Sponsored One of the greatest barriers to broader cloud adoption is security.
However much the big cloud providers insist that their global networks of bit barns are more secure and tightly operated than those of their enterprise customers, it is those same customers who are ultimately liable for protecting the data under their control. For highly regulated industries like healthcare or financial services, the penalties for a data breach make it simply too risky to process sensitive data anywhere else outside their own systems . This means that they are missing out on the advantages of cloud services, such as greater operational flexibility and the potential to save on some of the capital expenditure costs of on-premise IT systems. Public cloud in particular presents a number of challenges for keeping data secure, largely because an organisation is effectively choosing to run workloads on infrastructure that it does not own or control . While an organisation can take steps to lock down its own systems and deploy tools to detect or prevent intrusion, there are limits on what a customer can do to the cloud provider s infrastructure.
Encryption of sensitive data is now routine both in the cloud and on-premise, but this largely protects data only when it is at rest, stored on disk . In order to be processed, it still has to be in the clear while in memory so that any required operation can be performed on it, whereupon it is vulnerable to being accessed by an attacker that may have compromised the system. In any case, industry experts have long realised that software only solutions simply will not cut the mustard, since they can ultimately be compromised or bypassed in some way . Instead, security needs to be rooted in hardware capabilities that cannot be altered or disabled by malicious code.
There have already been attempts at building security into silicon . Intel platforms have had Trusted Execution Technology (TXT) for some time, while chips based on the ARM architecture have had its TrustZone technology for over a decade . Oracle also added Silicon Secured Memory (SSM) into it SPARC processors when the M7 was introduced. The main purpose of Intel TXT was and is to ensure a secure startup, verifying that low-level code such as an operating system kernel or hypervisor has not been compromised . But this is not a complete solution as it does not prevent malware or an attacker from compromising the system once it is up and running.
Oracle s SSM is part of the software-in-silicon capabilities built into newer SPARC chips, and is designed to guard access to blocks of memory by associating them with a version number . Code accessing the memory block must present the same version number, offering some protection against buffer overruns . But this might not prove much protection against a determined attacker that may have compromised the system, as explained by The Register1 at the time. What is required is some mechanism that can prevent access to data while it is being processed, even if an attacker has managed to penetrate the system . This is no trivial task, since a compromise of the software stack at the operating system or hypervisor level would enable an attacker to simply pluck data out of an application s memory space.
Perhaps the most ambitious move to address this problem is Intel s Software Guard Extensions (SGX), one of the new capabilities introduced to the Xeon server platform with the latest chips based on the Skylake architecture. SGX is designed to allow the creation of isolated and protected memory blocks within the server s memory space, inside which code can be placed in order to safely process sensitive data . These memory blocks are known as Trusted Execution Environments (TEEs) or alternatively as enclaves. To enable this, SGX provides a new privileged execution mode and several new instructions .
These are used at runtime to create an enclave and deploy the trusted code into it, before locking it down . Once created, the enclave memory region cannot be accessed by any other code, and functions inside the enclave can only be accessed via carefully controlled entry points. In principle, SGX is somewhat similar to ARM s TrustZone, but the latter simply divides the entire system into secure and non-secure environments, with hardware enforced separation between the two . SGX, in contrast, enables multiple applications to each have their own enclave for any portion of their code that deals with sensitive data . The upshot of this is that applications running on an SGX-enabled system are split into trusted and untrusted code, with the trusted code deployed in the enclave kept as small as possible in order to reduce the possibility of security vulnerabilities being introduced.
But the chief difference in how SGX differs from previous silicon-based security schemes is that the processor itself is the only hardware component that needs to be trusted . It does not require a Trusted Platform Module (TPM) as the root of trust or for attestation of code, for example, as TXT does. Theoretically, this should mean that SGX enclaves should be secure from prying even if the operating system, hypervisor, firmware, and even Intel s Management Engine2 have all been compromised by an attacker . This is a level of security that was not practical to achieve before chips with SGX became available. The first major outing for this technology is going to come from Microsoft .
In September, the firm announced its Azure cloud platform will be the first to support enclaves secured by Intel s SGX, using servers based on the latest Skylake Xeon processors. How this will ultimately be made available to customers has yet to be fully detailed by Redmond, but the firm said it intends to implement encryption-in-use for its Azure SQL Database service and SQL Server . Azure CTO Mark Russinovich also gave a demonstration of what this might look like at the firm s Ignite conference in September. The demo revolved around a sample HR application running queries against a cloud database with two columns – social security number and salary where the stored value was protected using the Always Encrypted feature . A Stored Procedure was deployed into an enclave then passed the encryption key over a secure channel so that it was able to process queries that reference the encrypted columns.
