A Root of Trust
The best way to secure your platform is to enable a trusted
foundation that protects your virtualized server environment. The
trusted foundation starts with a root of trust at the platform level
and extends a chain of trust through measured firmware, BIOS, and
hypervisor virtualization—providing protection against a growing set
of attacks (rootkit attacks) on the hypervisor and below. A root of
trust hardens the platform against attack and is extremely difficult
to defeat or subvert. Essentially, you build protection into your
hardware to protect your software.
In addition, a root of trust helps ensure system integrity within
each system. Intel Trusted Execution Technology (Intel TXT) checks
hypervisor integrity at start-up by measuring the code of the
hypervisor and comparing it to a known good value. Launch can
be blocked if the measurements do not match. It also provides a
mechanism for the attestation of platform measurement credentials
to local and remote systems to complete the trust verification
process and support compliance and audit activities.
Intel TXT builds trust into each server at the most basic level—the
hardware. When multiple trusted servers are aggregated into trusted
pools, you can protect highly virtualized environments by:
Creating a policy that restricts the migration of VMs so that only
those on trusted platforms can be migrated to other trusted
platforms. Trusted pools should always be specified for your most
sensitive workloads.
Proving host software is good by using integrity-checking data
for audit purposes with Governance, Risk Management, and
Compliance (GRC) or security information and event manager
(SIEM) dashboards.
Responding and recovering better by detecting attacks more
quickly, containing the spread of malware, and reducing the need
to rebuild hypervisors if a compromise is detected.
Intel’s own private cloud architecture is a multitenant environment
on virtualized infrastructure as a service (IaaS) running on clusters of
Intel Xeon processor-based servers with Intel TXT.11 Management
of the clusters is automated and policy driven. The clusters enable
live migration of VMs with applications running in them to be moved
between servers with no downtime. One-time integrity checks
are performed at system or hypervisor start-up. Workloads can
be relocated to enable individual servers to be rebooted without
interruption to applications—generating frequent system integrity
checks as each server reboots and maintaining the trust level in the
server pool.
In this usage model, trusted pools built with hardware-based
security mechanisms can better protect against software-based
attacks and enable you to enforce strict policies that provide a
foundation of trust for your services and platforms.
11 Evolution of Integrity Checking with Intel® Trusted Execution Technology: An Intel IT Perspective. IT@Intel (2010).
intel.com/content/www/us/en/pc-security/intel-it-security-trusted-execution-technology-paper.html (PDF)