- Home ›
- Technology and Research ›
- Intel Technology Journal ›
- Intel® vPro™ Technology
Intel® vPro™ Technology
Advanced Security Features of Intel® vPro™ Technology
Omer Levy, Business Client Group, Intel Corporation
Arvind Kumar, Business Client Group, Intel Corporation
Purushottam Goel, Business Client Group, Intel Corporation
Keywords: Intel® vPro™ technology, security, authentication, audit log, random numbers, authorization, TLS, blob service, measurement, monotonic
Citations for this paper: Levy, O.; Kumar, A.; Goel, P. "Advanced Security Features of Intel® vPro™ Technology." Intel Technology Journal. http://www.intel.com/technology/itj/2008/v12i4
/10-paper/1-abstract.htm (December 2008).
Abstract
Intel® vPro™ technology creates a powerful platform in which security and manageability go hand in hand. Since manageability is a crucial aspect of an enterprise’s network, it is extremely important to secure the manageability infrastructure against attacks from outside and inside the network. In this article, we delve into some of the most interesting security features that make Intel vPro technology a far more secure (and thereby differentiated) offering than any other security technology on today’s market.
First we start with an overview of some of the basic security features of Intel vPro technology. Then, for most of the remainder of this article, we delve into some of the advanced and more complex security aspects of Intel vPro technology that truly put this technology above its competitors when it comes to providing security. We start with a detailed discussion of a few of the foundational security aspects of Intel vPro technology, provided by hardware mechanisms, such as true random numbers and monotonic counters. We then discuss the details of a secure storage service, which is an immensely useful firmware mechanism that allows storage of secrets on the nonvolatile flash memory, such that they cannot be read or tampered with, even if the flash part is physically attacked. Next we discuss the mechanism of firmware measurement. In this mechanism, the firmware provides a measurement of the code running on the internal processor. Finally, we discuss audit logging. This mechanism helps to mitigate the “rogue insider” problem. We show how the audit log, enabled with Intel vPro technology, is designed to prevent such an insider from abusing the power of this technology, and then covering his or her tracks.
In this article
