Intel To Work With Microsoft, Standards Groups On Security


Intel's hardware-based security technology, which the company unveiled this week at its fall developer forum, fits into a larger industrywide vision that includes work by standards groups and Microsoft, according to security experts.

The technology, code-named LaGrande, is essentially a security engine that will be built into future Intel CPUs and chipsets and aimed at protecting a system's data in ways software-based solutions currently can't offer, said Marc Varady, Intel marketing manager for platform security, in an interview with CRN.

The technology will isolate data by setting up virtual vaults in hardware that can't be penetrated by viruses or hackers, while also separating applications so contaminations can't be spread from one software program to another, Varady said. The technology will further protect systems by making sure data transferred between various I/O devices stays secure, he added.

Intel President and COO Paul Otellini first revealed Intel's security plans at his conference keynote Monday but declined to release specifics about the project. Security experts familiar with Intel's plans, however, said the technology will work with a number of initiatives already in the works.

Clain Anderson, program director for client security for IBM's Personal Systems Group, said LaGrande will work with future enhancements to Microsoft's operating systems and Palladium initiative that would make security and privacy features a standard component of the future Windows-based PC.

In its current version, LaGrande also will build on an existing security standard from Trusted Computing Platform Alliance, Anderson said.

The Public Key Infrastructure (PKI) will figure into the framework, Varady said.

The Trusted Computing Alliance, founded by IBM, Intel, Compaq and Hewlett-Packard and now includes participating from about 160 companies, uses a chip-based Trusted Platform Module (TPM) to validate users and protect data. Connected through the motherboard, the TPM uses the system's complete software configuration to create a unique digital signature. Each time the system is booted, the signature is validated. If changes in the system are detected a warning is sent out and secure data will be locked down.

Three chip vendors are currently manufacturing the modules, and IBM is shipping select notebook and PC models that incorporate the technology, Anderson said. But Intel is not manufacturing the module and is not offering it in its motherboard products, said Varady, who also works in the Trusted Computing Allaince.

LaGrande will utilize the TPM's ability to validate a system's configuration and then build on it, Varady said. He described LaGrande as the underlying engine that will drive the hardware-based security and help set up vaults, or virtual machines, where data will be secured.

"The operating system, in conjunction with LaGrande technology and the TPM are able to create a completely trusted platform in which applications do not converge and corrupt each other," he said. "The configuration of the platform is know at all levels and then able to determine the I/O, graphics and all interconnects from a platform perspective are trusted."

By setting up systems that can be trusted at this level, on the client, server and device level, a number of costs savings can be realized, he said.

Routers and other communications devices could be updated remotely once they are validated through the trusted system. The system would save the IT department from having to update such devices on site due to security concerns, he said.

Internet transactions become safe as well, he said, because users and providers become trusted partners on a network. The solution would focus on validating users rather than adding more encryption each time there is a security concern, he said.

"Then you have created this global computing network in which you can start looking at [eliminating all those layers of encryption," he said. "We can start peeling some of the junk off of the communications transaction and open up the bandwidth."

Intel has been working on LaGrande technology for about two years and is currently testing silicon, Varady said.

Otellini said the first version of LaGrande should be available in 2003.

Development of LaGrande has been taking place across a number of groups within Intel, and is expected to be deployed across mobile, desktop and server CPUs.