Embed Size (px)
DESCRIPTION
Citation preview
INTEL CONFIDENTIAL 1
Building Trust and Security for
Taiwan Stock Exchange's Cloud
Infrastructure with
Intel® Trusted Execution Technology (TXT)
KH Li APAC Solution Architect
Enterprise Solution Sales, Intel Corp
Email: [email protected]
INTEL CONFIDENTIAL 2
Taiwan Stock Exchange (TWSE) Introduction
• Established on October 23rd, 1961
• Matching system : FAST (Fully Automated Securities Trading)
since May 3rd,1993
• Listed Securities : Stock, TDR, Warrant, Bond, ETF,…
• Trading information:
• Max Order Transaction : 5,433,362.
• Max Match Transaction : 2,087,695.
• Max Value : NT$ 326,462,532,039 (~US$10.88B)
• Official website: http://www.twse.com.tw
INTEL CONFIDENTIAL 3
TWSE Business and Technical Requirements
Cloud infrastructure needs to provide secured systems and
trusted compute environments, including
Greater visibility into the security states of the hardware platforms (root
of trust and platform attestations)
Production of automated and standardized reports on the configuration
of the physical and virtual infrastructure
Controls based on the physical location of the server and location of the
virtual machines (VMs) for the migration of these VMs onto acceptable
servers, per specified policy
Collection of measured evidence that services infrastructure complies
with security policies and regulated data standards
INTEL CONFIDENTIAL 4
Internet
Trusted Launch –
Verified platform
integrity
Trusted Pools
Compliance Support – enhancing
audit-ability of cloud environment
Trust and Security Use Models: Protection, Visibility and Control
1
2
3
Control VMs based on platform
trust (and more) to better protect
data
Hardware enforced detection of
launch components —reduces
malware threat
Hardware support for compliance
reporting
1
2
3
Intel TXT- Addressing Trust & Compliance
INTEL CONFIDENTIAL 5
TWSE TXT POC System Configuration
INTEL CONFIDENTIAL 6
Use Cases: Addressing Trust & Compliance
Measured Boot & Attestation
Tru
st
Level:
M
easure
d
Hypervisor
VM VM
Non-TXT Platform
Hypervisor
VM VM
TXT Platform Tru
st
Level:
U
nknow
n
Trustable Pools & Secure Migration
Hypervisor
VM VM
Non-TXT Platform
Hypervisor
VM VM
TXT
Platform
Hypervisor
VM VM
TXT Platform
Config Mgmt
Policy Enforce
Engine Audit & Report
SW Services Mgmt SW
Audit /Compliance Reporting
Hypervisor
VM VM
TXT Platform
1 2
3
INTEL CONFIDENTIAL 7
POC Results
http://www.intel.com/content/dam/www/public/us/en/documents/white-papers/cloud-computing-txt-xeon-twse-whitepaper.pdf
