Intel Drives Innovation across the Software Stack with Open Source for AI and Cloud

osts 19 logoWhat’s New: Intel is hosting the annual Open Source Technology Summit (OSTS) May 14-16. What started as an internal conference in 2004 with a few dozen engineers now brings together 500 participants. This year is the most open yet, with leaders from Alibaba*, Amazon*, AT&T*, Google*, Huawei*, JD.com*, Microsoft*, MontaVista*, Red Hat*, SUSE* and Wind River* taking part in discussions of open source software that is optimized for Intel hardware and will drive the next generation of data-centric technology in areas such as containers, artificial intelligence (AI), machine learning and other cloud to edge to device workloads.

“OSTS is at its heart a technology conference, and it’s the depth of technical content, engineering engagement and community focus that make the summit so valuable. This year we’re open-sourcing our open source summit, inviting customers, partners and industry stakeholders for the first time. I’m excited by the opportunity to connect the community with the amazing people who are driving open source at Intel.”
–Imad Sousou, Intel corporate vice president and general manager of System Software Products

The Details: The latest contributions Intel is sharing at OSTS represent critical advances in:

  • Modernizing core infrastructure for uses well-suited to Intel architecture
  • ModernFW Initiative has the goal to remove legacy code and modularize design for scalability and security. By delivering just enough code to boot the kernel, this approach can help reduce exposure to security risks and help ensure management is easier for users.
  • rust-vmm offers a set of common hypervisor components, developed by Intel with industry leaders including Alibaba, Amazon, Google and Red Hat to deliver use-case specific hypervisors. Intel has released a special-purpose cloud hypervisor based on rust-vmm with partners to provide a more secure, higher performance container technology designed for cloud native environments.
  • Intel is also committing to advancing critical system infrastructure projects by assigning developers to contribute code, as well as incorporating our “0-day Continuous Integration” best practices to technologies beyond the Linux* kernel. Projects Intel plans to contribute to include (but are not limited to) bash*, chrony*, the Fuzzing Project*, GnuPG*, libffi*, the Linux Kernel Self Protection Project*, OpenSSH*, OpenSSL* and the R* programming language.
  • Enhancing Intel Linux-based solutions for developers and partners: Intel’s Clear Linux* Distribution is adding Clear Linux Developer Edition, which includes a new installer and store, bringing together toolkits to give developers an operating system with all Intel hardware features already enabled. Additionally, Clear Linux usages are expanding to provide end-to-end integration and optimization for Intel hardware features and key workloads supporting the Deep Learning and Data Analytics software stacks. The performance, security, ease-of-use and customization advantages make Clear Linux a great choice for Linux developers.
    • The Deep Learning Reference Stack is an integrated, highly-performant open source stack optimized for Intel® Xeon® Scalable Processors. This stack includes Intel® Deep Learning Boost (Intel DL Boost) and is designed to accelerate AI use cases such as image recognition, object detection, speech recognition and language translation.
    • The Data Analytics Reference Stack was developed to help enterprises analyze, classify, recognize and process large amounts of data built on Intel® Xeon® Scalable platforms using Apache Hadoop and Apache Spark*.
  • Enabling new usages across automotive and industrial automation: In a world where functional safety is increasingly important, workload consolidation is both complex and critical. And with the growing reliance on software-defined systems, virtualization has never been more important. Intel is working to transform the software-defined environment to support a mix of safety critical, non-safety critical and time critical workloads to help support automotive, industrial automation and robotics uses.
    • Fusion Edge Stacks support the consolidated workloads that today’s connected devices demand using the ACRN* device hypervisor, Clear Linux OS, Zephyr Project* and Android*.
    • The Intel Robot SDKbrings together the best of Intel hardware and software in one resource, simplifying the process of creating AI-enabled robotics and automation solutions, with an optimized computer vision stack.

    Why It Matters: Open source powers the software-defined infrastructure that transformed the modern data center and ushered in the data-centric era. Today, the vast majority of the public cloud runs on open source software; new contributions by Intel are poised to drive a future where everything is software-defined, including new areas such as automotive, industrial and retail.

    With more than 15,000 software engineers, Intel invests in software and the work on standards initiatives to optimize the workload and to unlock the performance of our processors. In addition to significant contributions to the Linux kernel, Chromium OS* and OpenStack*, Intel’s leadership in the open source community drives industry advancement that fuel new models for hardware and software interaction in emerging workloads.

    Intel is in a unique position to bring together key industry players to address the complexity of building for diverse architectures and workloads and enable faster deployments of new innovations at scale. Software is a key technology pillar for Intel to fully realize the advancements in architecture, process, memory, interconnect and security.

    The post Intel Drives Innovation across the Software Stack with Open Source for AI and Cloud appeared first on Intel Newsroom.

    2019 RSA

    Intel’s innovation — together with partners and customers — is building the high-performance, trusted computing foundation for our data-centric world.

    Intel is uniquely positioned to implement security technologies given the breadth of its product line and its architectural dimensions. Intel’s products contain silicon-enabled security technologies that harden system surfaces to help create a trusted foundation and help enable ecosystem partners to create security-optimized solutions.

    At Intel, working to secure products is an ongoing priority, not a one-time event.

    Latest News

    Images

    Intel sgx card 1
    Intel introduced the Intel SGX Card in February 2019. It is a new way to help extend application memory protections using Intel Software Guard Extensions in existing data center infrastructure. (Credit: Intel Corporation)
    » Click for full image

    At-a-Glance Schedule

    Date Time (PT) Presenter Event Title Code, Location & Format
    Mon. March 4 8:15 – 9:15am

    Full seminar: 8:00am – 12:00pm

    Jim Gordon,

    GM Security Ecosystem Strategy & Development, Intel Corporation

    Seminar: Solving Our Cybersecurity Talent Shortage

    Panel: The Why: The DEI Dividend

    Code: SEM-M06

    Location: Moscone South 301 SEM

    Mon. March 4 10:15 – 11:15am

    Full seminar: 8:00am – 12:00pm

    Jim Gordon,

    GM Security Ecosystem Strategy & Development, Intel Corporation

    Seminar: Solving Our Cybersecurity Talent Shortage

    Panel: The Who: Is This Responsibility Yours, Mine, or Ours?

    Code: SEM-M06

    Location: Moscone South 301 SEM

    Wed. March 6 9:20 – 10:10am Audrey Plonk, Director, Global Security Policy, Intel Corporation

     

    Panel: Multiparty Vulnerability Disclosure: From Here to Where? Code: PDAC – W03

    Location: Moscone South 203

    Wed. March 6 9:20 – 10:10am

     

    Lorie Wigle, Vice President, GM, Intel Corporation Session: What Happens to Your Threat Model When Hardware Isn’t Really Hardware? Code: SPO2 – W03

    Location: Moscone South Esplanade 153

    Wed. March 6 2:50 – 3:40pm Amit Elazari Bar On, Director, Global Cybersecurity Policy at Intel Corporation, Lecturer, UC Berkeley School of Information (MICS)

    Keren Elazari, Analyst and Researcher, K3re3n3.com

    Session: From Dystopia to Opportunity: Stories from the Future of Cybersecurity Code: KEY – W12S

    Location: Moscone South Esplanade

    Thurs. March 7 8:00 – 8:50am Nitin Sarangdhar, Senior Principal Engineer, Intel Corporation Session: Securing Intel PC for FIDO Support: Industry Standard to Remove Passwords Code: IDY-R02

    Location: Moscone West 3014

    Thurs. March 7 1:30 – 2:30pm Ellen Powers, Information Security Awareness Strategist, Manager, Intel Corporation Panel: Awareness at Scale: Creating Risk-Aware Cultures in Big Companies Code: HUM-R09

    Location: Moscone South 207

    Thurs. March 7 2:20 – 2:50pm Amit Elazari Bar On, Director, Global Cybersecurity Policy at Intel Corporation, Lecturer, UC Berkeley School of Information (MICS) Session: Internet of Laws: Navigating the IoT Legal Landscape Code: SBX1 – R3

    Location: Marriot The Sandbox Stage

    Thurs. March 7 2:50 – 3:40pm Lorie Wigle, Vice President, GM, Intel Corporation Panel: Why Industrial IoT Security Is Really about Saving Lives Code: MBS – R11

    Location: Moscone South 201

    Fri. March 8 9:50 – 10:40am Eduardo Cabre, Product Development Engineering Manager, Intel Corporation
    SpeakerTom Dodson, Supply Chain Security Architect, Intel Corporation
    Speaker
    Session: Blockchain Augmentation of the Trusted Supply Chain Code: PDAC-F02

    Location: Moscone South 203

     

    Seminar/Panel/Session Descriptions

    Future of Security

    From Dystopia to Opportunity: Stories from the Future of Cybersecurity

    Presenters:                         Amit Elazari Bar On, Intel; Keren Elazari, K3r3n3.com

    Date and Time:                 Mar. 6 from 2:50 – 3:40pm

    The future of cybersecurity is not about protecting secrets; it’s about our way of life. Join us for a journey to the near future, told from the perspectives of a friendly hacker and a lawyer, who also happen to be sisters. Discover how evolving attack trends are impacting policy landscapes, why trust has become a feature and what hackers can do for you. Step away from today and embrace what’s next.

    Multiparty Vulnerability Disclosure: From Here to Where? 

    Presenters:                         Audrey Plonk, Intel; John Banghart, Venable; Kent Landfield, McAfee; Art Manion, CERT Coordination Center

    Date and Time:                 Mar. 6 from 9:20 – 10:10am

    As the world grows ever more dependent on complex technological systems, the risk of broadly impactful vulnerabilities in software and hardware is driving the need for improvements in how the global ecosystem addresses identification and disclosure of those vulnerabilities. This panel will discuss what works, what doesn’t, and suggest a path forward that can benefit everyone globally.

