PrivateCore is a venture-backed startup located in

Palo Alto, California Palo Alto ( ; Spanish language, Spanish for ) is a charter city in northwestern Santa Clara County, California, United States, in the San Francisco Bay Area, named after a Sequoia sempervirens, coastal redwood tree known as El Palo Alto. Th ...

that develops software to secure server data through server attestation and memory

encryption In Cryptography law, cryptography, encryption (more specifically, Code, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the inf ...

. The company's attestation and memory encryption technology fills a gap that exists between “ data in motion” encryption ( TLS,

email encryption Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication. Email is prone to the disclosure of information. Although man ...

) and “

data at rest Data at rest in information technology means data that is housed physically on computer data storage in any digital form (e.g. cloud storage, file hosting services, databases, data warehouses, spreadsheets, archives, tapes, off-site or cloud backu ...

” encryption (

disk encryption Disk encryption is a technology which protects information by converting it into code that cannot be deciphered easily by unauthorized people or processes. Disk encryption uses disk encryption software or disk encryption hardware, hardware to encry ...

, tape encryption) by protecting “

data in use Data in use is an information technology term referring to active data which is stored in a non-persistent digital state or volatile memory, typically in computer random-access memory (RAM), CPU caches, or CPU registers. Scranton, PA data scie ...

” (

random access memory Random-access memory (RAM; ) is a form of electronic computer memory that can be read and changed in any order, typically used to store working data and machine code. A random-access memory device allows data items to be read or written ...

). PrivateCore memory encryption technology protects against threats to servers such as

cold boot attack In computer security, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) ...

s, hardware

advanced persistent threat An advanced persistent threat (APT) is a stealthy threat actor, typically a State (polity), state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the ...

rootkits A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exist ...

/bootkits, computer hardware

supply chain attack A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. ...

s, and physical threats to servers from insiders. PrivateCore was acquired by Facebook (now

Meta Platforms Meta Platforms, Inc. is an American multinational technology company headquartered in Menlo Park, California. Meta owns and operates several prominent social media platforms and communication services, including Facebook, Instagram, Threads ...

) on 7 August 2014.

History

PrivateCore was founded in 2011 by security veterans from VMware and

Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...

with

seed funding Seed money, also known as seed funding or seed capital, is a form of securities offering in which an investor puts capital in a startup company in exchange for an equity stake or convertible note stake in the company. The term ''seed'' suggests ...

from

Foundation Capital Foundation Capital is a venture capital firm located in Silicon Valley. The firm was founded in 1995, and in 2012 managed more than $2.4 billion in investment capital. As of 2023, the firm has over $6 billion in assets under management. Histor ...

.Angellist, PrivateCore, June 6, 2012: "PrivateCore"
/ref> PrivateCore “virtualizes” physical security and enables service providers and enterprises to deploy servers processing sensitive data in outsourced environments while maintaining security around data in use.Dark Reading, Robert Lemos, January 31, 2013:"The Physical Security Factor With Cloud Providers"
/ref> The company's memory encryption technology has been spurred by a number of industry trends including the increasing sophistication of hackers, a larger number of servers in outsourced environments, larger amounts of sensitive data being placed in persistent memory, and

x86 virtualization x86 virtualization is the use of hardware-assisted virtualization capabilities on an x86/x86-64 CPU. In the late 1990s x86 virtualization was achieved by complex software techniques, necessary to compensate for the processor's lack of hardware ...

technology which can increase the environment attack surface. PrivateCore was acquired by

Facebook Facebook is a social media and social networking service owned by the American technology conglomerate Meta Platforms, Meta. Created in 2004 by Mark Zuckerberg with four other Harvard College students and roommates, Eduardo Saverin, Andre ...

, a deal that was announced on 7 August 2014.Reuters, Kurt Wagner, August 7, 2014:"Facebook Acquires Security Startup PrivateCore to Better Protect Its Data Centers"
/ref>

Technology

PrivateCore's focus is securing data-in-use on

x86 x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel, based on the 8086 microprocessor and its 8-bit-external-bus variant, the 8088. Th ...

servers. The company has taken advantage of recent microprocessor innovations including larger microprocessor caches and hardware cryptographic acceleration technology that enable more effective methods of encrypting memory while maintaining acceptable application performance. The technology approach goes beyond previous academic research efforts such as TRESOR. PrivateCore assumes that the only element that needs to be trusted in a system is the Central Processing Unit (CPU). The firm uses

Trusted Platform Module A Trusted Platform Module (TPM) is a secure cryptoprocessor that implements the ISO/IEC 11889 standard. Common uses are verifying that the boot process starts from a trusted combination of hardware and software and storing disk encryption keys. ...

(TPM) chips and Intel

Trusted Execution Technology Intel Trusted Execution Technology (Intel TXT, formerly known as LaGrande Technology) is a computer hardware technology of which the primary goals are: * Attestation of the authenticity of a platform and its operating system. * Assuring that an ...

(Intel TXT) to provide remote server attestation. PrivateCore also supports the cryptographic hardware acceleration provided by Intel

AES-NI An Advanced Encryption Standard instruction set (AES instruction set) is a set of instructions that are specifically designed to perform AES encryption and decryption operations efficiently. These instructions are typically found in modern proces ...

technology. PrivateCore technology is positioned as being most applicable to outsourced or hosted environments where the enterprise cannot have trust in the computing infrastructure.StartUpBeat, StartUpBeat Editor, June 25, 2012:"PrivateCore has built a private computing platform that gives users a high level of data security, online or off"

Products

The PrivateCore vCage product portfolio comprises vCage Manager and vCage Host. vCage Manager validates the integrity of

servers running Linux as well as the vCage Host. vCage Host installs on bare-metal servers and provides a hardened hypervisor based on KVM that can secure server random access memory (RAM) with

AES encryption The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is a variant ...

. vCage Host does this by loading a secure hypervisor into the CPU cache and acting as a gateway to encrypt memory paging in and out between the CPU cache and RAM. vCage memory encryption leverages the KVM hypervisor but also has the potential to support other hypervisors. vCage Host supports existing KVM management tools. vCage supports a number of use cases including creating

OpenStack OpenStack is a free, open standard cloud computing platform. It is mostly deployed as infrastructure-as-a-service (IaaS) in both public and private clouds where virtual servers and other resources are made available to users. The software pla ...

trusted computing pools as well as protecting x86 servers in co-location and bare-metal cloud environments. vCage Manager and vCage Host became generally available on 11 February 2014.GCN, John Moore, March 12, 2014:"How to lock down data in use -- and in the cloud"

References

External links

* {{Official website, http://www.privatecore.com
Physical Privilege Escalation and Mitigation in the x86 World
talk given by the founders at CanSecWest 2013 Computer security companies Cryptography Companies based in Palo Alto, California Software companies established in 2011 2014 mergers and acquisitions Software companies based in the San Francisco Bay Area 2011 establishments in California Defunct software companies of the United States