Microsoft's Project Cerberus OCP Hardware Improves Cloud Security | eWeek

Microsoft Unveils Project Cerberus OCP Hardware for Secure Clouds

cloud security
Nov 8, 2017
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Having already tackled cloud servers with Project Olympus OCP (Open Compute Project) hardware designs, Microsoft is now turning its attention to security.

Microsoft unveiled its latest open hardware project called Project Cerberus, which is aimed at helping organizations harden their cloud environments against cyber-attacks, at the Zettastructure conference in London. In Greek mythology, Cerberus is the multiheaded dog that stands guard at the entrance to the Underworld, preventing the dead from escaping.

In data centers, Microsoft hopes Project Cerberus will prevent malware and attackers from invading the cloud workloads.


Kushagra Vaid, general manager of Azure hardware infrastructure at Microsoft, said Project Cerberus “provides a critical component for security protection that to date has been missing from server hardware—protection, detection and recovery from attacks on platform firmware,” in a Nov. 8 announcement. “Project Cerberus envisions that data can be processed in the cloud with the confidence that it’s running on hardware with uncompromised firmware.”

On a technical level, Vaid described Project Cerberus as a hardware “root of trust” that complies with the NIST (National Institute of Standards and Technology) 800-193 Platform Firmware Resiliency Guidelines. Covering both a motherboard’s firmware and attached I/O devices, it enforces integrity verification and strict access control that spans the pre-boot process all the way through runtime operations.

Project Cerberus includes a cryptographic microcontroller that runs secure code and intercepts access attempts from the host system to “flash” or update the firmware over the SPI (Serial Peripheral Interface) bus. By continually blocking malicious updates and unauthorized access to a server’s firmware, this method locks down one of the most desirable low-level resources on a server, at least from an attacker’s perspective.

IT professionals take BIOS (Basic Input/Output System) firmware security very seriously. A successful attack against a motherboard’s firmware could give an attacker complete control over an affected system and unrestricted access to the data stored on it. Those with a cruel streak could also use BIOS vulnerabilities not only to gain access to a system, but also to “brick” it, or render it inoperable.

Making matters worse, such attacks can be very difficult to detect, since they run on a foundational level that is outside the purview of anti-malware software. During the Black Hat USA security conference in July, Cylance principal research scientist Alex Matrosov discussed how lax implementations of Intel’s BIOS firmware protections, or UEFI (Unified Extensible Firmware Interface), led to privilege escalation flaws on a number of PCs.

Microsoft is working with Intel on draft specifications for Project Cerberus, which the company plans to open source to the OCP. More details are available here.

Meanwhile, Project Olympus, Microsoft’s other open hardware initiative, is wending its way across the company’s Azure cloud computing platform. Vaid reported that systems based on the specification have been “deployed in volume production” and are powering the company’s fastest Azure Virtual Machine (VM) family (Fv2 VMs). Project Olympus systems are also commercially available from Wiwynn and ZT Systems, with more server makers on the way.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.