    What Happens to Your Threat Model When Hardware Isn’t Really Hardware?

    Presenters:                         Lorie Wigle, Intel

    Date and Time:                 Mar. 6 from 9:20 – 10:10am

    Join for a discussion about hardware and software update cycles and the importance of reconsidering the way we think about hardware security. We will also discuss the significance of making hardware and software more secure and resilient, and Intel’s commitment to developing technologies to solve the industry’s most complex problems.

    Securing Intel PC for FIDO Support: Industry Standard to Remove Passwords

    Presenters:                         Nitin Sarangdhar, Intel

    Date and Time:                 Mar. 7 from 8:00 – 8:50am

    FIDO-enabled platforms replace password match on the relying party website with a passwordless experience of biometric authentication on a user device. This session will cover how PCs can be vulnerable to attacks on simple host OS-based FIDO authenticators and capabilities available in Intel HW to create a trusted execution environment–based FIDO Authenticator to address such vulnerabilities.

    Awareness at Scale: Creating Risk-Aware Cultures in Big Companies

    Presenters:                         Ellen Powers, Intel; Tom Pendergast, MediaPro; Kemi Okutubo, International Monetary Fund; Deborah Walter; AmerisourceBergen

    Date and Time:                 Mar. 7 from 1:30 – 2:30pm

    Getting employees to take their annual security awareness training is hard at any company. But imagine how hard it is to run a multifaceted, multimedia awareness program for thousands or millions of employees spread across the globe, often not even sharing a common language. That’s security awareness at scale—and it’s got challenges and triumphs our panelists are eager to explore.

    IoT

    Internet of Laws: Navigating the IoT Legal Landscape

    Presenters:                         Amit Elazari Bar On, Intel

    Date and Time:                 Mar. 7 from 2:20 – 2:50pm

    The world is getting more connected and calls for IoT regulation and software liability are on the rise. This talk will give IoT practitioners and security researchers a quick intro to the variety of legal and regulatory concepts that govern IoT landscape focusing on recent trends. Highlights will include vulnerability disclosure, anti-hacking laws, CCPA and the new CA IoT security law.

    Why Industrial IoT Security Is Really about Saving Lives

    Presenters:                         Lorie Wigle, Intel; Emily Miller, Mocana; Galina Antova, Claroty; John Felker, Department of Homeland Security

    Date and Time:                 Mar. 7 from 2:50 – 3:40pm

    Industrial control systems simply cannot tolerate any downtime, or risk human safety in any way. A compromise can result in millions of dollars lost — but even more devastatingly—the loss of life. This talk will offer new approaches to protecting industrial control systems and critical infrastructure and focus on the importance of human safety that’s at risk when these devices are compromised.

    Blockchain

    Blockchain Augmentation of the Trusted Supply Chain

    Presenters:                         Eduardo Cabre, Intel; Tom Dodson, Intel

    Date and Time:                 Mar. 8 from 9:50 – 10:40am

    The Trusted Supply Chain assures users that a platform (a PC, server, controller, etc.) was made by the expected manufacturer and its firmware was unaltered. This session will describe a blockchain implementation of the Trusted Supply Chain. We replaced a centralized trust model, with a fully distributed model using Ethereum contracts, allowing participants to obtain direct evidence of their claims.

    Solving Our Cybersecurity Talent Shortage

    The Why: The DEI Dividend

    Presenters:                         Jim Gordon, Intel; Karen Worstell, W Risk Group LLC; Emily Heath, United Airlines; Vanessa Pegueros, DocuSign; Jennifer Steffens, IOActive, Inc.; Caroline Wong, Cobalt.io

    Date and Time:                 Mar. 4 from 8:15 – 9:15am

    Cybersecurity is facing talent shortages at a time when problem-solving, innovation and productivity are critical. The talent pipeline seems to be improving, but valuable professionals are opting out of the profession in mid-career. In this seminar, you will hear from leaders driving innovation with culture, inclusion, equity and diversity, and from change agents on how you can make shift happen.

    The Who: Is This Responsibility Yours, Mine, or Ours?

    Presenters:                         Jim Gordon, Intel; Karen Worstell, W Risk Group LLC; Alicia Jessip, TEKsystems; Elaine Mariano, Equili; Carmen Marsh, Inteligenca; Claudia Schabel, Schabel Solutions

    Date and Time:                 Mar. 4 from 10:15 – 11:15am

    Cybersecurity is facing talent shortages at a time when problem-solving, innovation and productivity are critical. The talent pipeline seems to be improving, but valuable professionals are opting out of the profession in mid-career. In this seminar, you will hear from leaders driving innovation with culture, inclusion, equity and diversity, and from change agents on how you can make shift happen.

