SECURITY

Intel, McAfee Leverage Hardware Security

R. Colin Johnson | Date: 09-19-11 | Comments

Intel virtualization hardware is being repurposed for security, making i3, i5 and i7 the world's most secure processors by virtue of a new hypervisor-like root-level security suite due from McAfee next month.

When Intel acquired McAfee earlier this year, analysts were skeptical of success since past "mergers" with software companies had ended poorly. However, those doubts were mostly dispelled by the description of McAfee's forthcoming DeepSAFE technology at the Intel Developer Forum (IDF) held last week.

"DeepSAFE will launch as a McAfee enterprise product later this year, and when it does, it will offer a better level of protection to the hundreds of millions of Intel-core-processor-based PCs that have already shipped," said Paul Otellini, Intel CEO. "Our teams are working together on joint products to better protect every segment of computing, [including] every phone, every tablet, every PC and every server. It's part of our vision toward enabling a worry-free and protected computing experience."

McAfee's DeepSAFE security suite runs beneath the operating system--like a type-one hypervisor--enabling the detection of nearly any unauthorized intrusion into computers using Intel's i3, i5 or i7 processors.

Otellini's shining endorsement sounds naively optimistic, but is based on solid hardware technology that is unique to Intel processors and which is quickly being emulated by rival chip makers. In particular, Intel's virtualization technology (VT-x) that is built into most processors after Core Duo is unique in its ability to intercept stealth root kit and other sophisticated advanced persistent threats.

Advanced Micro Devices has already added similar virtualization hardware to its x86 processors, and ARM is also promising to add hardware virtualization support for its next-generation A-15 cores in 2012. However, Intel already has a lead in hardware virtualization support with extensions to its VT-x called active management technology (AMT) and Trusted Execution Technology (TXT).

The reason for all this activity is that leveraging the hardware technology offers a different approach to security. Software security today is based on virus scans that detect the signature of malware that has already been profiled by McAfee, Norton or other security experts. Hardware security, on the other hand, can recognize malware that has never before been profiled.

"Using the VT-x capabilities in the Intel's Core i3, i5 and i7 processors, DeepSAFE gives us a new vantage point on security that allows us to prevent unknown or zero-day attacks," said Candace Worley, senior vice president and general manager of end-point security for McAfee. "The DeepSAFE technology platform will become the foundation of a number of future products for McAfee."

VT-x allows Intel processors, memory and I/O to be virtualized by allowing hypervisors to run below the operating system, intercepting system calls before they can be executed. AMT extends VT-x by allowing Intel processors to be managed remotely without executing any locally installed software, thus enabling recovery from cyber-attacks that have penetrated conventional security measures. Likewise, its companion trusted execution technology (TXT) allows software to be validated before launching, thus establishing a root of trust that can be inherited by higher software levels. Although originally added to Intel processors to ease virtualization, McAfee has now repurposed VT-x, AMT and TXT to prevent security intrusions by detecting them before they can install malware. As such, DeepSAFE, running below the operating system--between it and the processor hardware like a type-one hypervisor�can prevent the installation of backdoors and other stealth malware.

DeepSAFE details will be officially revealed next month at McAfee's Focus 11 Security Conference (scheduled for Oct. 18 to 20 in Las Vegas) where Intel is expected to unveil a related technology that works like SIM-cards in cell phones to guarantee authentication.