HARDWARE INNOVATION REVEAL Openpower Foundation Summit

Total Page:16

File Type:pdf, Size:1020Kb

HARDWARE INNOVATION REVEAL Openpower Foundation Summit HARDWARE INNOVATION REVEAL OpenPOWER Foundation Summit 2018 87 Solutions BPS-8201 Server The BPS-8201 is a High Density/Storage with IBM POWER8 Turismo SCM processor Platform , 2U/ (16) 3.5" SAS/SATA HDDs. System ADM-PCIE-9V3 - FPGA Accelerator Board—Latest FPGA accelerator board, is CAPI 2.0 and OpenCAPI enabled featuring a powerful Xilinx® Virtex® UltraScale+ ™ FPGA. The ADM-PCIE-9V3 is ideal for a variety of acceleration applications (Compute, Networking, Storage) packed Card into a small HHHL server friendly PCIe add-in card size. OpenCAPI FPGA Loop Back cable and OpenCAPI cable. These enable testing and OpenCAPI accelerators to be connected to standard PCIe while signaling to the host processor through sockets attached to the main system board. Cable Parallware Trainer aims to democratize access to HPC by providing sim- ple-to-use assistance in developing software for shared memory and accelerator technologies. Developed specifically to help software pro- grammers learn how to parallelise software, quickly and efficiently aids Software users in developing OpenMP and OpenACC enabled software. Escala E3-OP90 is an Open Power based server optimized for Deep Learning. The L3-OP90 features 2 Power9 sockets which are intercon- nected with up to 4 Nvidia Volta GPUs through NVlink 2.0. The architec- ture is designed for the implementation of large deep learning models System enabling highest levels of resolution / accuracy. HBA 9405W-16i Adapter—The x16 low-profile HBA9405W-16i is ide- al for high-performing, bandwidth-intense applications. The HBA enables internal communication to PCIe JBOFs and delivers the per- formance and scalability needed by critical applications such as video Card streaming, medical imaging and big data analytics. MegaRAID SAS 9361-8i Adapter— The MegaRAID SAS 9361-8i 12 Gb/s RAID controller card allows users to configure high-density servers requiring inside-the- box design flexibility and scalability. The RAID card with 16 internal ports delivers proven performance Card and RAID data protection for a range of server storage applications. MegaRAID 9460-16i — Tri-Mode Storage Adapter is a 12Gb/s SAS/ SATA/PCIe (NVMe) controller card that enable maximum data center flexibility with Tri-Mode connectivity and NVMe performance bene- fits. Broadcom’s Tri-Mode SerDes Technology enables the operation of NVMe, SAS or SATA devices in a single drive bay, allowing for end- Card less design flexibility. P411W-32P Adapter—the industry’s first fully managed PCIe Gen 4 NVMe switch adapter, provides enterprise class options for connec- tivity of server-class NVMe solid state drives (SSDs). The NVMe HBA can connect up 32 NVMe SSDs to the host via x16 PCIe Gen4 inter- Card face as a turnkey solution. G620 Gen 6 Fibre Channel Switch—New from Broadcom, the Bro- cade G620 SAN switch offers industry-leading port density and speed with 48 ports of 32 Gbps and 4 ports of 128 Gbps FC connectivity in 1U rack space. The G620 builds storage networks that are ideal for Card Flash and FC-NVMe storage solutions. NetXtreme P225p— NetXtreme®-E Series Network Interface Cards (NICs) are the ideal solutions to address the performance and service demands of massively-scaled data center networks for high through- put and advanced flow processing. Unique hardware offload engines from 10Gb to 100Gb provide optimized latency and CPU utilization in Card real-life network conditions for Layer-2, DPDK, SR-IOV and RoCE-v1/ NetXtreme PS225p—NetXtreme® S-Series PS225 Smart NICs are purpose-built to enable solutions in the evolving datacenter. This Smart NIC integrates networking and processing subsystems for ap- plications including dataplane acceleration, security, powerful CPU- offload, and software-defined storage including NVMe-over- Card Fabrics. Emulex LPe31004-M6 HBA—Gen 