    The post 2019 RSA appeared first on Intel Newsroom.

    RSA 2019: Intel and Partner Ecosystem Offer New Silicon-Enabled Security Solutions

    Intel sgx card 1
    Intel introduced the Intel SGX Card in February 2019. It is a new way to help extend application memory protections using Intel Software Guard Extensions in existing data center infrastructure. (Credit: Intel Corporation)
    » Click for full image

    Today, Intel along with customers and industry partners announced several solutions designed to scale and accelerate the adoption of hardware-enabled security across data center, cloud, network and edge. From OEMs to cloud service providers (CSPs) and independent software vendors (ISVs), Intel continues to help lead the industry and advance security tools and resources that help improve the security and privacy of application processing in the cloud, provide platform-level threat detection and shrink the attack surface.

    “Hardware-based security technologies are a top priority for cloud providers aiming to address enterprise scaling challenges. Trusted execution technologies such as Intel SGX are now readily available in a wide range of platforms helping to fuel innovation in the digital security ecosystem and further assist in implementation roll-out.”
    –Dimitrios Pavlakis, industry analyst, ABI Research.

    Intel SGX for the Data Center

    Helping protect customer data in the cloud is a top priority for cloud service providers. Intel® Software Guard Extensions (Intel® SGX) was designed to help create more secure environments without having to trust the integrity of all the layers of the system. The technology isolates specific application code and data to run in private regions of memory, or enclaves. Intel SGX is currently used by top cloud providers, including Alibaba Cloud*, Baidu*, IBM Cloud Data Guard* and Microsoft Azure* for various projects to help protect customer data at runtime. Today, Intel announced new products and ecosystem solutions that enable Intel SGX to be used even more broadly in the data center.

    Scaling Intel SGX for the Cloud: Intel introduced the Intel SGX Card, a new way to help extend application memory protections using Intel SGX in existing data center infrastructure. Though Intel SGX technology will be available on future multi-socket Intel® Xeon® Scalable processors, there is pressing demand for its security benefits in this space today. Intel is accelerating deployment of Intel SGX technology for the vast majority of cloud servers deployed today with the Intel SGX Card. Additional benefits offer access to larger, non-enclave memory spaces, and some additional side-channel protections when compartmentalizing sensitive data to a separate processor and associated cache. Availability is targeted for later this year.

    To enable cloud adoption of Intel SGX at scale, Intel and industry partners are also introducing new tools and capabilities that enhance operational control, simplify development and support emerging workloads.

    Operational Control: Intel is delivering a new capability called flexible launch control that enables a company’s data center operations to set and manage their own unique security policies for launching enclaves as well as providing controlled access to sensitive platform identification information. This capability is currently available on Intel SGX-enabled Intel® Xeon® E Processors and some Intel NUC’s.

    New Developer Tools: Fortanix* launched its Enclave Development Platform* (EDP), the open-source software development kit (SDK) that uses the state-of-the-art security properties of the Rust programming language and Intel SGX to deliver a more secure application development platform. Developers can build enclaves with Rust to help improve protection from development vulnerabilities and outsider attacks. The Fortanix EDP is fully integrated with the Rust compiler allowing developers to immediately build, sell or distribute the secure applications they create.

    Scale for Emerging Workloads: Baidu announced a preview of its Intel SGX-enabled MesaTEE* that delivers artificial intelligence algorithm protection for cloud and edge computing devices.

    Advancing Threat Detection

    Intel is helping lead the industry with hardware-enhanced security technology by delivering new capabilities to Intel® Threat Detection Technology (Intel® TDT), a set of silicon-level capabilities that helps detect classes of threats. First introduced last year and deployed across 50 million enterprise clients, Intel TDT is experiencing broad adoption and expanding platform support to Linux and virtual machines.

    Intel Threat Detection Technology Evolves: Intel is expanding Intel TDT capabilities in 2019 to include support for Linux on servers in virtualized data center and cloud environments. Intel TDT combines platform-level telemetry infrastructure and machine learning models to detect targeted attacks. Detection alerts based on the heuristics are sent to the security service provider (ISV) for remediation. Integration of the Intel TDT stack into the existing ISV solutions results in improved performance and lower incidences of false positives. At RSA Conference, Intel will demonstrate Intel TDT on Linux using Intel-developed heuristics to detect unauthorized execution of specific cryptomining workloads.

    SentinelOne: SentinelOne* (S1) is the first licensee to have adapted Intel TDT’s accelerated memory scanning (AMS) technology for detection of cryptomining. With Intel TDT, S1’s customers running Windows will enjoy up to 10-times faster pre-execution scanning and 4-times faster detection with immediate roll back of uncovered threats.1

    Shrinking the Attack Surface

    Intel’s security open-source initiatives and community partners are equipping the ecosystem with tools to help reduce the attack surface in platforms and products before they are deployed at scale.

