Advanced Micro Devices Inc. and Intel Corp. are readying security and virtualization technologies that will make their way into products as early as next year.
The features are key components of the chip makers respective pushes to move beyond simply making processors and create platforms based on their chip architectures.
The on-chip technologies also are offerings that users say could make software-based virtualization and security better and less complex.
“Moving virtualization into the chip would allow for even more Windows [and] Linux applications to run in a [virtual machine],” said Jevin Jensen, director of IS at Mohawk Industries Inc., in Calhoun, Ga.
Mohawk Industries runs both AMD- and Intel-based servers.
“We like [virtualization software maker] VMware [Inc.] and would love to get better performance out of each virtual machine,” Jensen said.
Regarding on-chip technology, Jensen said it “would help if it would allow for real-time encryption of data while writing backups to tape. Currently, the overhead of encrypting all backups is tremendous, so you can only do certain types of data or you risk extending your backup window exponentially.”
In interviews here with eWEEK, AMD officials said on-chip security and virtualization—code-named Presidio and Pacifica, respectively—will appear in their Opteron processors next year. “Everyone sees virtualization and security solving some problems that theyve had [in the data center],” said Marty Seyer, vice president and general manager of AMDs Microprocessor Business Unit.
On the security front, Presidio will take advantage of capabilities in the upcoming release of Windows Vista from Microsoft Corp., officials said.
One of the more intriguing steps AMD is taking is making its memory controller “virtualization aware,” enabling the chip to create a hard boundary between virtual address spaces on a given machine.
The move also allows Presidio to prevent certain kinds of attacks in which crackers force a machine to boot to an operating system on a CD or a separate partition and then use special tools to read the RAM of the machine.
Presidio will evolve to include other protections, such as securing the channels of communication between input devices such as mice and keyboards and the operating system. Such protection depends on help from the operating system, and Microsoft is building a broad range of security capabilities, known as the Next-Generation Secure Computing Base, into Vista.
Trusted Computing
Officials also said that AMD will include support for the TPM (Trusted Platform Module) 1.2 specification in chips shipped next year and that there could be other applications for Presidio in addition to securing Windows machines.
In fact, the Sunnyvale, Calif., company is working with the Open Trusted Computing group on a specification for trusted computing in Linux distributions. And, officials said, there likely will be servers shipping with TPMs (trusted platform modules) installed by 2007.
The Pacifica technology, designed to offload some of the tasks performed by virtualization software from VMware, the Xen project and, eventually, Microsoft, also will evolve to include I/O virtualization, officials said.
AMD has begun work on that project, although officials declined to say when it will appear in products.
AMDs Presidio and Pacifica initiatives are similar to the Intel Virtualization Technology and “LaGrande” technology security programs from rival Intel.
Intel has begun shipping some desktop Pentium 4 chips with virtualization technology, though officials say it wont be until the “Presler” chip—an updated dual-core Pentium D—rolls out in the first quarter that adoption by systems makers will ramp up. It also will begin to appear in server chips next year.
LaGrande security features are expected to begin appearing in Intel chips next year.
For its part, Intels Communications Technology Lab, in a project called System Integrity Services, has created a hardware engine to sniff out sophisticated malware attacks by monitoring the way operating systems and critical applications interact with hardware inside computers.
The engine eventually will make its way into products, although Intel, of Santa Clara, Calif., declined to say when.
By watching a computers main memory, the engine can detect when an attacker takes control of the system in attacks that sever the ties between data loaded into memory by an application and the application itself.
Such attacks can fool a system so as to avoid detection while potentially allowing for surreptitious pilfering of data or the perpetration of other attacks.
Steve Johnson, senior analyst for the mathematics department at Texas A&M University, said bringing security and virtualization onto the chip makes sense, although he is reserving final judgment until he hears more specifics.
“Im not sure if Intel or AMD have been clear on their ideas,” said Johnson, of College Station, Texas. “Theyre not really defining what theyre going to do, but I look forward to hearing their plans.”
Ziff Davis Internet senior writers John G. Spooner and Ryan Naraine contributed to this report.