6 16Gb Fibre Channel HBA delivers unparalleled performance to accelerate applications and meet the massive bandwidth requirements of all-flash arrays. The Dynamic Multi-core Architecture delivers 1.6M IOPS and low-latency with industry-leading reliability. Features include ExpressLane™ Quality of Card Service, Secure Firmware Updates and Forward Error Correction. Emulex LPe32002-M2 HBA—Gen 6 32Gb Fibre Channel HBA by Broadcom delivers unparalleled performance to accelerate applica- tions and meet the massive bandwidth requirements of all-flash ar- rays. The Dynamic Multi-core Architecture delivers 1.6M IOPS and low-latency with industry-leading reliability. Features include Ex- Card pressLane™ Quality of Service, Secure Firmware Updates and For- ward Error Correction. Supports Brocade diagnostics/monitoring. Spotlyt 2.0—GPU Database & Analytics Platform is the fastest GPU- powered database platform in the market according to independent benchmarking. Integrating Brytlyt, with Spotlyt, the visual analytics tool for billion row datasets allows data scientists and analysts to do real-time analysis and interactive exploration to uncover anomalies, find micro Software trends and more. Spotlyt 3.0—With its PostgreSQL fork, Brytlyt GPU Database & Analytics Platform, the 3.0 is not only the fastest GPU-powered database platform in the market according to independent benchmarking, but Brytlyt has a patent pending IP on its JOINS functionality which gives Brytlyt a unique Software edge for driving real time analytics on relational databases. Qlogic QLE2562 Dual-Port 8GFC PCIe Fibre Channel—Fibre Channel 8Gb-to-PCIe 2.0, 1,600MBps aggregate throughput per port, Up to 200,000 initiator and target IOPS per port, StarPower™ technology, Virtualization optimized, Power optimized, RAS optimized, Security Card and management optimized Qlogic QLE2564L Quad-Port 8GFC PCIe Fibre Channel Adapter— Fibre Channel 8Gb-to-PCIe 2.0, 1,600MBps aggregate throughput per port, Up to 200,000 initiator and target IOPS per port, StarPower™ technology, Virtualization optimized, Power optimized, RAS opti- Card mized, Security and management optimized Qlogic QLE2672L Dual-Port Gen 5 (16GFC) Fibre Channel Adapter— 3,200MBps per port aggregate throughput for high bandwidth stor- age (SAN) traffic, Up to 1.2 million IOPS reduce latency in high trans- action intensive applications and virtualized environments, Improved Card reliability and diagnostics with support for Brocade ClearLink, En- hanced QoS prioritizes SAN traffic for high performance Qlogic QLE2692 Dual-Port Enhanced Gen 5 (16GFC) Fibre Channel Adapter—The latest and most advanced 16GFC HBA from QLogic®, available in single- and dual-port versions, Up to 1.3 million IOPS fuel high performance in AFA and high-density virtualized environments, FC-NVMe capability allows simultaneous access to NVMe™ and FCP Card Storage on the same port, Enhanced reliability, diagnostics. Qlogic QLE2694 Quad-Port Enhanced Gen 5 (16GFC) Fibre Channel Adapter—Industry’s first native quad-port solution supporting 16Gbps Enhanced Gen 5 FC technology, Four ports of 16Gbps deliver 12,800MBps aggregate bandwidth, Up to 2.6 million IOPS fuel high performance in AFAs and high-density virtualized environments, FC- Card NVMe capability allows simultaneous access to NVMe™ and FCP rage on the same port, Enhanced reliability, diagnostics. Qlogic QLE2742 Dual-Port Gen 6 (32GFC) Fibre Channel Adapter— Industry’s first Gen 6 FC HBA available in single, dual, and quad-port versions, Two ports of Gen 6 FC deliver 12,800MBps aggregate throughput, Up to 1.3 million IOPS fuel high performance in AFA and high-density virtualized environments, FC-NVMe capability allows Card simultaneous access to NVMe™ and FCP Storage on the same port Qlogic QLE2764 Quad-Port Gen 6 (32GFC) Fibre Channel Adapter— Industry’s first Gen 6 FC HBA available in single, dual, and quad-port versions, Four ports of Gen 6 FC deliver 25,600MBps aggregate