    Device Design: Intel is announcing Host-based Firmware Analyzer, a new tool for the TianoCore* open-source firmware community. Intel is applying best practices used by software developers and helping lead the industry in delivering a framework that automates the testing of firmware components prior to system integration. The Host-based Firmware Analyzer allows developers to run open-source advanced tools, such as fuzz testing, symbolic execution and address sanitizers in an OS environment. This tool is targeted for availability in the first half of this year.

    Secure Device Onboarding: For secure device provisioning and management of internet of things (IoT) devices before they are activated on corporate networks, Mocana* announced full integration of Mocana TrustCenter™ with the Intel® Secure Device Onboard service. This solution reduces the burden on OEMs to pre-load customer specific credentials in the supply chain and delivers a model where cloud selection and configuration happen dynamically when first powered on.

    Defending Firmware: Intel and Eclypsium* announced a collaboration that helps organizations manage the entire hardware and firmware attack surface for threats. The Eclypsium Platform, now generally available, extends Intel’s secure foundation by analyzing the system configuration and ensuring the latest firmware is deployed.

    Scaling Enterprise Endpoint Protection: Qnext* announced integration of Intel SGX in remote access of its sharing and collaboration platform FileFlex*. Intel SGX helps improve FileFlex Enterprise security for Microsoft Office 365 users when accessing files and folders from source locations at the edge of the network.

    Where to See Intel at 2019 RSA

    Next week at RSA Conference, Intel will be joined by industry customers and partners in demonstrating the latest security solutions services. Visit Intel at Booth 6173 for hands-on demonstrations and more information.

    [1] Independent benchmark testing from Passmark Software Source: https://www.sentinelone.com/press/sentinelone-collaborates-intel-cryptominers

     

    The post RSA 2019: Intel and Partner Ecosystem Offer New Silicon-Enabled Security Solutions appeared first on Intel Newsroom.

    Intel’s Security-First Mindset and Ecosystem Approach

    By Leslie Culbertson

    As I reflect on the time that has passed since we renewed our commitment to security through our security‑first pledge a year ago, I’m proud of the work the Intel team has done to show our commitment to transparency and, above all, to the security of our products. And yet, as anyone familiar with the security landscape knows: We must remain vigilant as our work is never done. The nature of security threats will continue to evolve and we must actively evolve with it.

    In the past year, Intel has taken many steps to keep pace with this evolution — new tools and processes, exciting new talent we’ve brought on board, and, of course, the ongoing work we’ve done to continue improving security, including protecting against new classes of security vulnerabilities like Spectre and Meltdown.

    More: Security Exploits and Intel Products (Press Kit) | Security Research Findings (Intel.com) | Evolving for Today’s Security First Mindset (Imad Sousou blog)

    If I think of this in terms of the milestones over the past year, there are several that really stand out for me:

    Establishing the Intel Product Assurance and Security (IPAS) Group: While IPAS was formed in the same timeframe as the public disclosure of Spectre and Meltdown, its remit is much broader. Designed to serve as Intel’s security “mission control,” IPAS is a holistic product assurance and security effort that spans all of Intel, developing policy and best practices, and driving critical decisions across all our businesses. As the result of IPAS’ formation and our efforts throughout the year, we have made significant strides that have enhanced our agility from the very beginning of product design all the way through product manufacturing and post-sales support.

    Completing the Microcode Updates: The new class of security vulnerabilities that includes Spectre and Meltdown has presented a challenge for the entire industry. While you have frequently heard me and other Intel leaders talk about our learnings and the complexity of the side channel methods presented, the way the industry rallied together to help protect customers and their data ultimately stands out to me. When vulnerabilities require updates to microcode, the code that controls transistors on the chip, Intel issues a microcode update (MCU). Working together with a customer-centric focus, we and our partners were able to provide our customers with microcode updates for more than nine years of Intel products.

    Engineering New Protection into Hardware: One of the commitments we made early on was to advance security at the silicon level to help protect against side channel exploits. On the client side, we started introducing this with our 8th Generation Intel® Core™ U-series processor (Whiskey Lake) in August, followed by our 9th Gen Intel Core desktop processor (Coffee Lake) in October. And, our next-generation Intel® Xeon® Scalable processor (Cascade Lake) is the first x86 processor released to market that has hardware-based protections for Spectre V2.

    Automating the Microcode Update Process: We recognized that a more predictable and consolidated update process for security as well as functional issues would be helpful to the entire ecosystem. So we are transitioning to a quarterly release model aligned with others in the ecosystem wherever possible. One of the challenges silicon vendors face is the MCU distribution process. This can be a complex process for OEM and software partners as well as consumers. One of the first major initiatives for IPAS was to improve the delivery of MCUs. In June 2018, we made our MCUs OS-loadable, making the update for Spectre V2 possible via Windows Update. Moving forward, we intend to enable delivery of MCUs through this automated process when possible.

