Firmware Integrity in the Cloud Data Center
Blog Article Published: 06/12/2018
By John Yeoh, Research Director/Americas, Cloud Security Alliance As valued members, we wanted you to be among the first to hear about the newest report out from CSA—Firmware Integrity in the Cloud Data Center, in which key cloud providers and datacenter development stakeholders share their thoughts on building cloud infrastructure using secure servers that enable customers to trust the cloud providers' infrastructure at the hardware/firmware level. Authored by the Cloud Security Industry Summit (CSIS) Technical Working Group, the position paper is aimed at hardware and firmware manufacturers, and identifies gaps in the industry, which make it difficult to meet the recently published NIST 800-193 requirements with ‘standard’ general-purpose servers and offers ways in which to build servers designed to meet the NIST requirements (including calling out missing technology when applicable) and enable cloud providers to increase trust in commodity hardware. The paper also suggests additional requirements that could further strengthen the level of security of servers. Among the gaps that CSIS singles out for immediate attention by hardware manufacturers are:
- First-instruction integrity – The ability to ensure integrity of the first instruction (the first code or data loaded from mutable non-volatile media) in a way that is verifiable by the cloud provider and not just by the manufacturer.
- Chain-of-Trust for peripherals – The ability to leverage the host root of trust and other roots of trust to create a chain of trust to peripherals (e.g. for PCIe devices or other symbiont devices).
- Automatable Recovery – The ability to perform automated recovery back to a known boot-time state upon detection of corrupted firmware (after initial boot).
Share this content on your favorite social network today!