Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases

Bartock, Michael; Souppaya, Murugiah; Savino, Ryan; Knoll, Timothy; Shetty, Uttam; Cherfaoui, Mourad; Yeluri, Raghuram; Malhotra, Akash; Banks, Don; Jordan, Michael; Pendarakis, Dimitrios; Rao, J. R.; Romness, Peter; Scarfone, Karen

doi:https://doi.org/10.6028/NIST.IR.8320

NISTIR 8320

Hardware-Enabled Security: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases

Documentation Topics

Date Published: May 2022

Author(s)

Michael Bartock (NIST), Murugiah Souppaya (NIST), Ryan Savino (Intel), Timothy Knoll (Intel), Uttam Shetty (Intel), Mourad Cherfaoui (Intel), Raghuram Yeluri (Intel), Akash Malhotra (AMD Product Security and Strategy Group), Don Banks (Arm Advanced Technology Group), Michael Jordan (IBM), Dimitrios Pendarakis (IBM), J. R. Rao (IBM), Peter Romness (Cisco), Karen Scarfone (Scarfone Cybersecurity)

Abstract

In today’s cloud data centers and edge computing, attack surfaces have shifted and, in some cases, significantly increased. At the same time, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing security strategy should be securing the platform on which data and workloads will be executed and accessed. The physical platform represents the first layer for any layered security approach and provides the initial protections to help ensure that higher-layer security controls can be trusted. This report explains hardware-enabled security techniques and technologies that can improve platform security and data protection for cloud data centers and edge computing.

Keywords

confidential computing; container; hardware-enabled security; hardware security module (HSM); secure enclave; trusted execution environment (TEE); trusted platform module (TPM); virtualization

Control Families

None selected

Documentation

Publication:
NISTIR 8320 (DOI)
Local Download

Supplemental Material:
Trusted Cloud projects (web)

Other Parts of this Publication:
NISTIR 8320A
NISTIR 8320B

Related NIST Publications:
SP 1800-19

Document History:
04/28/20: White Paper NIST CSWP 14 ipd (Draft)
05/27/21: NISTIR 8320 (Draft)
10/27/21: NISTIR 8320 (Draft)
05/04/22: NISTIR 8320 (Final)

Topics

Security and Privacy
roots of trust

Technologies
cloud & virtualization; hardware