    Increasing Research Internally and Externally: Intel has always attracted the industry’s top talent, and we continue to build a world-class team of security researchers and engineers embedded across the company. We have actively increased our red team exercises – connecting deep offensive security research with deep product knowledge to find and address potential vulnerabilities before products ship. Our security researchers and engineers share their insights with the broader community by publishing findings and presenting to peers at industry events. In return, we continue to learn from the broader community though our bug bounty program and engaging academia through sponsored research and our “researcher in residence” program.

    Committing to Coordination: As technologies become more and more complex, we believe it takes the ecosystem working together to collectively keep products and data more secure. We’ve built a model for collaboration and development among our partners that enables them to communicate directly. This approach takes a step beyond traditional multiparty collaboration and is one that we expect to build upon that will support an environment of continuous learning.

    While I’m pleased with the progress we’ve made, our work is just beginning. So, as we look to 2019, two things are certain. First, security will continue to be an area where vigilance is required. Second – and just as important – we at Intel will continue to drive security innovation across our product portfolio to better protect customers and help drive the industry forward to make all our products more secure.

    Leslie S. Culbertson is an executive vice president and general manager of Product Assurance and Security at Intel Corporation.

    The post Intel’s Security-First Mindset and Ecosystem Approach appeared first on Intel Newsroom.

    Trezor and Ledger Respond to Claims Security Claims

    Three researchers and engineers have published a presentation from the 35th Chaos Communication Congress revealing claimed vulnerabilities in cryptocurrency hardware wallets. Trezor and Ledger have responded saying in short, their user’s cryptocurrency balances are safe. Dmitry Nedospasov, Thomas Roth, and Josh Datko, created the website wallet.fail and promised to publish their presentation to the Chaos

    The post Trezor and Ledger Respond to Claims Security Claims appeared first on CCN

    2018 Yearbook: Top Moments of Intel’s 50th Year

    2018 yearbook 2x1

    In 2018, Intel achieved the 50-year milestone, a huge accomplishment that most companies never achieve.

    As the year ends, Intel’s 100,000 employees look back at 2018 with pride. But our focus is firmly fixed on building a smarter, more connected future for our communities and the world.

    view yearbook button

    The post 2018 Yearbook: Top Moments of Intel’s 50th Year appeared first on Intel Newsroom.

    Video: Intel and Arm IoT Provisioning Prototype

    Intel and Arm are collaborating on a joint vision to securely connect any Internet of Things device to any cloud. This prototype demo video shows Intel and Arm devices being powered on to be onboarded and provisioned to the Arm Pelion IoT platform. (Credit: Intel Corporation)

    More: Intel and Arm Share IoT Vision to Securely Connect ‘Any Device to Any Cloud’

    The post Video: Intel and Arm IoT Provisioning Prototype appeared first on Intel Newsroom.

    Intel and Arm Share IoT Vision to Securely Connect ‘Any Device to Any Cloud’

    lorie wigle

    By Lorie Wigle

    The Internet of Things (IoT) is transitioning from first proof-of-concept deployments into a new growth phase that is expected, according to industry analysts, to deploy 1 trillion devices by 2035.1 What is driving these lofty projections are the incredible business benefits that will be achieved with data-driven IoT initiatives such as edge computing, artificial intelligence (AI), predictive maintenance and autonomous systems. The more data that is collected, the more valuable the data becomes. However, this model may not be realized unless the industry can collaborate on more open and scalable methods to securely provision devices and their data to the cloud.

    To answer these challenges, Intel is teaming up with Arm* to provide solutions to securely onboard2 both Intel and Arm IoT devices to any application or cloud framework.

    First, let me walk you through the traditional manual onboarding process for IoT devices, which has multiple challenges. It typically takes more than 20 minutes per device and involves coordination among installation technicians, IT network/security operations and operational technology teams. The device identity and network access credentials are either painstakingly preloaded into the device at manufacturing or configured in the field from a standard image using insecure human processes. Compounding the security issues are the proliferation of cloud-specific provisioning methods without a consistent hardware-protected device identity model. For IoT to scale to a trillion devices in less than two decades, this process must be faster, safer and more flexible.

    Now, the solution: Last October, Intel® Secure Device Onboard was launched as the first solution that enabled a “late binding” approach to provisioning, where customers could dynamically discover their target cloud platform for provisioning seconds after the device is powered on in the field. The collaboration with Arm aims to extend this capability from Intel devices to include the Arm devices that commonly are deployed together by customers. This strategic collaboration of two major ecosystems is designed to provide the industry with a more flexible provisioning method that can be natively enabled in devices.

    So how does it work? Watch the prototype video below that shows how Intel and Arm devices can be credentialed and provisioned in seconds to join any cloud application framework.

