Step 5: Secure Your Platform
Rootkit attacks are increasing. They are difficult to detect with traditional antivirus products and use various methods to remain undetected. Rootkit attacks infect system components such as hypervisors and operating systems, and the malware can operate in the background and spread throughout a cloud environment, causing increasing damage over time. The best way to secure your platform is to enable a trusted foundation—starting with a root of trust at the platform level and extending the chain of trust through measured firmware, BIOS, and hypervisor virtualization layers. A root of trust hardens the platform against attack and is extremely difficult to defeat or subvert and substantially reduces the security risks of using a remote or virtualized infrastructure. It enables a more secure platform for adding tenants and workloads. Essentially you build protection into your hardware to protect your software. A root of trust helps ensure system integrity within each system. Integrity checking is considered a key capability for software, platform, and infrastructure security.8 Intel Trusted Execution Technology (Intel TXT) checks hypervisor integrity at start-up by measuring the code of the hypervisor and comparing it to a known good value. Launch is blocked if the measurements do not match. The root of trust enables a trusted foundation within your cloud environment so you can: Specify trusted server pools. You can make decisions about how much to expose your data and workload based on whether a trusted pool is established. The most sensitive workloads should always use a trusted pool. Prove host software is good. Although the chain of trust is a hardware-based mechanism, you can use the integrity-checking data with Governance, Risk Management, and Compliance (GRC) or security information and event manager (SIEM) dashboards for audit purposes. Respond quickly to attack and minimize damage. Detect attacks more quickly, contain the spread of malware, and reduce the need to rebuild hypervisors if a compromise is detected.
About Intel® TXT
Intel® Trusted Execution Technology (Intel TXT) protects against malware, key stealth attacks, and other threats by: Establishing a root of trust Providing a launch environment signature to enable trusted software launch and execution Providing the trust foundation so that policy engines can restrict or allow virtual machine (VM) and data migration based on platform security profiles Providing the trust foundation to enable environment monitoring for auditing function tied to a root of trust Enabling an IT manager to verify that the specific physical machine in the cloud is running the expected operating system or hypervisor
8 Evolution of Integrity Checking with Intel® Trusted Execution Technology: An Intel Perspective. IT@Intel (2010). intel.com/content/www/us/en/pc-security/intel-it-securitytrusted-execution-technology-paper.html
15 Intel IT Center Planning Guide | Cloud Security