Notebookcheck
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 
Powered by AMD RyzenTM PRO | Full-stack, multilayered security features for a changing world

How secure processors help protect confidential data

Companies have to seal off software and operating systems from attackers. But that alone is not enough, because software protection can be bypassed. An additional, hardware-based security level enables a more comprehensive level of protection for the entire system. AMD integrates appropriate technologies in its PRO processors and thus creates a security solution with several levels. Sponsored article.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! English native speakers welcome!

News Writer - Details here

, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Companies are constantly under attack from cyberattackers. According to the eco Association of the Internet Industry, a fifth of German companies had at least one serious security incident in the past year. The Federal Office for Information Security (BSI) describes the IT security situation as "tense".

No wonder: Cyber criminals are constantly using new complex and sophisticated attack patterns and malware to attack IT infrastructures and access sensitive company data. But it's not just about software and operating systems. Increasingly, hackers are also targeting hardware and firmware. They exploit vulnerabilities to manipulate the firmware or to read data that the computer is processing in the system memory. This includes passwords, character strings used for encryption or other access codes. With this, the hackers can simply log into the system and access stored data. Encryption of the hard disk or other software-based protection mechanisms are thus nullified.

More security through hardware and software-based protective measures

Hardware-based security features are therefore increasingly complementing the existing software-based defense measures. A combination of both protection levels, which complement each other and protect the system from complex and dynamic attacks, is ideal. The goal: to secure the data on the computers of companies and users.

AMD has developed its "Zen" architecture for special security mechanisms: These should protect user data and at the same time ensure high performance. The architecture is the basis of the manufacturer's Ryzen™ and EPYC processors, which are found in PCs, workstations, and servers, among other things.

Every AMD processor has an integrated security technology: In addition to the actual architecture, a dedicated hardware security chip also works in it. This AMD Secure Processor (ASP) has several advantages:

  • Hardware-based security can isolate critical processes and data in order to better protect the entire platform - including against attacks on the firmware.
  • The processor with security functions can authenticate the firmware loaded at startup. Manipulated or incorrect firmware is then prevented from executing or access is denied.
  • Only when the firmware and BIOS have been authenticated does the processor transfer BIOS control to the operating system. Each layer of the security infrastructure complements the next, which increases the level of protection.
Secure and fast: AMD Ryzen Pro
Secure and fast: AMD Ryzen Pro

AMD develops its features at the silicon and firmware level together with manufacturers of hardware and operating systems. The respective protective measures at different levels can thus interlock. This enables security functions at enterprise level or secured core PCs, i.e. a Windows 10 device with the highest hardware, software and identity protection.

The AMD Shadow Stack is also integrated into the architecture of the powerful PRO processors of the Ryzen 5000 series. This is a hardware-supported defense against so-called control flow attacks - i.e. certain malware attacks directly on the CPU.

The risk of cold start attacks for the system data

But the stored data is not only threatened by the Internet. In the US alone, a laptop is stolen every 53 seconds. Employees can also lose devices or intruders can enter the company building. The problem: computers are often not switched off completely, but remain in standby mode. They are then ready for use again in a few seconds, including all previously opened programs and documents.

While this is easy to use and convenient, it poses a security risk. Because when a user logs in, a lot of important system information is stored unencrypted in the DRAM. A physical attacker can freeze this memory, reset the system, bypass the erase functions and then read out the DRAM contents.

Such a cold start attack cannot be prevented by security mechanisms such as encryption of the hard disk. One way to protect yourself is to shut down your computer completely. However, this annoys employees and slows down productivity because booting takes time. But there is another way to prevent such attacks and thus protect data.

, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

The encrypted system memory prevents access

Comprehensive protection at chip level
Comprehensive protection at chip level

All AMD Ryzen PRO processors bring an additional layer of protection for the computer. The integrated safety coprocessor ASP forms the basis for the AMD Memory Guard. This is an additional layer of encryption that encodes the system memory. This happens directly in the memory controllers on the chip and with the help of a random key. In this way, attackers cannot read out the system memory and gain access to passwords or other access data.

With the AMD Memory Guard, physical cold start attacks, DRAM interface snooping and similar attacks can be fended off. At the same time, users can comfortably use the computers because they do not have to be shut down. The AMD Memory Guard is transparent for the operating system and applications and can therefore be installed and used on any system.

Conclusion

With its multi-layered security approach, AMD Ryzen PRO processors protect sensitive data on company computers from attackers from the Internet and on-site. This also reduces downtime - and ultimately lowers operating costs.

Different protection levels interlock - software and hardware based
Different protection levels interlock - software and hardware based



Powered by AMD RyzenTM PRO | Full-stack, multilayered security features for a changing world
J. Simon Leitner
Editor of the original article: J. Simon Leitner - Founder, COO - 737 articles published on Notebookcheck since 2005
I am one of the founders of Notebookcheck, which I dedicated myself with after my studies at the Vienna Technical University were completed. Notebookcheck has now become an internationally active online medium that is published in 14 languages. Computers have been an integral part of my daily activities since the time of the Commodore C64 and Atari 1040ST. Besides new technologies such as electric mobility and environmental technology, I am also interested in architecture and construction engineering.
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > Contact > How secure processors help protect confidential data
J. Simon Leitner (Update: 2021-06-28)