throughput, Up to 2.6 million IOPS fuel high performance in AFA and high-density virtualized environments, FC-NVMe capability allows Card simultaneous access to NVMe™ and FCP Storage on the same port D.A.V.ID.E—By leveraging custom-developed components added to the IBM® Power Systems™ S822LC delivered in an OCP format, D.A.V.ID.E. enables scientists and engineer to run complex simulations up to 3 times faster while significantly reducing power consumption – cutting TCO and System increasing productivity Privacy Data AI Miner is simple, reliable, scalable and repeatable way to identify unstructured data, for example GDPR or other privacy data. The AI Miner enables any organization to detect privacy data (for example data under EU GDPR) and then you can take action on it. Easy-to- Software use solution for GDPR or other data discovery. Train artificial intelli- gence using your own data so that AI is able to detect privacy data FX410QL—The FX410QL is a half height, half length Low profile PCI Express add-in acceleration card, equipped with Xilinx Kintex Ultrascale KU115 (FLVF1924). It provides the best price/performance/watt and is ideal for packet processing in networking applications as well as DSP-intensive pro- Card cessing needed in next generation medical imaging, video processing, FX609QL—The FX609QL is a half height, half length PCI Express add-in ac- celeration card, equipped with Xilinx Virtex Ultrascale VU9P(FDSG2014). It is the most compact passive FPGA card with the largest amount of logics available. It provides the best price/performance/watt and reliability that is ideal for packet processing in networking applications as well as DSP- Card intensive processing needed in next- generation medical imaging, video OpenPOWER9 server platform that supports PCIe 4.0—To
Recommended publications
  • Solution Briefs A10 and Ncipher Strengthen the Security Of
    SOLUTION BRIEF A10 AND nCIPHER STRENGTHEN THE SECURITY OF APPLICATION DELIVERY PLATFORMS A10 THUNDER INTEGRATES WITH nCIPHER nSHIELD TO DELIVER FIPS 140-2 LEVEL 3 PROTECTION OF TLS/SSL KEYS Organizations increasingly depend on application networking CHALLENGE solutions to run critical business processes that involve Protecting and managing the private and sensitive information. To fulfill demands of increasing numbers of TLS/SSL keys—without impacting application businesses, data centers, networks and applications must delivery, performance or compliance not only be available 24-7 and run at optimum speeds, but requirements—is critically important in today’s business environment. must also protect against attacks that could compromise the confidentiality and integrity of the data they process. SOLUTION A10 Thunder ADC integrates with With the reliance on web application services, sensitive nCipher nShield hardware security modules (HSMs) to protect and information exchanged online and in the cloud is at risk manage the TLS/SSL keys. As part of interception and exploitation. Transport layer security/ of this integration, keys are stored in the hardware of nShield HSMs, and secure sockets layer (TLS/SSL) is used to protect sensitive encryption- and signature-processing information by encrypting the data. However, a compromise (involving private keys) are executed within its protected boundary. This of the encryption keys can lead to a breach of the data flowing provides robust protection and between end-user devices and Web servers. With growing management of the cryptographic keys and encryption process. use of TLS/SSL, protecting and managing the underpinning cryptographic keys is a vital function. BENEFITS • Delivers secure application availability and acceleration THE CHALLENGE • Strengthens TLS/SSL cryptographic As organizations and businesses increasingly deliver services key management through Web and cloud-based applications, more sensitive data • Enables robust FIPS 140-2 Level is transacted over TLS/SSL tunnels to protect confidentiality.
