New "work" for GPUs: GPU will protect against virus attacks
Last month, Intel announced that it was going to redesign its processors at the silicon level to eliminate Specter and Meltdown vulnerabilities.
However, the work of the company to increase the security of the systems did not end there. Recently it became known that the IT giant is going to introduce technologies that will deal with virus threats at the hardware level.
These are Accelerated Memory Scanning and Advanced Platform Telemetry systems. Read more about the innovations below.
')
/ Flickr / Intel Free Press / CC
The first solution - Accelerated Memory Scanning - will shift the task of detecting attacks to memory on an integrated GPU. Currently, CPU power is used for this purpose, which reduces the overall system performance. Delegating the task will remove some of the load from the CPU (the company reports a decrease from 20 to 2%), which will lead to an improvement in system performance and a reduction in energy consumption.
The company notes that when the malicious code lies on the hard disk, it can be “obfuscated”, or simply encrypted. When it gets into RAM, it becomes easier to detect. At least in theory .
Memory scanning for signs of malicious code is regulated by the Intel driver and works in the ring of user programs (ring 3). However, the solution capabilities can be extended to the core level (ring 0). Scan intensity can be changed depending on the busy GPU. For example, if a video game is running, scanning may be postponed or assigned exclusively to the free cores of the graphics processor.
Reddit users say that, in general, this decision should have a positive impact on system performance during games or working with powerful graphic editors. Since the released CPU resources can be directed to other tasks, instead of scanning for viruses.
Intel Accelerated Memory Scanning has already enlisted the support of Microsoft. The technology will be implemented in Microsoft Windows Defender ATP (Advanced Threat Protection). Intel also plans to work with antivirus developers.
One of the residents of Reddit, in response to the news, also noted that they had used the power of graphic processors in Kaspersky Lab - several years ago the company accelerated the operation of the anti-virus system using the GPU from Nvidia. The company noted that then they managed to increase productivity by more than 300 times.
When the antivirus detected a suspicious file or document, in the “harmfulness” of which there was no 100% certainty, it uploaded it to the servers of the “Lab”. There the file was compared with 50 million other files and programs. Special algorithms for detecting viruses and spam determined the level of danger, and then the system informed the client’s computer what actions to take.
/ Flickr / dieter r / cc
Another security solution introduced by Intel is called Advanced Platform Telemetry. It combines telemetry tracking tools and cloud-based machine learning. The company says that the system will improve the accuracy of detecting advanced threats.
Instead of analyzing events occurring at the operating system level, Intel's solution will use integrated processor performance counters to track its unusual behavior. For example, Specter’s attack can trigger a series of erroneous branch predictions. Data on the number of errors will be sent to cloud solutions that will give an assessment of the "health" of the system.
The first company to introduce new tools will be Cisco. Advanced Platform Telemetry support will be added to the Cisco Tetration platform, which improves data center security and performance. The platform collects data on the IT infrastructure through software and hardware sensors, allowing you to record deviations in the system.
Intel plans to integrate its previously mentioned security solutions under the common name Intel Security Essentials. The “kit” will also include AES-NI and SGX instruction sets. AES-NI is responsible for accelerated encryption, and SGX is used by applications to isolate private areas of code and data. Also, Intel Security Essential will include Platform Firmware Resistance technology that provides firmware protection. Security Essentials will be supported by Core, Xeon and Atom processors.
However, the work of the company to increase the security of the systems did not end there. Recently it became known that the IT giant is going to introduce technologies that will deal with virus threats at the hardware level.
These are Accelerated Memory Scanning and Advanced Platform Telemetry systems. Read more about the innovations below.
')
/ Flickr / Intel Free Press / CC
GPU will help in the search for viruses
The first solution - Accelerated Memory Scanning - will shift the task of detecting attacks to memory on an integrated GPU. Currently, CPU power is used for this purpose, which reduces the overall system performance. Delegating the task will remove some of the load from the CPU (the company reports a decrease from 20 to 2%), which will lead to an improvement in system performance and a reduction in energy consumption.
The company notes that when the malicious code lies on the hard disk, it can be “obfuscated”, or simply encrypted. When it gets into RAM, it becomes easier to detect. At least in theory .
Memory scanning for signs of malicious code is regulated by the Intel driver and works in the ring of user programs (ring 3). However, the solution capabilities can be extended to the core level (ring 0). Scan intensity can be changed depending on the busy GPU. For example, if a video game is running, scanning may be postponed or assigned exclusively to the free cores of the graphics processor.
Reddit users say that, in general, this decision should have a positive impact on system performance during games or working with powerful graphic editors. Since the released CPU resources can be directed to other tasks, instead of scanning for viruses.
Intel Accelerated Memory Scanning has already enlisted the support of Microsoft. The technology will be implemented in Microsoft Windows Defender ATP (Advanced Threat Protection). Intel also plans to work with antivirus developers.
One of the residents of Reddit, in response to the news, also noted that they had used the power of graphic processors in Kaspersky Lab - several years ago the company accelerated the operation of the anti-virus system using the GPU from Nvidia. The company noted that then they managed to increase productivity by more than 300 times.
When the antivirus detected a suspicious file or document, in the “harmfulness” of which there was no 100% certainty, it uploaded it to the servers of the “Lab”. There the file was compared with 50 million other files and programs. Special algorithms for detecting viruses and spam determined the level of danger, and then the system informed the client’s computer what actions to take.
/ Flickr / dieter r / cc
Machine learning to track telemetry
Another security solution introduced by Intel is called Advanced Platform Telemetry. It combines telemetry tracking tools and cloud-based machine learning. The company says that the system will improve the accuracy of detecting advanced threats.
Instead of analyzing events occurring at the operating system level, Intel's solution will use integrated processor performance counters to track its unusual behavior. For example, Specter’s attack can trigger a series of erroneous branch predictions. Data on the number of errors will be sent to cloud solutions that will give an assessment of the "health" of the system.
The first company to introduce new tools will be Cisco. Advanced Platform Telemetry support will be added to the Cisco Tetration platform, which improves data center security and performance. The platform collects data on the IT infrastructure through software and hardware sensors, allowing you to record deviations in the system.
Intel plans to integrate its previously mentioned security solutions under the common name Intel Security Essentials. The “kit” will also include AES-NI and SGX instruction sets. AES-NI is responsible for accelerated encryption, and SGX is used by applications to isolate private areas of code and data. Also, Intel Security Essential will include Platform Firmware Resistance technology that provides firmware protection. Security Essentials will be supported by Core, Xeon and Atom processors.
Some materials from our corporate blog:
Source: https://habr.com/ru/post/354526/
All Articles