Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud Security //

Google

// // //
8/25/2017
04:33 PM
Simon Marshall
Simon Marshall
Simon Marshall

Google: Big Cloud, Tiny Titan Chip

Google develops a tiny chip to close a big security hole before it opens. Is there a tiny Titan in your future, too?

If you take a slice through Google's Cloud Platform, you'll see Google-designed components everywhere. Google hardware, Google-controlled firmware stack, Google-curated OS images, a Google-hardened hypervisor, coupled with an intimidating physical presence at its data centers. Google is so concerned about security that it likes to build its own kit.

This self-sufficiency ethos was reinforced as it unveiled the technical detail behind its new Titan security chip. Google is talking about this now, even though the chip was launched earlier this year, because the chip has spent some time in the wild in Google data centers and the results are promising.

Google is aiming big with its tiny chip; it's designed to close hardware security back doors before they're even opened. If the chip finds something anomalous, it won't even let the hardware boot. That approach seems like a sledgehammer, but it's designed to defeat strong, evolving exploits from nation states.

"That level of adversaries certainly have an incentive to hack or to have influence over the security of hardware," said Dan Cornell, principal at Denim Group, a firm that builds secure systems for technology companies. According to Cornell, the chip-led approach is timely as nation states gear up for cyberwar.

Titan is a secure, low-power microcontroller created to ensure that systems always boot from the last known good state. Using verifiable code, Titan establishes the hardware root of trust for cryptographic operations in Google's data centers by verifying the firmware/software stack before booting -- allowing or disallowing access to network resources based on the result. If there's been a hardware/firmware tamper, the system just isn't allowed to wake up.

This is particularly effective in countering a new crop of firmware attacks, which, for example, target rewritable firmware chips such as a BIOS chip or hard drive controller. While BIOS manufacturers are addressing this problem, Google has gone a step further and designed an approach that pulls the power plug before anything even comes on line. Titan boots its own firmware first, and only then allows the host firmware to boot.

The chip is another building block in Google's attempt to punch-up its security creadentials and try to narrow the gap with leaders AWS and Microsoft Azure. However, Google was quick to stress that the chip is only one component of its all-round security in the cloud. Certainly, Google does not expect the chip to be the main money-spinner.

"We're not pinning our hopes on this as (a separate) investment. The most important thing to note is that Titan is one piece of the puzzle, and Google Cloud delivers end-to-end security," said a Google spokesperson.


You're invited to attend Light Reading's 11th annual Future of Cable Business Services event. Join us in New York on November 30 for the premier independent conference focusing on the cable industry's continuing efforts in the commercial services market -- all cable operators and other communications service providers get in free.

Google declined to respond to questions related to the total cost to develop Titan, or whether it would consider licensing or selling the technology to other companies.

Simon Marshall has worked within and around the telecom and IT industries for 21 years. Simon cut his teeth as editor-at-large at totaltelecom.com in the late Nineties, drove strategic communication and product marketing plans for Qualcomm, Neustar and Redknee during the Noughties, and lives today as a technical consultant, active tech news junky and content underwriter at Security Now.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36610
PUBLISHED: 2022-12-08
A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of ...
CVE-2022-4350
PUBLISHED: 2022-12-08
A vulnerability, which was classified as problematic, was found in Mingsoft MCMS 5.2.8. Affected is an unknown function of the file search.do. The manipulation of the argument content_title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to...
CVE-2022-4353
PUBLISHED: 2022-12-08
A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this vulnerability is the function IpUtil.getIpAddr. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. ...
CVE-2022-4354
PUBLISHED: 2022-12-08
A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been ...
CVE-2020-36609
PUBLISHED: 2022-12-08
A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to init...