    [Show full text]
  • Automated Analysis of Speculation Windows in Spectre Attacks
    Barbara Gigerl Automated Analysis of Speculation Windows in Spectre Attacks MASTER'S THESIS to achieve the university degree of Diplom-Ingenieurin Master's degree programme: Software Engineering and Management submitted to Graz University of Technology Supervisor: Daniel Gruss Institute for Applied Information Processing and Communication Graz, May 2019 i AFFIDAVIT I declare that I have authored this thesis independently, that I have not used other than the declared sources/resources, and that I have explicitly indicated all material which has been quoted either literally or by content from the sources used. The text document uploaded to TUGRAZonline is identical to the present master's thesis. Date Signature EIDESSTATTLICHE ERKLARUNG¨ Ich erkl¨arean Eides statt, dass ich die vorliegende Arbeit selbstst¨andig verfasst, andere als die angegebenen Quellen/Hilfsmittel nicht benutzt, und die den benutzten Quellen w¨ortlich und inhaltlich entnommenen Stellen als solche kenntlich gemacht habe. Das in TUGRAZonline hochgeladene Textdokument ist mit der vorliegenden Masterarbeit identisch. Datum Unterschrift Abstract Speculative execution is a feature integrated into most modern CPUs. Although intro- duced as a way to enhance the performance of processors, the release of Spectre attacks showed that it is a significant security risk. Since CPUs from various vendors, includ- ing Intel, AMD, ARM, and IBM, implement speculative execution, all different kinds of devices are affected by Spectre attacks, for example, desktop PCs and smartphones. Spectre attacks exploit the branch prediction mechanisms of the CPU and then use a cache covert channel to leak secret data. Several attack variants have been discovered since the release, including Spectre-PHT which targets the Pattern History Table of the CPU.
    [Show full text]
  • Hardware Security Module for E-Payments
    Hardware Security Module for e-Payments Payment Security in FIPS 140-2 Level 3 Hardware Today's payments industry has increasingly become a target for fraud. To address rising levels of disputed transactions, the card associations have introduced advanced security controls, including improved authentication techniques that demand sophisticated hardware-based cryptographic processing. The nCipher hardware security module (HSM) INDUSTRY APPLICATION payShield option is designed to meet the stringent security requirements of the payments The payShield Option Pack for nCipher HSM industry, strengthening the security of card and provides payments functionality to secure and PIN authentication systems by securing accelerate payments industry applications. transaction processes in a FIPS 140-2 Level 3* ePayments validated tamper-resistant environment. In The 3-D Secure specification mandates the use addition to providing increased security, of FIPS certified hardware for storage and PRODUCT SHEET DATA payShield enabled HSM can dramatically management of cryptographic keys. payShield increase transaction throughput by processing provides a single HSM solution that supports high volumes of symmetric and asymmetric Visa's 3-D Secure Cardholder Authentication cryptographic operations, an important Verification Value (CAVV) using the Visa Card requirement of payments initiatives such as Verification Value (CVV) method, as well as 3-D Secure, Visa DPA, MasterCard CAP. MasterCard’s SPA Account Authentication Value *Federal Information Processing Standard (FIPS) 140-2 Level 3 is (AAV) and Card Authentication Program (CAP). the international security standard for cryptographic modules EMV smart card support CARDHOLDER EMV is a smart card standard developed by AUTHENTICATION Europay, MasterCard and Visa to address the universal aspects of chip card issuance and Supported by the major card associations, acceptance.
