The idea of relying on the server or desktop central processing unit (CPU) as the key part of a security scheme is getting more attention as a number of start-ups are using the technology to protect virtual systems.
Take start-up PrivateCore, for example, co-founded by Oded Horovitz, its CEO, along with Steve Weis, CTO, and Carl Waldspurger as adviser. The start-up has come up with what it calls its vCage software that relies on the Intel Xeon Sandy Bridge CPU as the trusted component to encrypt data in use.
"Their CPU is loaded with security," says Horovitz about the Intel Sandy Bridge processor. PrivateCore has created its vCage software for secure processing through means of Intel Sandy Bridge-based servers in cloud environments, first off in infrastructure-as-a-service (IaaS).
Horovitz was formerly a lead security engineer at VMware as was Waldspurger, who joined with Weis, formerly on Google's security team focusing on crypto, to found the Palo Alto, Calif.-based firm in 2011. PrivateCore's main argument is that the latest CPU technologies should be the foundation for data processing of encrypted data.
The challenge in processing encrypted data is "the problem with having to decrypt to do processing," points out Horovitz. The vCage approach, based on the Intel CPU Sandy Bridge, makes use of the Intel Trusted Execution Technologies and Advanced Encryption Standard algorithm to perform the processing in RAM. This can be done with Intel Sandy Bridge because there's now about 20MB of cache available, enough to get the job done, says Horovitz. The data in question is only unencrypted in the CPU.
PrivateCore's vCage approach is being tested now by infrastructure-as-a-service providers, and some enterprises in virtualized data centers, according to PrivateCore's co-founders. PrivateCore has developed a key-management system for vCage but is also eyeing integration with existing key-management systems. PrivateCore has received $2.4 million in venture-capital backing from Foundation Capital.
Another start-up, Bromium, also makes a strong argument about the value of the CPU for security.
Bromium has a desktop anti-malware protection approach based on a specialized security-oriented hypervisor that relies on machine CPU as the bedrock for isolating malware and attack code. Called vSentry, it lets malware and attack code be simply tossed when the Web browser is closed. Simon Crosby, CTO at Bromium, strongly believes that the use of hardware-based CPU is where the future of security is headed. Crosby adds: "It's hard to break the CPU."
The company now counts the New York Stock Exchange, BlackRock and ADP as technology adopters. Bromium has gotten $35.5 million in venture-capital funding from a number of investment firms, including Andreessen Horowitz. Not surprisingly, Intel Capital is among them, too.
Sign up for CIO Asia eNewsletters.