HP execs: Securing the future for IT systems

IT professionals are desperate to build a robust infrastructure, free from the threats of viruses and hackers.

IT professionals are desperate to build a robust infrastructure, free from the threats of viruses and hackers.

According to Rich DeMillo, vice-president of technology strategy at Hewlett-Packard, and Stephen Squires, HP's vice president and chief science officer, the tools are now at hand to deliver secure systems once and for all - if everyone makes the same commitment to solving the problem.

DeMillo said organisations think of security as a feature of their systems, rather than something central to them. "Security gets mixed up with cost-benefit discussions that don't really have anything to do with it," he added.

For Squires, the technology and know-how exists to embed security in the heart of our systems.

"The fundamental techniques to make a modern Internet as strong as you like, within reason, have been known for some time," he said. "We have learned so much about the challenges of having a highly secure system. We know many techniques to do it, and transistors are cheaper than ever before, so there are ways to create new system architectures."

The key to building secure systems is to start with the base infrastructure and build up a set of protections from it.

"You've got to have a place to put keys on PCs, so you have to have some standard like the TCPA [Trusted Computer Platform Alliance] to do trusted key storage, to do basic operations," said DeMillo.

"You've got to have architectures, like the one we're pushing at HP with Itanium, that build up a set of protections that don't allow you a hardware back door.

"You start building up chains of trust and then every layer that you add on top authenticates itself to the layer below. Those are very tight security models, and they don't require you to have ad hoc understanding of a particular threat or vulnerability," he added.

DeMillo believed the Itanium chip is the key to making it happen. "The arithmetic on Itanium is really tuned to cryptographic calculation," he said.

"SSLs [Secure Sockets Layers], for example, run screamingly fast on Itanium. Forget about accelerators; forget about using parallel processing, and especially parallel processing to do SSL acceleration. Just use the native maths libraries in Itanium, and you get many multiples speed improvement on SSLs," he explained.

The new IPv6 Internet protocol will be another pillar of secure computing, according to DeMillo.

"It is a necessary condition," he said. "If you try to do high-grade security without it, it becomes much too hard and much too limiting."

The Ipv6 protocol could allow the creation of a system based on Secured domain name servers, running on high-grade commercial secure servers.

These could be used to build up a chain of trust all the way out to digitally signed packages of software and digitally signed certificates, all the way to end-users, said DeMillo.

HP's Squires said IT directors have a part to play in creating a secure future.

"The best thing they can do," he said, "is work with the leaders in the IT community to start advanced pilot projects to discover how well this stuff works, understand what has to be improved, and then get into rapid deployments to improve the quality of the systems."

Read more on PC hardware