Advancing Life & Work

Security steps up at the upcoming HPE Discover conference

components (Custom).png

By Curt Hopkins, Managing Editor, Hewlett Packard Labs

Security is taking center stage at the upcoming HPE Discover in Madrid. Or rather, it is taking prominent space in the Transformation Showcase area on the conference floor this year.

Together, the System Authentication and Intrusion Detection demos will provide a lifecycle security process that will run from manufacture to installation into chassis or enclosure to system initialization to runtime to component decommissioning.

System Authentication

The System Authentication will provide a process to authenticate and protect every component from memory modules to network interface cards.

According to Labs Distinguished Technologist Nigel Edwards, HPE is working with industry partners in various standards consortia including Gen-Z Consortium to create a process whereby every component will have a unique public/private key associated with it as part of the manufacturing process. Each manufacturer will issue their products with certificates which can be checked at any point in the supply chain and over the lifetime of the component. This will also extend to authenticating firmware.

“This will make sure that the chassis only contains what the customer expects and has paid for,” says Edwards. This process was proven with a USB certification process in 2017 and will now be driven into the entire machine by, among others, the Desk Top Management Forum (DMTF) and Gen-Z. The full-lifecycle process should be operational in early 2020s.

The demo itself will combine example components, animations, and specialists on hand to explain the system.

Intrusion Detection

The Intrusion Detection system demo shows how HPE extends security further, by providing real-time protection for running operating systems. Given that cybercrime will cost $6 trillion worldwide by 2021, Labs has prioritized the creation of a system that scans for negative changes to the kernel during system operation.

“We’re monitoring the integrity of the OS, but we’re doing it from outside main processor,” says Edwards. Labs has attached a scanning engine to the HPE integrated lights out (ILO) management processor. This device can check the integrity of the kernel while remaining invisible to the main processor and OS, and therefore the bad actor. When and if the ILO discerns a change to the OS, it sends out an alert.

The Intrusion Detection demo will actually consist of a live attack on an OS. Attendees can see the system respond and alert in real time.

Security as measurement

The Hewlett Packard Labs approach to cybersecurity is a metrical one. Instead of looking, as traditional computer security tools usually do, for specific attack signatures, Labs has focused on measurement and verification.

In so doing, Intrusion Detection and Component Authorization can make certain that no component has been compromised and no unauthorized changes have been made to the OS, regardless of type or style. It is a true full-lifecycle approach to security.

0 Kudos
About the Author


Managing Editor, Hewlett Packard Labs