By Joris Evers, 25 July 2005 08:45
NEWS The Trusted Computing Group (TCG) has released a specification for servers with a special security chip, which the industry group says will better protect data and transactions.
At the heart of the blueprint for "trusted servers" is the Trusted Platform Module (TPM), a chip that stores digital keys, certificates and passwords. The TPM is already used in PCs. More than 15 million "trusted clients" have been shipped by PC makers such as Dell and HP, according to TCG.
Computers with the security chip can wall off data, secure communications and identify systems belonging to the company or to business partners.
Servers that are built following the group's specifications will be less prone to attack, Brian Berger, chairman of the TCG's marketing working group, said in an interview. Critical data can be protected by hardware-based security, not by often-attacked and vulnerable software, he said.
"We are all aware of software issues with worms, viruses and vulnerabilities. Critical information is now protected by hardware that has very strong protection against access," Berger said. "Software vulnerabilities are really not seen in a hardware protection environment."
The TCG specification (PDF), released early this week, is available free to hardware makers. The trusted server blueprint supports a variety of processor architectures and various form factors. The first servers built according to the specification should be available by the year's end, according to TCG.
TCG members include server makers such as Dell, HP, IBM and Sun Microsystems.
Joris Evers writes for CNET News.com
Comments
There is 1 comment. Join the discussion
1. Joe Whitehead
Digital logic is just software converted to transistors instead of a script. If the firmware can be considered a combination of the hardware and hidden interfaces to non-networked (off the main bus) memory then it should be very good. The problem is that software and hardware are only seemingly two seperate entities. If software has the problems of deliberate corruption of incoming data then so will the hardware.
Imagine a scenario where the data coming into a process (hardware or hardware+software) forces the machine into undefined states. This is another way of saying "buffer overrun attack" but in a more mathematical language.
While overriding ROMs and logic array devices (PALs/etc) is not practical using a buffer exploit, there is the possiblity of exploits unique to firmware that will exist. Only time will tell.