PrivateCore was founded in 2011 by security veterans from VMware and Google with seed funding from Foundation Capital.[2] PrivateCore “virtualizes” physical security and enables service providers and enterprises to deploy servers processing sensitive data in outsourced environments while maintaining security around data in use.[3]
The company's memory encryption technology has been spurred by a number of industry trends including the increasing sophistication of hackers, a larger number of servers in outsourced environments, larger amounts of sensitive data being placed in persistent memory, and x86 virtualization technology which can increase the environment attack surface.
PrivateCore was acquired by Facebook, a deal that was announced on 7 August 2014.[4][5]
Technology
PrivateCore's focus is securing data-in-use on x86 servers. The company has taken advantage of recent microprocessor innovations including larger microprocessor caches and hardware cryptographic acceleration technology that enable more effective methods of encrypting memory while maintaining acceptable application performance. The technology approach goes beyond previous academic research efforts such as TRESOR.
PrivateCore assumes that the only element that needs to be trusted in a system is the Central Processing Unit (CPU). The firm uses Trusted Platform Module (TPM) chips and Intel Trusted Execution Technology (Intel TXT) to provide remote server attestation. PrivateCore also supports the cryptographic hardware acceleration provided by Intel AES-NI technology.
PrivateCore technology is positioned as being most applicable to outsourced or hosted environments where the enterprise cannot have trust in the computing infrastructure.[6]
Products
The PrivateCore vCage product portfolio comprises vCage Manager and vCage Host. vCage Manager validates the integrity of x86 servers running Linux as well as the vCage Host. vCage Host installs on bare-metal servers and provides a hardened hypervisor based on KVM that can secure server random access memory (RAM) with AES encryption. vCage Host does this by loading a secure hypervisor into the CPU cache and acting as a gateway to encrypt memory paging in and out between the CPU cache and RAM. vCage memory encryption leverages the KVM hypervisor but also has the potential to support other hypervisors. vCage Host supports existing KVM management tools.
vCage supports a number of use cases including creating OpenStack trusted computing pools as well as protecting x86 servers in co-location and bare-metal cloud environments.
vCage Manager and vCage Host became generally available on 11 February 2014.[7]