Trust, but Verify

The concept of trust is a strange one. Perhaps even more so in the world of computer systems—where we’re all used to binary, yes/no answers.  Trust is not so easy.  It is purely a judgment call.  Think about people that you know and trust, and why.  Whether we do it consciously or not, we’re evaluating the words and actions of these people to determine whether we can trust these people.  Once we do that, we interact with them in a manner that reflects our trust in them. When the stakes are very high (say letting someone watch your children or manage your money) we typically have very high standards regarding the level of trust we need to have in people to give them that responsibility.

But as recent financial scams involving previously well-respected individuals have shown us, it is hard to find evidence that lets us appropriately gauge trust—we need more data. This puts us in a position popularly attributed to former President Ronald Reagan: “Trust but verify “.  As such, we look for people we trust, but increasingly also look to further evaluate their credentials.

It is also very important to establish trust in our computing platforms—that we can have higher confidence that they will act in the manner that we expect them to:  processing and protecting our data safely and securely.  Given the well-chronicled growth and increase in sophistication of attacks on IT resources, this approach makes more sense than ever. From a security point of view, a basic objective is to establish the smallest possible amount of assumed trust and subject more elements to verification.  Net: assume few items are good and prove that more are good and use that proof to make the assessment of trustworthiness based on the role you want that system to play.  The challenge is: this is very hard to do today—just when it is most needed.

This sets the stage for one of the neat new features available with the Intel® Xeon® 5600 family processor systems: Intel® Trusted Execution Technology (Intel® TXT). Using capabilities in the processor, chipset, BIOS and a Trusted Platform Module (TPM), Intel TXT provides a mechanism for enabling a very small atomic level of “assumed trust” while allowing a robust basis for verification of platform components such as BIOS, option ROMs, etc up to a hypervisor or operating system. With Intel TXT, the assumed trust (root of trust) is pushed down into the processor itself—perhaps the best-protected component of any platform.  From this privileged and protected location, subsequent components in the boot and launch process can be measured and compared to values of “known good” components to enforce that desired code executes and unknown code can be blocked. The result of this progressive measurement is often referred to as a chain of trust.

Figure 1:  Intel TXT provides a hardware-based security foundation to build a chain of trust

TXT Chain of trust.png

Source: Adapted from materials by Cong Nguyen and Monty Wiseman

Note that Intel TXT does not “provide the trust”.  It provides the foundation for assuring that the information about the software that will fundamentally control the platform (the BIOS, hypervisor or operating system) that will be used to make trust decisions is authentic. As a result, one can have greater assurance of the trustworthiness of the platform.  In short, Intel TXT provides the basis of “trust but verify” that is essential to help ward off the growing number of threats to today’s IT infrastructure.

Note also that Intel TXT does not intrude on the entire software stack of the platform.  Intel TXT provides measurement services from platform reset through the launch of an enabled hypervisor.  It does not provide measurements of guest VMs, hosted operating systems or applications above the hypervisor. While there could be some value in this, it would probably add increased latency and complexity that are relative enemies of security (i.e. people would “turn it off” or avoid using it).  That being said, it is entirely possible that the chain of trust started with Intel TXT provides and enabling foundation with can be continued as a software-only process with the hypervisor performing subsequent measurements of its guests as an integrity verification method.  Such use models are indeed likely to evolve in time.

A number of system vendors will be delivering Intel TXT-enabled platforms over the course of 2010.  As system vendors complete the testing of the servers with final production components from Intel, many will be delivering support via BIOS updates that will allow customers to activate this powerful new capability in the field, and may begin shipping subsequent products from their factories with Intel TXT ready to go. Software vendors such as VMware, Parallels, HyTrust and RSA are also interested in having the ability to help verify the platform environment as it helps create a predictable, controllable platform that provides a more robust basis for security solutions in cloud and virtualized environments.

VMware has been active in past events such as IDF and the recent RSA show to demonstrate software solutions that enhance cloud security. In fact, Intel, VMware and RSA technologists have just teamed up to release a solution brief that outlines the key issues for cloud security and identified some key roles that Intel TXT can help provide.  Similarly, vendors such as Parallels and HyTrust are anticipating testing and certification of their software solutions when system vendors make their enabled platforms available.  There will be a number of other leading hypervisor and operating system solutions with Intel TXT support released through 2010 and into 2011.

With an enabled ecosystem of hardware and software providers, trust will be a lot easier to find.  With new Intel® Xeon® 5600 series processor-based systems and Intel TXT in place, an administrator can now know that his/her trust in the platform has been earned.

How important is trust to you?  Does wanting verification of the platform make one seem overly paranoid?  Or do growing security concerns have you thinking that more protection is better? What defines “too much” security for you?