A Focus on Security

By Ryan Naraine  |  Posted 2005-12-12 Print this article Print

The System Integrity Services project is part of a broader focus on security inside Intels labs. That focus has been brought about by the chip makers recent shift to designing platforms around devices such as servers or desktop PCs.

Unlike when it sold chips individually, the platform design strategy has Intel creating numerous add-ons, which include features such as virtualization and the Intel Active Management Technology, which are designed to increase the usability and manageability of desktops, notebooks and servers.

Many of Intels more advanced worm and virus detection technology are still at the research stage today—some of Intels other projects include worm signature detectors called autograph and polygraph—but it could easily wind up as features inside Intels future product platforms. Aside from being used to improve the products for customers, they could also be added to bolster Intels competitiveness versus its rival Advanced Micro Devices Inc.

The System Integrity Services prototype hardware uses one of Intels Xscale processors, which Schluessler said was overkill, and plugs into a PCI slot. A future version could potentially be built for a relatively small fee and included with Intel platforms, not unlike the way it packages wireless modules with its processors and chipsets for its Centrino-brand notebooks.

"You can tie this technology in with AMT and the CPU [in each machine] and all of a sudden youve got something thats more than the sum of its parts," Schluessler said. Aside from working with Intels own platforms, the technologies could be also tied in with products from Intels close partners, including operating system and application vendors, the companys researchers have said.

"We said, What kind of things can we do to address these challenges? That has driven a lot of the platform thinking, whether its VT [Intel Virtualization Technology] or active management, and how all those things work together," said Dylan Larson, network security initiatives manager at Intels Communications Technology Lab, in a recent interview with Ziff Davis Internet. "Weve had security expertise and lots of competency in this space for a long time. Now were looking at this even more from a platform level on how we can bring these things together to drive new value to customers."

The lab is also working on a projects called Autograph and Polygraph projects, which are designed to help prevent large-scale worm infections altogether by analyzing individual worms and quickly publishing data on how to detect them.

Click here to read more about the damage caused by the Code Red worm. Autograph and Polygraph employ a combination of heuristics and good old sleuthing to track down worms and locate their signatures—or the unique pattern of data required for its particular exploit—and then notify other systems with those signatures so that they can move to identify and block the worm, said Brad Karp, at Intel Research Pittsburg, a lab located on the campus of Carnegie Mellon University. Autographs source code has been made available for download via the universitys Web site, and Karp and his team are also working on a Polygraph, a similar program which can sniff out so-called polymorphic worms, which change each time they replicate in an effort to cover up their signatures and thwart the defense used in Autograph. The next step for the Systems Integrity Services now lies with Intels platform development teams, which will make the call on whether or not to add the technology to its future systems, Schluessler said. Check out eWEEK.coms for the latest security news, reviews and analysis.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel