Intel has put full memory encryption on its security roadmap at the Intel Security Day event during RSA Conference 2020 in San Francisco, California this week.
Sharing the company's data-centric security strategy, Intel's Anil Rao and Scott Woodgate talked about the security capabilities that users can expect in Intel's upcoming products. Specifically, they focused on the present-and-future aspects of Intel's Software Guard Extensions (SGX) technology and also discussed Intel's plan to introduce full memory encryption to future CPUs.
Intel's launched SGX hardware encryption technology in 2015 with the Skylake microarchitecture. The purpose of SGX technology is to protect areas of memory from unauthorised users, including system administrators.
Intel Security Day gathered customers, partners, and guests for a packed day of the latest on security technologies. Thank you to everyone that joined us. pic.twitter.com/UCjs7dUTMu— Intel Security (@IntelSecurity) February 26, 2020
SGX works by enabling a process to create a hardware encrypted "enclave" within the memory. The data stored in this encrypted area can be decrypted only within the CPU and that too at the request of instructions running within the enclave itself. As a result, even a system admin can't read or edit the data stored in SGX-protected enclaves.
Intel plans to expand SGX to a "broader range of mainstream data-centric platforms" and to create larger protected enclaves in its future CPUs. This will help, Intel says, to further expand "the number of usages able to leverage these advanced application isolation capabilities".
"Protecting data in use is the new frontier," said Anil Rao, Intel's vice president of Data Centre Security and Systems Architecture.
"When we say protecting data, we mean protecting your data from other applications or tenants, from the service provider, or even malicious code with root privileges, so that even if your data is being processed in someone else's system, they cannot get access to it. This is where we see confidential computing coming in."
Intel is also promising to bring full memory encryption capabilities in its CPUs in efforts to provide users better protection against physical memory attacks. This technology enables providing hardware-based encryption that is transparent to software layers and the operating system.
"Hardware is the bedrock of any security solution," said Tom Garrison, Intel vice president and general manager of Client Security Strategy and Initiatives.
"Intel hardware, and the assurance and security technologies it brings, help harden the layers above from attack."
Intel also published a security report [pdf] on Wednesday, claiming that it doubled the investment spent on the security of its products in 2019, following the disclosure of the Spectre and Meltdown security bugs, followed by a series of other side-channel speculative execution attacks.
Last year, 236 Common Vulnerability and Exposures (CVEs) were found in Intel products, of which 144 (61 per cent) were uncovered by Intel's own security team, while the rest were found by external researchers. None of the bugs were used in attacks at the time of public disclosure, the company claimed.
The feature prevents threat actors from modifying security settings on Windows 10 device
When quantum computers arrive the Web as we know it will break. We talk to scientists cryptographers and entrepreneurs working to ensure this does not happen.
DNS over HTTPS encrypts DNS traffic - hiding users' web surfing from ISPs
Google's quantum supremacy is real. Now we urgently need quantum-safe encryption, says UKNQT's Sir Peter Knight
'There's a lot at stake in rewiring the world in terms of encryption and we all depend on getting it right'
Avast and French police disinfect 850,000 PCs with Retadup malware after seizing command-and-control servers
Design error in Retadup's command-and-control server enabled security specialists to remotely remove the malware