    As a result, customers should be able to choose their onboarding systems of record without being locked into a single cloud provider’s provisioning method or a single device architecture. Flexibility can be built in before the device is purchased to onboard into any cloud ecosystem. Device management systems such as Pelion*, cloud/on-premise IoT platforms and connected partner ecosystems all benefit from increased variety of devices, lower cost and faster deployment. Device suppliers can simplify manufacturing to a single SKU that can be provisioned with customer-specific credentials in the field rather than in the factory, dramatically reducing cost while decreasing time to market.

    “Intel and Arm are simplifying one of IoT’s most complex and challenging barriers with regard to streamlining the manufacturing and security deployment workflows for IoT. This is an ROI win for the customer, who will be able to deploy both Intel- and Arm-based devices at a lower cost and with less friction between IT and OT, while at the same time retaining flexibility over their data and cloud partner choice until the deployment phase,” said Michela Menting, director, ABI Research.

    Learn more about the solution at IoT Solution World Congress’s smart building customer case study presentation and view the joint demo that is nominated for top TestBed award. You may also attend the technical presentation at Arm TechCon that will showcase the Pelion Device Management zero-touch experience. Intel and Arm are seeking customer and ecosystem feedback on the prototypes and expect to engage pilot customers later this year. Contact iotonboarding@intel.com for more information on the pilot programs.

    Intel’s collaboration with Arm allows us to progress a joint vision of “any device, any cloud” to span multiple device architectures. As we enter this accelerated growth phase for IoT, we will continue to collaborate with technology vendors to provide customers the protections they need. On behalf of the entire Intel team, I thank our industry partners and customers for their ongoing support.

    Lorie Wigle is vice president of Software and Services Group and general manager of Internet of Things Security at Intel Corporation.

    1Trillion devices by 2035- source ARM white paper https://community.arm.com/cfs-file/__key/telligent-evolution-components-attachments/01-1996-00-00-00-01-30-09/Arm-_2D00_-The-route-to-a-trillion-devices-_2D00_-June-2017.pdf

    2From out-of-box to securely streaming data to an IoT Platform

    Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at https://www.intel.com/content/www/us/en/internet-of-things/secure-device-onboard.html.

    Intel, the Intel logo, and Intel® Secure Device Onboard are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

    The post Intel and Arm Share IoT Vision to Securely Connect ‘Any Device to Any Cloud’ appeared first on Intel Newsroom.

    Protecting Our Customers through the Lifecycle of Security Threats

    By Leslie Culbertson

    Intel’s Product Assurance and Security (IPAS) team is focused on the cybersecurity landscape and constantly working to protect our customers. Recent initiatives include the expansion of our Bug Bounty program and increased partnerships with the research community, together with ongoing internal security testing and review of our products. We are diligent in these efforts because we recognize bad actors continuously pursue increasingly sophisticated attacks, and it will take all of us working together to deliver solutions.

    Today, Intel and our industry partners are sharing more details and mitigation information about a recently identified speculative execution side-channel method called L1 Terminal Fault (L1TF). This method affects select microprocessor products supporting Intel® Software Guard Extensions (Intel® SGX) and was first reported to us by researchers at KU Leuven University*, Technion – Israel Institute of Technology*, University of Michigan*, University of Adelaide* and Data61*1. Further research by our security team identified two related applications of L1TF with the potential to impact other microprocessors, operating systems and virtualization software.

    More: Security Exploits and Intel Products (Press Kit) | Security Research Findings (Intel.com)

    I will address the mitigation question right up front: Microcode updates (MCUs) we released earlier this year are an important component of the mitigation strategy for all three applications of L1TF. When coupled with corresponding updates to operating system and hypervisor software released starting today by our industry partners and the open source community, these updates help ensure that consumers, IT professionals and cloud service providers have access to the protections they need.

    L1TF is also addressed by changes we are already making at the hardware level. As we announced in March, these changes begin with our next-generation Intel® Xeon® Scalable processors (code-named Cascade Lake), as well as new client processors expected to launch later this year.

    We are not aware of reports that any of these methods have been used in real-world exploits, but this further underscores the need for everyone to adhere to security best practices. This includes keeping systems up-to-date and taking steps to prevent malware. More information on security best practices is available on the Homeland Security website.

    About L1 Terminal Fault

    All three applications of L1TF are speculative execution side channel cache timing vulnerabilities. In this regard, they are similar to previously reported variants. These particular methods target access to the L1 data cache, a small pool of memory within each processor core designed to store information about what the processor core is most likely to do next.

    The microcode updates we released earlier this year provide a way for system software to clear this shared cache. Given the complexity, we created a short video to help explain L1TF.

    Once systems are updated, we expect the risk to consumer and enterprise users running non-virtualized operating systems will be low. This includes most of the data center installed base and the vast majority of PC clients. In these cases, we haven’t seen any meaningful performance impact from the above mitigations based on the benchmarks we’ve run on our test systems.