    [Show full text]
  • Defeating Invisible Enemies:Firmware Based
    Defeating Invisible Enemies: Firmware Based Security in OpenPOWER Systems — Linux Security Summit 2017 — George Wilson IBM Linux Technology Center Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation Agenda Introduction The Case for Firmware Security What OpenPOWER Is Trusted Computing in OpenPOWER Secure Boot in OpenPOWER Current Status of Work Benefits of Open Source Software Conclusion Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 2 Introduction Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 3 Disclaimer These slides represent my views, not necessarily IBM’s All design points disclosed herein are subject to finalization and upstream acceptance The features described may not ultimately exist or take the described form in a product Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 4 Background The PowerPC CPU has been around since 1990 Introduced in the RS/6000 line Usage presently spans embedded to server IBM PowerPC servers traditionally shipped with the PowerVM hypervisor and ran AIX and, later, Linux in LPARs In 2013, IBM decided to open up the server architecture: OpenPOWER OpenPOWER runs open source firmware and the KVM hypervisor with Linux guests Firmware and software designed and developed by the IBM Linux Technology Center “OpenPOWER needs secure and trusted boot!” Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 5 The Case for Firmware Security Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 6 Leaks Wikileaks Vault 7 Year 0 Dump NSA ANT Catalog Linux Security Summit / Defeating Invisible Enemies / September 14, 2017 / © 2017 IBM Corporation 7 Industry Surveys UEFI Firmware Rootkits: Myths and Reality – Matrosov Firmware Is the New Black – Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities – Branco et al.
    [Show full text]
  • A Hardware Security Module Is Found Not Immune to Hacking
    Memo 12/06/2019 - TLP:WHITE A Hardware Security Module is found not immune to hacking Reference: Memo [190612-1] Date: 12/06/2019 - Version: 1.1 Keywords: HSM, cryptography, PKCS#11, digital services Sources: publicly available information Key Points Security researchers released a paper revealing how they managed to hack a Hardware Security Module (HSM). HSM-s are used to generate, manipulate and store sensitive cryptographic secrets (SIM cards, credit cards, secure boot hardware, disk and database encryption, PKI...). HSM-s are also used by cloud service providers, such as Google or Amazon, allowing clients to centrally create, manage and use their cryptographic secrets. Summary Researchers from a French technology company, specialising in blockchain and cryptocurrency ecosystems, published and presented a paper detailing how they managed to dump the whole content of a Hardware Security Module (HSM), manufactured by an undisclosed company. In order to achieve this, they proceeded as follows: 1. They started by using legitimate software development kit (SDK) access to their test HSM to upload a firmware module that would give them a shell inside the HSM. Note: A SDK is typically a set of software development tools that allows for the creation of applications for a certain software package, software framework, hardware platform, or computer system. Note that this SDK access was used to discover the vulnerabilities, but is not necessary to exploit them. 2. They then used the shell to run a fuzzer on the internal implementation of PKCS#11 commands to find reliable, exploitable buffer overflows. Note: PKCS#11 refers to public-key cryptography standards or to a programming interface used to create and manipulate cryptographic tokens.
    [Show full text]
  • Key Management Guide CIO IT Security
    IT Security Procedural Guide: Key Management CIO-IT Security-09-43 Revision 4 April 13, 2020 Office of the Chief Information Security Officer CIO-IT Security-09-43, Revision 4 Key Management VERSION HISTORY/CHANGE RECORD Person Page Change Posting Change Reason for Change Number of Number Change Change Revision 1 – November 19, 2008 1 Eric Additional References to x.509 Response to comments 1,6,16 Hummel Common Framework Revision 2 – February 25, 2016 1 Salamon Updated Policy and NIST references Updated to current versions of Throughout CIO 2100.1, NIST SP 800-53, and NIST SP 800-57 2 Wilson, Updated GSA Logo, formatting, Updated GSA Logo, formatting Throughout Klemens style changes and style. Revision 3 – March 6, 2018 1 Salamon Removed NIST SP 800-21 and NIST SP 800-21 withdrawn, 2, 7, 17 updated Policy references updated to current CIO 2100.1 2 Salamon Updated Procedural Guide links Updated Procedural Guides 8 3 Dean Changes throughout the document Updated to current guide Throughout to correspond with current guide structure, style, and formatting structure and formatting. Revision 4 – April 13, 2020 1 Richards Updated references and minor Scheduled update Throughout language clarifications 2 Salamon Updated Section 2 to include Operational feedback 7 specific requirements for key management 3 Salamon Scope updated in Section 1.2 Operational feedback 3 U.S. General Services Administration CIO-IT Security-09-43, Revision 4 Key Management Approval IT Security Procedural Guide: Key Management, CIO-IT Security-09-43, Revision 4 is hereby approved for distribution. X Bo Berlas Chief Information Security Officer Contact: GSA Office of the Chief Information Security Officer (OCISO), Security Engineering Division (ISE) at [email protected] U.S.