To date, Intel s SGX has had only limited traction, but Microsoft s Azure cloud is widely used by large enterprise firms, and seems likely to drive interest in this method for keeping data secure while it is being processed . If it proves a hit, we can expect to see it implemented in more platforms, both in the cloud and on-premise there is certainly scope for a technology that can keep data secure, even if malware has compromised the server your application is running on. No single security technology can ever be totally bulletproof .
However, such attacks can be mitigated if the rest of the platform is carefully designed, and SGX means that Intel s latest Xeon chips offer the best foundation currently available for a platform capable of keeping the most sensitive data secure.
Sponsored by Intel
1/48 14 November 2017
Four-time Olympic champion Sir Mo Farah after he was awarded a Knighthood by Queen Elizabeth II
2/48 13 November 2017
Restoration work continues on the Palace of Westminster
3/48 12 November 2017
A veteran takes his hat off during the Remembrance Sunday Cenotaph wreathe laying ceremony
4/48 11 November 2017
Members of the Western Front Association during a service at the Cenotaph to mark the Armistice Day
5/48 10 November 2017
David Davis and Michel Barnier
6/48 9 November 2017
Britain’s newly appointed Secretary of State for International Development, Penny Mordaunt, leaves Downing Street
7/48 8 November 2017
Priti Patel leaves number 10 Downing street through the back entrance
8/48 7 November 2017
School children and their teacher from Thomas Tallis School look at pictures on display at the Red Star Over Russia exhibition at the Tate Modern in London
9/48 6 November 2017
A cast of The Wrestlers, two men taking part in the Greek sport pankration, is lowered into place at Natural Trust’s Stowe Landscape Garden near Buckingham
10/48 5 November 2017
Protesters in Trafalgar Square, London, during the Million Mask March bonfire night protest
11/48 4 November 2017
Protestors take part in the ‘Justice Now: Make it Right for Palestine’ march, organised by the Palestine Solidarity Campaign, in central London
12/48 3 November 2017
People queue outside an Apple store in London to purchase the new iPhone X upon its release in the U.K . The iPhone X is positioned as a high-end, model intended to showcase advanced technologies such as wireless charging, OLED display, dual cameras and a face recognition unlock system
13/48 2 November 2017
British Prime Minister Theresa May greets Israeli Prime Minister Benjamin Netanyahu outside 10 Downing Street in London . The pair are today celebrating the centenary of a British declaration that ultimately led to the foundation of the state of Israel
14/48 1 November 2017
Mammatus clouds over St Mary’s Lighthouse in Whitley Bay, Northumberland
15/48 31 October 2017
Women protest outside Downing Street as they join a demonstration demanding rights for working mothers
16/48 30 October 2017
England’s under 17’s pose with the World Cup trophy as they arrive back to the UK
17/48 29 October 2017
Leicester City remembrance day fixture between between Leicester City and Everton at King Power Stadium
Plumb Images/Leicester City FC via Getty Images
18/48 27 October 2017
Spiderman steals a seat on the Iron Throne from Game of Thrones at MCM London Comic Con’s opening day
19/48 26 October 2017
British fashion designer Vivienne Westwood holds up a paper against the governments policy on fracking outside Downing Street in London
20/48 24 October 2017
Members of a delegation of indigenous and rural community leaders from 14 countries in Latin America and Indonesia, The Guardians of the Forest campaign, demonstrate against deforestation in London during a stop on their way to the United Nations Framework Convention on Climate Change (UNFCCC) Conference of the Parties 23 (COP 23) in Bonn, Germany
21/48 23 October 2017
Gemma Davis, 23, cleans the dolls’ house during it’s annual clean at the National Trust’s Calke Abbey property, in Ticknall, Derbyshire . The dolls’ house was used by the family’s various generations of children between 1860 and the Second World War in their school room
22/48 18 October 2017
Prince William and Kate chat with West Ham player Mark Noble and manager Slaven Bilic during the Coach Core graduation ceremony
23/48 17 October 2017
Jellyfish washed up on Sidmouth beach after storm Ophelia hit the UK
24/48 16 October 2017
A red sun appears in Mid-Wales before storm Ophelia hits
Paul Williams / Alamy Live News
25/48 15 October 2017
The Duchess of Cambridge dances with Paddington Bear as they attend a charities forum event at Paddington train station in London on October 16, 2017 . The Duke and Duchess of Cambridge and Prince Harry joined children from the charities they support on board Belmond British Pullman train at Paddington Station . The event was hosted by STUDIOCANAL, with support from BAFTA through its BAFTA Kids programme, and before embarking Their Royal Highnesses met the cast and crew from the forthcoming film Paddington 2
26/48 15 October 2017
Large waves crash along sea defences and the harbour as storm Ophelia approaches Porthleven in Cornwall, south west Britain
27/48 14 October 2017
Hillary Clinton gives a speech as she is presented with a Honorary Doctorate of Law at Swansea University in Swansea, Wales . The former US secretary of state and 2016 American presidential candidate is also visiting the UK to promote her new book, ‘What Happened’
28/48 13 October 2017
A lone protestor demonstrates outside Workmen Cuadrilla’s shale gas fracking drilling rig near Westby in Blackpool . Engineers have begun to build the new rig at the site off Preston New Road in preparation for extracting gas . The site will be the first in the UK to extract shale gas since 2011
29/48 11 October 2017
Photographs of missing Syrians are displayed as people, including a group of Syrian women, stand atop a double-decker bus during a demonstration by ‘Families for Freedom’ in Parliament Square in London
30/48 9 October 2017
Workmen erect scaffolding around the Elizabeth Tower, commonly known called Big Ben, during ongoing renovations to the Tower and the Houses of Parliament
31/48 6 October 2017
An order of service is carried ahead of the funeral service for Coronation Street actress Liz Dawn, real name Sylvia Ann Ibbetson, outside Salford Cathedral .
