Protecting the Storage Platform Through Measurement and Attestation | Part 1: Understanding the Changes in the Security Landscape
Securing the operational state of components has become an ever-increasing topic among the server and storage industry. While much of the industry has already secured the platforms upon which subcomponents operate, it’s important to understand that subcomponents are now the next step for applying a security model.
In this five-part blog series, we will explore:
- The past and present security landscape
- Threat modeling for the new age of protection
- How to eliminate vulnerabilities with secure trusted firmware
- Attestation measurements and how they help prove to the platform what firmware is running
- Other measures that should be considered for protecting the storage platform
Changes in the security landscape: From a single factory to a global supply chain
In the past, components were often managed in a single factory, but with today’s global supply chain, parts come from all over the world. Component production may be started in one foundry while testing is completed in another facility. In addition, the subcomponents will likely go to a board manufacturer at a separate site for final assembly. Regardless of the exact path to finished goods, it is a long trip across multiple geographic areas.
At the end of the journey -- when the components are boxed up by an OEM – there have already been multiple opportunities for the injection of malicious firmware or hardware into the finished product. In today’s marketplace, there are many manufacturers who have fallen victim to such attacks -- landing products at customer locations to only find out later that tampering had already transpired.
Once product lands securely, data centers become the next opportunity for intrusion at a component level. One example of the runtime attack surfaces for a data center, are leased bare metal machines starting for limited periods of time. Short duration use, is often indicator of an attacker trying to identify security holes in the system. Once identified, attacks are often disguised as legitimate firmware , software, and BIOS updates among others.
In part 2 of this series, we’ll go beyond the supply chain and examine other elements of the overall threat model.