Intel promises full memory encryption as it presents its data-centric security strategy

Intel promises bigger investment in security following the Meltdown and Spectre security bugs

Intel has put full memory encryption on its security roadmap at the Intel Security Day event during RSA Conference 2020 in San Francisco, California this week.

Sharing the company's data-centric security strategy, Intel's Anil Rao and Scott Woodgate talked about the security capabilities that users can expect in Intel's upcoming products. Specifically, they focused on the present-and-future aspects of Intel's Software Guard Extensions (SGX) technology and also discussed Intel's plan to introduce full memory encryption to future CPUs.

Intel's launched SGX hardware encryption technology in 2015 with the Skylake microarchitecture. The purpose of SGX technology is to protect areas of memory from unauthorised users, including system administrators.

SGX works by enabling a process to create a hardware encrypted "enclave" within the memory. The data stored in this encrypted area can be decrypted only within the CPU and that too at the request of instructions running within the enclave itself. As a result, even a system admin can't read or edit the data stored in SGX-protected enclaves.

Intel plans to expand SGX to a "broader range of mainstream data-centric platforms" and to create larger protected enclaves in its future CPUs. This will help, Intel says, to further expand "the number of usages able to leverage these advanced application isolation capabilities".

"Protecting data in use is the new frontier," said Anil Rao, Intel's vice president of Data Centre Security and Systems Architecture.

"When we say protecting data, we mean protecting your data from other applications or tenants, from the service provider, or even malicious code with root privileges, so that even if your data is being processed in someone else's system, they cannot get access to it. This is where we see confidential computing coming in."

Intel is also promising to bring full memory encryption capabilities in its CPUs in efforts to provide users better protection against physical memory attacks. This technology enables providing hardware-based encryption that is transparent to software layers and the operating system.

"Hardware is the bedrock of any security solution," said Tom Garrison, Intel vice president and general manager of Client Security Strategy and Initiatives.

"Intel hardware, and the assurance and security technologies it brings, help harden the layers above from attack."

Intel also published a security report [pdf] on Wednesday, claiming that it doubled the investment spent on the security of its products in 2019, following the disclosure of the Spectre and Meltdown security bugs, followed by a series of other side-channel speculative execution attacks.

Last year, 236 Common Vulnerability and Exposures (CVEs) were found in Intel products, of which 144 (61 per cent) were uncovered by Intel's own security team, while the rest were found by external researchers. None of the bugs were used in attacks at the time of public disclosure, the company claimed.