    [Show full text]
  • Foundation Overview February 2014
    OpenPOWER Overview May 2015 Keith Brown Director, IBM Systems Technical Strategy & Product Security [email protected] http://openpowerfoundation.org/ © 2015 OpenPOWER Foundation What is the OpenPOWER Ecosystem? Cloud Software Existing ISV community of 800+ Standard Operating Open Environment Source All major Linux distros (System Mgmt) Software Communities Operating Open sourced Power8 System / KVM firmware stack New OSS Firmware OpenPOWER Resources for porting and Firmware Community optimizing on Hardware OpenPOWER OpenPOWERFoundation.org Technology 2 © 2015 OpenPOWER Foundation A Fast Start for OpenPOWER! The year • Collaborative solutions, standards, and reference designs available • Independent members solutions and systems ahead • Sector growth in technical computing and cloud • Global growth with increasing depth in all layers • Broad adoption across hardware, software, and end users 3 © 2015 OpenPOWER Foundation Fueling an Open Development Community 4 © 2015 OpenPOWER Foundation Critical workloads run on Linux on Power Web, Java Apps and Infrastructure Analytics & Research HPC applications for Life Sciences • Highly threaded • Compute intensive • Throughput oriented • High memory bandwidth • Scale out capable • Floating point • High quality of service • High I/O rates Business Applications Database • High quality of service • Handle peak workloads • Scalability • Scalability • Flexible infrastructure • High quality of service • Large memory footprint • Resiliency and security 5 © 2015 OpenPOWER Foundation IBM, Mellanox, and NVIDIA
    [Show full text]
  • Spoofing a Hardware Security Module
    DEVELOPING AND CONNECTING ISSA CYBERSECURITY LEADERS GLOBALLY Spoofing a Hardware Security Module By Jeff Stapleton – ISSA member, St. Louis Chapter This article compares valid key management techniques using a cryptographic hardware security module (HSM) with commonly used untrustworthy software-based crypto methods that basically spoof the HSM. Two hardware-based techniques are contrasted with three hybrid-based methods. Security issues for the software-based methods are discussed, and an alternative standards- based scheme is introduced. Abstract This article compares valid key management tech- niques using a cryptographic hardware security module (HSM) with commonly used untrustworthy software-based crypto methods that basically spoof the HSM. Software-based cryptography is generally Figure 1 – Hardware cheaper and easier to implement but at higher risk data encryption of key compromise whereas hardware-based cryp- tography has vastly lower risks but at greater costs and com- key encryption. The HSM spoofing problem arises when the plexity. Attempts at combining software-based crypto with data encryption is performed in software but the key man- hardware-based key management often introduces poor key agement is attempted in cryptographic hardware. Three un- management solutions. Two hardware-based techniques are trustworthy key management methods are contrasted with contrasted with three hybrid-based methods. Security issues the valid techniques: faux key, KMIP unwrapped keys, and for the software-based methods are discussed, and an alter- PKCS#12 password based key derivation functions [2]. The se- native standards-based scheme is introduced. curity weaknesses are explained and an alternate method is in- troduced: database encryption key management (DBEKM) [3]. his article compares valid key management tech- Hardware data encryption niques using a cryptographic hardware security mod- ule (HSM) [1] with commonly used untrustworthy The first HSM key management method discussed is cryp- Tmethods that essentially spoof an HSM.
