hardware-level VM isolation, without the need for hypervisor oversight — instead of a single app living inside of a trusted environment, a whole VM can live there.

There are plenty of options for trusted execution environments in other areas of the stack, but Intel fellow Amy Santoni, the company’s chief Xeon security architect, said that not all of them offer the same capabilities or meet the same standards.

Intel aims to secure virtual environments

“It depends on your goals for a trusted environment,” she said. “If you look at the cloud today, you can have multiple tenants running on the same hardware with virtualization technology, but in just a regular cloud environment, the hypervisor still has access to all those VM’s data if you allow them to —there’s nothing at a hardware level to prevent a VM from accessing data.”

That isolation is provided via Intel’s Trust Domain Extensions framework, which already works with Azure, Google Cloud, Alibaba and IBM — no timeline was provided for AWS integration at the time of this writing.

Control flow enforcement is a feature that Intel has already implemented in its endpoint-focused Core line of processors, but is new to the Xeon family, aimed at stamping out a family of cyberattack techniques called return-oriented and jump-oriented programming. The idea with such attacks is to rearrange the order in which pieces of code are provided back to the application, for malicious purposes.

Copyright © 2023 IDG Communications, Inc.


Source link

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
Previous post Linux filels: creating, listing, updating, and more – The Knowledge Pal
Next post Welcome to the Golden Age of Lube