Data breaches are costing companies millions across the globe, and they’re only getting worse.
According to a breakdown of IBM’s 13th annual Cost of Data Breach survey, “the total cost, per-capita cost, and average size of a data breach (by number of records lost or stolen) have all increased year over year.” Worldwide, data breaches cost companies $3.86 million on average in 2018, with that number jumping to about $8 million/company when we control for the US.
As businesses begin to feel the pain of these attacks, they’ll logically begin to look for ways to protect their data. This presents device makers with an opportunity to gain a competitive advantage if they can guarantee information integrity and confidentiality to the businesses they supply.
Encryption is an important piece to solving this problem, but as we discussed in our blog on building more secure processors, encryption alone cannot truly secure your data.
While, in theory, data that is correctly encrypted is useless to someone who is not in possession of the necessary decryption key, determined attackers can still attempt to exfiltrate data by bypassing encryption routines.
In the normal course of computing, there are three main steps in the encryption/decryption data flow:
Data is sent to a machine encrypted.
Data is decrypted and processed on the machine.
Data is re-encrypted and sent to another machine or storage.
In many cases, an attacker will attempt to exploit a software vulnerability to subvert Step 2 and send decrypted data over the network—skipping Step 3 entirely, proving encryption is not enough.
In order for encryption to work properly, an application developer needs to know which data is confidential, and then declare specific variables and memory locations as “confidential.” CoreGuard’s Taint Tracking Micropolicy goes a step beyond this and tracks those confidential distinctions with its micropolicy metadata.
At the highest level, the Taint Tracking Micropolicy defines that confidential data must never be stored on disk or sent across a network as plaintext. Additionally, if confidential data is combined in anyway way with non-confidential data, then the resulting data must also be considered confidential—or “tainted.”
With that in mind, let’s suppose we consider someone’s age to be a confidential piece of data, and suppose a birthdate is included in the individual’s personnel file. Today’s date is, of course, public data and not considered confidential.
In this scenario, the job of the Taint Tracking Micropolicy is to prevent a combination of these two pieces of data from delivering an unencrypted result that can be used to determine the person’s age.
CoreGuard does this by enforcing a micropolicy rule stating that if an instruction performs computation of both confidential and non-confidential data, then the result (“age” in this case) is “tainted” and therefore also marked as confidential. This makes it impossible for the processor to execute an instruction which tells it to subtract today’s date (public) from the person’s birthdate (confidential).
And CoreGuard’s Taint Tracking Micropolicy goes even further in providing data protection by ensuring tainted data cannot leave a system without first being encrypted.
CoreGuard accomplishes this by tracking locations in memory that correspond to writing data to the network (memory-mapped IO), and then prohibits writing tainted data to those locations. To prepare tainted data for export, CoreGuard uses the Trusted Platform Module’s encryption routine to remove the taint from the data. This ensures that only this trusted routine can remove taint, thus ensuring that only authorized individuals who possess the appropriate decryption key can see the confidential data.
Together, encryption and CoreGuard can be a powerful tool that provides both a guarantee of information integrity and confidentiality. Or, put more simply, it’s the only way to provide the kind of next-level data protection that businesses today are so desperately craving.
To learn more about CoreGuard, its micropolicies, and how they can be leveraged to provide better data protection, request a demo today.