A former Woolworths shop girl from Leeds, who first set foot on Weatherfield’s famous cobbles in 1974, Dawn, who had four children, died peacefully last week at home with her family around her. PA
32/48 5 October 2017
Melanie Kramers of Oxfam poses while wearing a mask of Foreign Secretary Boris Johnson, with assorted props used in political campaigns, in the store room at Oxfam’s headquarters in London . The props have all been used in the charity’s campaigns over the years to raise awareness of issues affecting people in poverty . Today marks 75 years since Oxfam’s founding in the middle of the Second World War
33/48 4 October 2017
A visitor poses in front of an art work by Czech Repblic artist Anna Hulacova entitled ‘Ascension Mark I’ during a photocall for the Frieze Art Fair in London
34/48 2 October 2017
Britain’s Chancellor of the Exchequer Philip Hammond arrives to speak at the Conservative Party’s conference in Manchester
35/48 1 October 2017
Protesters holding flags and placards demonstrate along Oxford Street during the annual Ashura march in London . Thousands of protesters march through London today to mark Ashura and celebrate the defeat of the Islamic State in Iraq and Syria . Ashura is a Muslim festival of remembrance that falls on the tenth day of Muharram in the Islamic calendar
36/48 30 September 2017
Protesters hold up placards during the London March for Choice, calling for the legalising of abortion in Ireland after the referendum announcement, outside the Embassy of Ireland in central London
Chris J Ratcliffe/AFP
37/48 29 September 2017
Former UKIP leader Paul Nuttall (C) speaks with delegates at the UKIP annual conference being held at the The Riviera International Centre in Torquay
38/48 27 September 2017
England and West Indies fans enjoy themselves during the 4th Royal London One Day International between England and West Indies at The Kia Oval in London
39/48 26 September 2017
Labour Leader Jeremy Corbyn takes photographs during Shadow Secretary of State for Business, Energy and Industrial Strategy Rebecca Long-Bailey’s speech in the main hall, on day three of the annual Labour Party Conference in Brighton
Dan Kitwood/Getty Images
40/48 24 September 2017
Naked bathers enter the water as they take part in the North East Skinny Dip at Druridge bay in Druridge, England . The popular annual event takes place around the autumn equinox at Druridge Bay as the sun rises .
Participant registration fees have been pledged to the mental health charity MIND. Getty
41/48 23 September 2017
Rollo Maughfling, Archdruid of Stonehenge and Britain (R) conducts a ceremony as druids, pagans and revellers gather in the centre at Stonehenge, hoping to see the sun rise, as they take part in a autumn equinox celebrations at the ancient neolithic monument of Stonehenge near Amesbury in Wiltshire, England . Several hundred people gathered at sunrise ar the famous historic stone circle, a UNESCO listed ancient monument, to celebrate the equinox which is a specific moment in time that occurs twice a year when the Earth tilts neither towards (summer) or away (winter) from the sun in either the northern or southern hemisphere . Although yesterday marked the actual meteorological calendar change from summer to autumn, for druids, the following dawn is when they celebrate ‘the dawning of the new season’ following the day of equal night, which it is named after. Getty
42/48 22 September 2017
Britain’s Prime Minister Theresa May delivers her Brexit speech at the Complesso Santa Maria Novella in Florence, Italy .
