Sponsored By

Microsoft Looks to Secure Clouds With 'Project Cerberus'

Microsoft's latest Open Compute Project offering is called 'Project Cerberus,' and looks to make clouds more secure by protecting the firmware of cloud servers.

Scott Ferguson

November 9, 2017

3 Min Read
Microsoft Looks to Secure Clouds With 'Project Cerberus'

Microsoft is looking to make cloud infrastructure safer at the hardware level with a new offering called "Project Cerberus," which is the company's latest contribution to the Open Compute Project (OCP).

Company engineers unveiled Cerberus at Zettastructure, the European digital infrastructure conference, which is taking place this week in London. This latest OCP project piggybacks on Microsoft's "Project Olympus," a set of open source hardware designs for hyperscale cloud, which Redmond announced last year.

With Cerberus, Microsoft is looking to protect the firmware of servers that help create the backbone of any cloud infrastructure. If an attacker, whether it's someone from inside the business or someone hacking in from the outside, can access and then take control of the firmware of a server, they can then burrow deep into the data center itself, gaining access to almost any data within the cloud infrastructure.

The goal here is to harden the server firmware against these types of attacks by adding layers of trust and verification into the hardware itself.

Figure 1: Microsoft is now a mythical, cloud guard dog. (Source: Wikipedia) Microsoft is now a mythical, cloud guard dog.
(Source: Wikipedia)

In a November 8 blog post, Kushagra Vaid, the general manager of Azure Hardware Infrastructure, writes that Cerberus provides a hardware "root of trust" for the firmware that is installed on the motherboard of a server -- this includes the BIOS and other components -- as well as any peripheral I/O devices that are connected. It then enforces strict access control and integrity verification starting at pre-boot and continuing through the runtime procedure.

Vaid added:

Project Cerberus consists of a cryptographic microcontroller running secure code which intercepts accesses from the host to flash over the SPI [Serial Peripheral Interface] bus (where firmware is stored), so it can continuously measure and attest these accesses to ensure firmware integrity and hence protect against unauthorized access and malicious updates. This enables robust pre-boot, boot-time and runtime integrity for all the firmware components in the system.

Microsoft designed Cerberus to be CPU and I/O agnostic, so it can be adapted to different hardware designs over time.

Keep up with the latest enterprise cloud news and insights. Sign up for the weekly Enterprise Cloud News newsletter.

In addition, it's compliant with National Institute of Standards and Technology (NIST) 800-193 guidelines.

The Project Cerberus specifications are still being drafted, so it's not clear when it will be available, although Vaid notes that Microsoft plans to open source the specs once they are complete. The company is also working with Intel on implementing the technology into firmware.

Besides the Cerberus announcement, Vaid noted that the Project Olympus designs are now being deployed through Microsoft's Azure public cloud and are supporting the company's Fv2 virtual machines. Additionally, Redmond announced that commercial offerings based on the Olympus designs are now offered through Wiwynn and ZT Systems, with more providers on the way.

Related posts:

— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.

About the Author(s)

Scott Ferguson

Managing Editor, Light Reading

Prior to joining Enterprise Cloud News, he was director of audience development for InformationWeek, where he oversaw the publications' newsletters, editorial content, email and content marketing initiatives. Before that, he served as editor-in-chief of eWEEK, overseeing both the website and the print edition of the magazine. For more than a decade, Scott has covered the IT enterprise industry with a focus on cloud computing, datacenter technologies, virtualization, IoT and microprocessors, as well as PCs and mobile. Before covering tech, he was a staff writer at the Asbury Park Press and the Herald News, both located in New Jersey. Scott has degrees in journalism and history from William Paterson University, and is based in Greater New York.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like