Cloud, edge computing need hardware-based security, NIST report says
The National Institute of Standards and Technology (NIST) published a new blueprint for hardware-based security techniques and technologies to reinforce server platform security and data protection for cloud data centers and edge computing.
The report, titled, ‘Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases,’ observes a cloud data center and edge computing environment where attack surfaces have increased, hacking has become industrialized with sophisticated and adapting techniques, and no standard for security control implementations exist. With vulnerabilities exposed, NIST says the physical platform should be the first layer of defense on the edge and cloud, and lays out suggestions to minimize security threats.
It first identifies the threats to data centers like the LoJax virus that can result in enormous security breaches that may require server-by-server rebuilds or replacements. With cloud computing facing risk from a loss of customer visibility and control over the platforms that host virtualized workloads and data, third-party infrastructure administrators, and a tangle of regulations and legal compliance from their global reach, the NIST argues that the firmware or software vulnerabilities can be addressed with hardware-enabled security techniques. This leads to platform trust, the assurance in the integrity of the underlying platform configuration, including hardware, firmware, and software, the NIST writes.
To bolster platform integrity, the NIST suggests a hardware security module like a trusted platform module (TPM) to generate cryptographic keys and protect small amounts of sensitive information, such as passwords, cryptographic keys, and cryptographic hash measurements. There is also a chain of trust, a method for maintaining valid trust boundaries by applying a principle of transitive trust, such as the Intel Boot Guard or Cisco Platform Roots of Trust.
For supply chain protection to protect the integrity of software and hardware, it names software like the Intel Transparent Supply Chain.
In cases of Return Oriented Programming (ROP) and Call/Jump Oriented Programming (COP/JOP) Attacks, translation attacks, memory safety violations, and side-channel attacks, there is a litany of solutions recommended as well.
For data protection and confidential computing and remote attestation services, various industry solutions are also provided.
The NIST says it is not an exhaustive document and is intended to be a “living document” that will be continuously updated with the evolution of technology. Experts from AMD, Arm, Cisco, IBM, and Intel were among those contributing to the report.
In 2020, NIST started two projects focused on data security and confidentiality best practices.
Elemeno AI’s ML-OPs platform available to help enterprises use edge data
Article Topics
AMD | ARM | Cisco | confidential computing | container | hardware-enabled security | IBM | Intel | NIST | secure enclave | TPM | trusted platform module | virtualization
Comments