Intel CTO: ultra-secure chips, trusted programming coming mid-decade

14 Oct 2011

Intel's chief technology officer Justin Rattner

Intel chief technology officer Justin Rattner told the chip giant is working on ultra-secure hardware that will make trusted programming a reality and which may debut in the next three to four year. “You can melt down these chips, they will never give up their secrets.”

Rattner was in Ireland this week to attend the Intel European Research and Innovation conference at the chip giant’s manufacturing campus in Leixlip, where the company has decided to locate its new Energy and Sustainability Lab.

He also attended the fifth anniversary of the Innovation Value Institute (IVI) spearheaded by the director of Intel Labs Europe Martin Curley. The NUI Maynooth-based IVI has developed the IT-CMF framework, a sort of MBA for CIOs, with major corporations BP, Microsoft, Chevron, SAP, Cisco, Fujitsu and Merck. So far, the IVI has trained more than 500 CIOs worldwide and has helped them to achieve, on average, a 25pc improvement in IT capability (Intel), a 10pc reduction in spend (Intel), an 8pc saving in operating budget (Merck), a 96pc reduction in set-up time for new servers (Axa-Tech) and 20pc reduction global travel budget (Mainstream Renewables).

Speaking with, Rattner said the priorities of CIOs today are being rocked by trends like cloud computing and, in particular, the consumerisation of IT.

“I think IT is facing enormous challenges because the technology is moving so quickly. Consumerisation of technology is creating demands for the IT organisation that perhaps in the past they were able to keep at bay but which are almost impossible now.”

He elaborated: “The CEO walks up to the CIO and says, ‘I want to use my iPad as part of my business’. The CIO can mention the security issues, the connectivity issues and compatibility issues. But the CEO will just shrug and say, ‘that’s just technical stuff, figure it out because I’m bringing my iPad to the office and I’ll want to see my business dashboards, revenue picture and factory performance.’

“The successful CIO will be the one who is always thinking ahead about an orderly process for accommodating these new technologies in an orderly fashion. It’s something you can say no to or simply adapt.

“I think at Intel we’ve come a long way in that respect and maybe that was helped by the fact that Apple moved to Intel with the Macintosh product line.”

Rattner said Intel had to quickly figure out how to integrate the Mac OS into its environment. “A lot of work was done and because we knew it was coming we were able to anticipate.

“But we couldn’t anticipate the phone or the pad and I think basically the iPhone drove a much more rigorous process for us, which was not about arguing why the devices couldn’t be brought into the IT environment but in fact saying yes and having a methodical process in place for bringing them in.”

Rattner as CTO of Intel was privileged to be involved in the first pilots of the iPhone before it was issued to the public almost four years ago and revealed the Mail application nearly didn’t make it onto the first iPhone. “I was on the first pilot and at the time they couldn’t integrate Mail and because I was at regular meetings with Apple. I asked them about what they were doing with email and particularly corporate email.

“They had not addressed the enterprise environment in the first pilot and when they started the second pilot I asked them one question – do you mean to integrate corporate email – otherwise I wasn’t doing another pilot. By the third pilot they told me they had Exchange integration.”

The era of trusted programming is about to begin

I asked Rattner if he believed the technology world was full of such near misses. “Absolutely, but I think technology is going to come to the aid of the IT department in bringing technologies like virtualisation to all of these platforms, such as Mac, and allows for Windows and Mac OS to co-exist, but this is not in the devices yet, but that’s going to be another very powerful tool and will also be the basis for enhanced security.

“We’ve concluded that it’s not possible to deliver secure systems these days without moving the fundamental protection mechanisms in the hardware. It is too easy to compromise the operating system and now people are engineering attacks on the virtual machine monitors, like hypervisors. You’ve got to be below it all and assume that just about everything in the stack has been compromised.

“Only when you accept that, then you can engineer solutions.”

At the recent Intel Developer Forum, Intel revealed McAfee DeepSAFE technology, which it believes will help fundamentally change and reshape the security industry by combining the power of hardware and software to create much more sophisticated ways to prevent attacks.

“Security is a multi-dimensional problem. The first step we are taking is elevating malware defence to a whole new level. DeepSAFE does not require signatures, for example. It bases decisions on behavioural analysis in real-time and when programmes behave in certain ways, it can detect a change in behaviour and take the appropriate steps,” Rattner said.

Rattner said it is far too easy for cyber attackers to find their way around the security perimeter. “You can take a highly illegal attack like Stuxnet, do a little bit of amateur work and give it a whole new signature and it will ride by any software.

“With the new technology, we are working on the hardware and software immediately detects something is afoot and you can stop it or you can sandbox it and watch how it behaves and find out what it is up to. Is it going after my documents or is it keylogging, what exactly do I have here?”

Another issue he asked is how do we make it possible to allow programmers and app creators to routinely write trusted programmes? “We’re convinced you have to do that at the hardware level. I want to build hardware that will take secrets to the grave. You can melt that chip but it will never give up its secrets.”

Rattner said he expects the new hardware technology to appear in the next three to four years.

“Even if the operating system is compromised, if the middleware is compromised, whatever, those secrets will never be revealed. They will literally be cryptographically sealed on the hardware.

“DeepSAFE is available now and the products from McAfee and others will be coming. I think the trusted programming capability will be more like mid-decade,” Rattner said.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years