NIST has published a draft report, titled “Hardware Enabled Security: Hardware-Based Confidential Computing,” which presents an approach for managing machine identities for protection against malware and other security vulnerabilities. Comments are due April 10, 2023.
Abstract
“Organizations employ a growing volume of machine identities, often numbering in the thousands or millions per organization. Machine identities, such as secret cryptographic keys, can be used to identify which policies need to be enforced for each machine. Centralized management of machine identities helps streamline policy implementation across devices, workloads, and environments. However, the lack of protection for sensitive data in use (e.g., machine identities in memory) puts it at risk. This report presents an effective approach for overcoming security challenges associated with creating, managing, and protecting machine identities throughout their lifecycle. It describes a proof-of-concept implementation, a prototype, that addresses those challenges by using hardware-based confidential computing. The report is intended to be a blueprint or template that the general security community can use to validate and utilize the described implementation.”
Find the draft report here.. Published Feb. 2023.
Authors
Michael Bartock (NIST), Murugiah Souppaya (NIST), Jerry Wheeler (Intel), Timothy Knoll (Intel), Muthukkumaran Ramalingam (AMI), Stefano Righi (AMI)
Bartock M, Souppaya MP, Wheeler J, Knoll T, Ramalingam M, Righi S (2023) Hardware-Enabled Security:
Hardware-Based Confidential Computing. (National Institute of Standards and Technology, Gaithersburg, MD),
NIST Interagency or Internal Report (IR) NIST IR 8320D ipd. https://doi.org/10.6028/NIST.IR.8320D.ipd
Leave a Reply