British Prime Minister Theresa May will seek to unlock Brexit talks on September 22, after Brussels demanded more clarity on the crunch issues of budget payments and EU citizens’ rights
43/48 21 September 2017
People protest against the actions of the Spanish government in front of the Spanish consulate in Edinburgh . Spanish police stormed ministries and buildings belonging to Catalonia’s regional government yesterday, in an attempt to try and put a stop to the region’s independence referendum
44/48 20 September 2017
One of the final 55m turbine blades is manoeuvred into position . The last of 116 wind turbines have been installed at the Rampion Offshore Wind Farm 13 kms off the Brighton Coast . It will provide enough electricity to supply the equivalent of half the homes in Sussex
Mike Hewitt/Getty Images
45/48 16 September 2017
An armed police officer patrols in Horse Guards Parade in London . An 18-year-old man has been arrested in Dover in connection with yesterday’s terror attack on Parsons Green station in which 30 people were injured . The UK terror threat level has been raised to ‘critical’
Jack Taylor/Getty Images
46/48 13 September 2017
Demonstrators hold banners during a protest to lobby MPs to guarantee the rights of EU citizens living in the UK, after Brexit, outside the Houses of Parliament
47/48 12 September 2017
Rupert van der Werff, Summer Place Auctions’ Natural History specialist, moves a one-year-old baby mammoth skeleton at Summers Place Auctions on September 12, 2017 in Billingshurst . A family of four mammoths, found together during building works near the Siberian city of Tomsk in 2002, will be on sale on November 21, 2017, and are expected to sell in the region of 250,000 – 400,000
Rob Stothard/Getty Images
48/48 11 September 2017
Members of the Royal Navy carry supplies on board the amphibious assault ship HMS Ocean at the Naval Base in Gibraltar before leaving to provide humanitarian assistance and vital aid to British Overseas Territories and Commonwealth partners affected by Hurricane Irma .
Britain has pledged 32 million (35 million euros, $42 million) in aid and sent hundreds of troops, supplies and rescue equipment on several flights to the British territories in the Caribbean since the disaster
JORGE GUERRERO/AFP/Getty Images
LAS VEGAS (AP) Las Vegas is posting snipers and surrounding tens of thousands of runners with other safety measures at a weekend marathon, the first large-scale outdoor event since a gunman killed 58 people at a country music festival. Police have beefed up security and tweaked their original safety plan for the annual event that starts on the Las Vegas Strip . Some participants say they will be running Sunday to stand up to evil .
About 350 officers will be working to protect the runners as they pass by world-famous high-rise casino-hotels and the crime scene. “We’ve made a few changes, some subtle things,” Capt . Andrew Walsh said. “Obviously, the threat of a sniper attack is something that we know can happen . So, we added some counter-sniper surveillance posts along the route.” A high-stakes gambler and real estate investor killed 58 people and injured hundreds more on Oct .
1 after shattering the windows of his hotel suite and unleashing gunfire on the Route 91 Harvest music festival below . From the 32nd floor of the Mandalay Bay casino-hotel, Stephen Paddock had an unobstructed view to rain bullets on the crowd, who had few places to hide.
The police helicopter unit will be circling throughout the Rock ‘n’ Roll Marathon, set to begin just before sunset Sunday . Police also will have bomb-sniffing dogs. Semi-trucks, dump trucks, buses and other large city vehicles will be positioned at key intersections to try to prevent anyone from driving onto the course, Walsh said, following recent attacks in the U.S . and abroad in which vehicles have plowed into crowds.
He acknowledged that the event presents a huge challenge to police and encouraged casino employees, visitors and others to alert authorities of anything suspicious . Security checkpoints will be set up for the Sunday races a marathon, half marathon and 10K and a Saturday 5K and concert. “With all the things that we’ve seen happen in the world, whether it’s in Texas at a church, whether it is in New York City on a bike path, or whether it’s here at a concert, the vulnerabilities that exist and try to predict and prevent each and every one of those is a tremendous challenge,” Walsh said.
Organizers moved events away from the scene of the massacre . The concert, typically held at the outdoor venue where the shooting took place, was shifted miles north, across from the SLS hotel. The start of the marathon, usually outside Mandalay Bay, was moved a mile north to the front of the New York-New York casino-hotel .
The race has always featured live bands every mile, but on Sunday, the first 2 miles when runners will go by the crime scene twice will be silent. Spokesman Dan Cruz said that will serve as an extended moment of silence. “Running the marathon symbolizes miles of grit, determination; these are driven athletes, who know all about adversity,” he said. “So, for them, it’s the perfect event to help Las Vegas bounce back.”
Cruz said less than 50 people canceled, transferred or deferred their participation, and people still registered after the shooting. Judy Mace is among the 24,000 people who will run the half marathon . As she picked up her race package Thursday at a convention center, the Orlando, Florida, resident said she never considered canceling and is not concerned about her safety.
“After going through the Pulse shooting in Orlando, you just get angry,” said Mace, 68. “They’re not going to do this to us . We will not back down . People asked me in Orlando, ‘Why are you going ?
It’s probably dangerous.’ I said ‘No . I’m fine.'” ___
Follow Regina Garcia Cano on Twitter at https://twitter.com/reginagarciakNO .