New work group aims to shore up data centre security

The Trusted Computing Group has formed a new work group designed to help fight malicious attacks against data centres worldwide.

The new Data Centre Work Group will examine existing attack patterns targeting data centres and devise ways to avoid or mitigate the threats.

Examples of attacks include feeding compromised boot code to the CPU, impersonations of the CPU to the Trusted Platform Module (TPM) and the redirection of legitimate measurements to an attacker-controlled TPM.

When attackers are able to successfully position themselves between the CPU and the TPM within a data centre, they can cause significant damage. For example, inserting their own boot code allows attackers to snoop, suppress and modify vital signals and measurements.

The new work group will also explore ways to protect data centres against attackers looking to clear platform configuration registers (PCRs) in the legitimate TPM by falsely asserting that the CPU has reset.

Data Centre Work Group Co-Chair and Microsoft Research Principal Software Development Engineer Dennis Mattoon said the new group is expected to play a key role in shoring up the integrity of data centres.

“With the formation of this work group, a TPM will be empowered to protect the resources and communication of a CPU to which it is bound with precise, given measurements,” he said.

“The TPM will also be able to prove the measurements and the correct CPU instance of a given object to a verifier. We look forward to developing our plans to continue establishing trusted computing within data centres.”

Mattoon is co-chairing the work group with Jeff Andersen, a staff software engineer at Google and TCG member.

Image credit: iStock.com/XH4D