It’s been a long and sometimes arduous road but after decades as a software and device-specific phenomenon, security built in at the level of microprocessors is finally starting to look like a viable layer of defence.
Intel has been hard at this development since 2007 while ARM has its own take that it may license to AMD.
Intel set the process in chain with its Core 2 with vPro processors and its Safer Computing Initiative. Although aimed at businesses and device offering a broader set of management capabilities, this offered features such as trusted execution technology (TXT), a complex ‘root of trust’ design designed to check loading software components against a known good state to spot the interference of malware.
The complexity of this is so great it is probably only practical as a processor-level process; every loading component must be given a cryptographic identifier. On a related level, the company backed this up with the AES-NI, a processor instruction included in Xeon-based systems dedicated to running encrypted operations.
Finally Intel’s Identity Protection Technology (IPT) promised another useful layer running under the operating system, featuring embedded public keys, one-time passwords, and basic transaction verification.
The possible flaw of some of this approach is less the issue of whether it works but its designation as primarily for businesses. Arguably, today’s computing environment draws no distinction between business and consumer systems as far as security is concerned – both domains now mix freely and need the same protection.
Encouragingly, more recent developments rectified this, with consumer-oriented releases such as Intel’s Anti-Theft Technology (Intel AT) making a welcome appearance in Ultrabook and second and third-generation Core laptops. Enabled in conjunction with software support from companies such as McAfee (part of Intel’s stable from August 2010), allowing owners to have their lost or stolen laptops remotely locked into a ‘recovery mode.’ If physically recovered, the system then runs a full restore routine.
Today’s remote recovery services can be pricey; McAfee’s recently-announced implementation of Anti-Theft was hearteningly affordable, which augurs well.
ARM meanwhile plans to make its ARM TrustZone security technology, integrated into the ARM Cortex-A processor series, the basis for the development of a Trusted Execution Environment (TEE), a secure environment for software execution that will utilise advanced hardware security coupled with industry standard software interfaces.
So it is likely that in the not too distant future, microprocessor-level security will stop being an exception and become the norm, not just for specific systems but across all types of device including tablets. This can only be done by companies such as Intel over one or more development cycles. At that point developers will have a strong impetus to develop for it.
But beyond adding some useful features does chip-level security offer a long-term security potential? Can processor-level features stop malware?
A criticism levelled at this approach is that features baked in silicon will not provide enough flexibility to accommodate new threats nor be easily updatable. But if processor-level security becomes universal and therefore attracts enough developers, it offers some intriguing possibilities. PCs have often been astonishingly unprotected at the lowest system level and largely remain so, allowing boot-sector interference by threats such as rootkits; processor-level routines could make that an impractical direction of attack for malware writers quite quickly.
Processor-level security is no panacea but it might be a useful shield if enough security companies find ways to hook into it for all user.