    [Show full text]
  • Trescca D3.2
    Project acronym: TRESCCA Project title: TRustworthy Embedded systems for Secure Cloud Computing Project number: European Commission – 318036 Call identifier: FP7-ICT-2011.1.4 Start date of project: 01 Oct. 2012 Duration: 36 months Document reference number: D3.2 Document title: Secure Hypervisor Version: 1.3 Due date of document: April 2015 Actual submission date: May 2015 Lead beneficiary: VOSYS Participants: Michele PAOLINO, Alvise RIGO, Daniel RAHO, Maria SOLER (VOSYS), Miltos GRAMMATIKAKIS (TEI), Renaud PACALET (TP) Reviewers: Bernhard Katzmarski (OFFIS) Project co-funded by the European Commission within the 7th Framework Programme DISSEMINATION LEVEL PU Public X PCA Public with confidential annex CO Confidential, only for members of the consortium (including Commission Services) Project: TRESCCA Document ref.: D3.2 EC contract: 318036 Document title: Secure Hypervisor Document version: 1.3 Date: May 2015 CONTENTS 1 Introduction 5 1.1 Purpose of the Document . .5 2 The Trusted Compartment 6 2.1 Trusted Compartment Implementation . .6 2.1.1 TrustZone . .6 2.1.2 HSM-NoC . .7 2.2 Security HW accelerators . .7 3 The Trusted Execution Environment (TEE) 9 3.1 Introduction to the Trusted Execution Environment(TEE) . .9 3.2 The GlobalPlatform Standard . 10 3.2.1 The GlobalPlatform TEE API . 11 3.3 The TEE state of the art . 13 3.3.1 Closed Solutions . 13 3.3.2 Open Source Solutions . 14 4 The KVM TEE 16 4.1 The KVM hypervisor . 16 4.2 TEE Implementation and virtualization . 16 4.2.1 Secure World . 17 4.2.2 TEE virtualization . 20 4.3 Features . 20 4.3.1 Isolated Execution .
    [Show full text]
  • Linux and Open Source: the View from IBM
    Linux @ IBM Linux and Open Source: The View From IBM Jim Elliott, Advocate, Strategic Growth Businesses IBM Canada Ltd. ibm.com/vm/devpages/jelliott SHARE Session 9200 February 28, 2005 © 2005 IBM Corporation Linux @ IBM Linux and Open Source: The View from IBM Session 9200 Linux and Open Source are game-changing technologies. Jim will provide a review of Linux and Open Source from IBM's point of view covering: – Overview, Value and Marketplace: A brief update on Linux and Open Source and the value to customers – Usage: How Linux and Open Source are being used by customers today and our view of the future – IBM and Open Source: How IBM is using Open Source software internally and IBM involvement in the Open Source community 2 SHARE Session 9200 February 28, 2005 Linux @ IBM Linux Overview, Value, and Marketplace “Linux will do for applications what the Internet did for networks.” Irving Wladawsky-Berger, IBM LinuxWorld, January 2000 SHARE Session 9200 February 28, 2005 © 2005 IBM Corporation Linux @ IBM Advancing Technology What if … ... everything is connected and intelligent? ... networking and transactions are inexpensive? ... computing power is unlimited? Adoption of Processor Storage Bandwidth Number of Interaction open standards speed networked costs devices 4 SHARE Session 9200 February 28, 2005 Linux @ IBM The road to On Demand is via Open Computing Open Source Open Architecture Open Standards 5 SHARE Session 9200 February 28, 2005 Linux @ IBM Open Source Software www.opensource.org What is Open Source? – Community develops, debugs, maintains – “Survival of the fittest” – peer review – Generally high quality, high performance software – Superior security – on par with other UNIXes Why does IBM consider Open Source important? – Can be a major source of innovation – Community approach – Good approach to developing emerging standards – Enterprise customers are asking for it 6 SHARE Session 9200 February 28, 2005 Linux @ IBM Freedom of Choice “Free software is a matter of liberty, not price.