    There is a portion of the market – specifically a subset of those running traditional virtualization technology, and primarily in the data center – where it may be advisable that customers or partners take additional steps to protect their systems. This is principally to safeguard against situations where the IT administrator or cloud provider cannot guarantee that all virtualized operating systems have been updated. These actions may include enabling specific hypervisor core scheduling features or choosing not to use hyper-threading in some specific scenarios. While these additional steps might be applicable to a relatively small portion of the market, we think it’s important to provide solutions for all our customers.

    For these specific cases, performance or resource utilization on some specific workloads may be affected and varies accordingly. We and our industry partners are working on several solutions to address this impact so that customers can choose the best option for their needs. As part of this, we have developed a method to detect L1TF-based exploits during system operation, applying mitigation only when necessary. We have provided pre-release microcode with this capability to some of our partners for evaluation, and hope to expand this offering over time.

    For more information on L1TF, including detailed guidance for IT professionals, please visit the advisory on the security center. We’ve also provided a white paper and updated the FAQs on our security first website.

    I’d like to again thank our industry partners and the researchers who first reported these issues for their collaboration and collected commitment to coordinated disclosure. Intel is committed to the security assurance of our products, and will continue to provide regular updates on issues as we identify and mitigate them.

    As always, we continue to encourage everyone to take advantage of the latest security protections by keeping your systems up-to-date.

    Leslie Culbertson is executive vice president and general manager of Product Assurance and Security at Intel Corporation.

    1Raoul Strackx, Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, and Yuval Yarom

    The post Protecting Our Customers through the Lifecycle of Security Threats appeared first on Intel Newsroom.

    The Cybersecurity Community Driving Insights into Security Solutions

    By Doug Fisher

    I continue to be amazed by the power of what a community can achieve together – from developers contributing to open source projects for solving real-world business or social-economic problems, to industry consortia aligning and setting standards and policies on the forefront of emerging technologies. Nothing demonstrates the power of the community more than industrywide events such as the recent Cyber Week. It was a great example of the community coming together to share insights and discuss solutions to issues facing the public and private sectors of every company, city and country in the world today. We all have a role to play.

    More: Intel Security News | Intel Advances Silicon-Based Security for AI and Blockchain Workloads (Rick Echevarria Editorial)

    Intel has been very clear about making the security assurance of our Intel products a priority. Our role is broader than assurance alone. We hold a unique position in the digital ecosystem, designing and protecting the hardware that is the root of trust. Intel powers everything ranging from the endpoint to the cloud, and we have both an opportunity and a responsibility to help simplify security for tens of thousands of hardware, software and service providers, as well as billions of people using these products and services every day.

    Active Participation in the Security Community

    Listening to the community at events like Cyber Week is critical. It helps inform Intel on emergent trends and particular problems facing industry segments. We are able to apply those insights and learnings back to our product development so we can deliver differentiating features and capabilities required to provide valuable security solutions across the Intel platform portfolio.

    We have been making tremendous progress with our approach. Intel and ecosystem partners are advancing security across the emerging, data-centric workloads of artificial intelligence (AI) and blockchain. Collaborations with Docker*, Duality* and Fortanix* are helping secure data in AI implementations. Companies like Enigma* and the Tel Aviv Stock Exchange* are investing in Intel processor technologies to help improve the security, scalability and privacy of distributed ledger networks.

    Advancing Our Strategy

    Window Snyder
    Window Snyder

    To continue that momentum, I am pleased to share that Window Snyder is joining Intel, in the Software and Services Group, as chief software security officer, vice president and general manager of the Intel Platform Security Division, effective July 9.

    Window is an industry veteran who comes to us from Fastly*, where she has been the chief security officer. Before that, she spent over five years working on security and privacy strategy at Apple* and was the “Chief Security Something-or-Other” at Mozilla. She was also a founding member at Matasano*, a services company, and a senior security strategist at Microsoft*.

    In this role with Intel, Window will be responsible for ensuring the company maintains a competitive security product roadmap across all segments in support of business group objectives and continues to engage with the external security ecosystem to apply industry trends and sensing to Intel roadmap differentiation.

    More specifically, this involves leading the following areas across Intel:

    Industry sensing and response: Driving partnerships with the operating system and security ecosystem to ensure we are better informed on the growing complexity of attacks and to help guide our approach and response.

    Applying industry sensing for differentiation: Applying industry sensing to our roadmap to deliver differentiated security capabilities to secure data, workloads and other assets based on Intel platforms.

    Customer-centric route to market: Driving a two-pronged approach to market by partnering with the security ecosystem and the developer ecosystem to drive scale for security.

    I am looking forward to Window leveraging her experience in the community and bringing further valuable industry insight into Intel’s hardware-enabled security solutions.

    Doug Fisher is senior vice president and general manager of the Software and Services Group for Intel Corporation.

    The post The Cybersecurity Community Driving Insights into Security Solutions appeared first on Intel Newsroom.