Securing the Cloud Computing Stack
The security of Cloud Computing is vital to end customers as they consider placing their data on public infrastructure. They need to be assured of a trusted environment, even as they share hardware with other organizations, cede administrative control to the cloud operator, and comingle data and applications of multiple security levels.
Current work by Intel within the Xen* and KVM* projects is helping to advance that goal through a mixture of hardware and Open Source software technologies.
Intel provides Trusted Boot (tboot), an Open Source module that enables Intel® Trusted Execution Technology (Intel® TXT) to perform verified launch of the OS kernel or virtual machine monitor (VMM). That verification uses a cryptographic hash to help ensure that neither the kernel nor the VMM has been tampered with, creating a hardware-rooted trusted execution environment for the end customer’s applications.
Intel® Trusted Execution Technology Platform Trust Properties Used for Workload Management
Source: Intel
Ongoing Intel contributions to Xen and KVM are helping to provide robust support for this capability. In addition to work within the communities themselves, Intel has also begun to engage with ecosystem members that build OSs and VMMs based on that Open Source code, helping to make tboot generally available to end customers as quickly and broadly as possible.
This enablement work also includes resources and tools for policy creation and provisioning, as well as independent adoption of the technology by other Open Source projects and other critical commercially supported endeavors:
 Intel TXT Launch Control Policy and tboot Verified Launch Policy, part of tboot, enable administrators to decide
what action to take if pre-boot authentication fails.
Measured Launch Environment (MLE) Writer’s Guide documents the requirements for creating a custom MLE
using tboot, allowing third parties to create one independently of Intel’s implementation.
 Download Trusted Boot source
|