    [Show full text]
  • Comptia Security+ SY0-301 Authorized Exam Cram, Third Edition
    ptg999 CompTIA® Security+™ SY0-301 ptg999 Third Edition Diane Barrett, Kalani K. Hausman, and Martin Weiss CompTIA Security+™ SY0-301 Authorized Exam Cram, Third Edition Associate Copyright © 2012 by Pearson Education, Inc. Publisher All rights reserved. No part of this book shall be reproduced, stored in a David Dusthimer retrieval system, or transmitted by any means, electronic, mechanical, pho- Acquisitions tocopying, recording, or otherwise, without written permission from the pub- Editor lisher. No patent liability is assumed with respect to the use of the informa- tion contained herein. Although every precaution has been taken in the Betsy Brown preparation of this book, the publisher and author assume no responsibility Development for errors or omissions. Nor is any liability assumed for damages resulting Editor from the use of the information contained herein. Andrew Cupp ISBN-13: 978-0-7897-4829-4 ISBN-10: 0-7897-4829-0 Managing Editor Library of Congress Cataloging-in-Publication data is on file. Sandra Schroeder Project Editor Printed in the United States of America Mandie Frank First Printing: December 2011 Copy Editor 14 13 12 11 4 3 2 1 Charlotte Kughen, Trademarks The Wordsmithery All terms mentioned in this book that are known to be trademarks or service LLC marks have been appropriately capitalized. Que Publishing All terms men- tioned in this book that are known to be trademarks or service marks have Indexer been appropriately capitalized. Pearson IT Certification cannot attest to the Tim Wright accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.
    [Show full text]
  • Hardware-Enabled Security: 3 Enabling a Layered Approach to Platform Security for Cloud 4 and Edge Computing Use Cases
    1 Draft NISTIR 8320 2 Hardware-Enabled Security: 3 Enabling a Layered Approach to Platform Security for Cloud 4 and Edge Computing Use Cases 5 6 Michael Bartock 7 Murugiah Souppaya 8 Ryan Savino 9 Tim Knoll 10 Uttam Shetty 11 Mourad Cherfaoui 12 Raghu Yeluri 13 Akash Malhotra 14 Karen Scarfone 15 16 17 18 This publication is available free of charge from: 19 https://doi.org/10.6028/NIST.IR.8320-draft 20 21 22 23 Draft NISTIR 8320 24 Hardware-Enabled Security: 25 Enabling a Layered Approach to Platform Security for Cloud 26 and Edge Computing Use Cases 27 Michael Bartock 28 Murugiah Souppaya 29 Computer Security Division 30 Information Technology Laboratory 31 32 Ryan Savino 33 Tim Knoll 34 Uttam Shetty 35 Mourad Cherfaoui 36 Raghu Yeluri 37 Intel Data Platforms Group 38 Santa Clara, CA 39 40 Akash Malhotra 41 AMD Product Security and Strategy Group 42 Austin, TX 43 44 Karen Scarfone 45 Scarfone Cybersecurity 46 Clifton, VA 47 48 49 50 May 2021 51 52 53 54 U.S. Department of Commerce 55 Gina Raimondo, Secretary 56 57 National Institute of Standards and Technology 58 James K. Olthoff, Performing the Non-Exclusive Functions and Duties of the Under Secretary of Commerce 59 for Standards and Technology & Director, National Institute of Standards and Technology 60 National Institute of Standards and Technology Interagency or Internal Report 8320 61 58 pages (May 2021) 62 This publication is available free of charge from: 63 https://doi.org/10.6028/NIST.IR.8320-draft 64 Certain commercial entities, equipment, or materials may be identified in this document in order to describe an 65 experimental procedure or concept adequately.
    [Show full text]