HomeWinBuzzer NewsProject Cerberus: Open Source Microsoft Project Plans to Heighten Datacenter Security

Project Cerberus: Open Source Microsoft Project Plans to Heighten Datacenter Security

A cryptographic microcontroller, Project Cerberus increases data center security by protecting firmware from malware, compromised binaries, and more. Microsoft is in talks with Intel to work on the solution further.


OCP is getting another contribution from in the form of Project Cerberus, an industry standard for platform security.

The venture is a cryptographic microcontroller that Azure hardware infrastructure GM Kushagra Vaid describes as “a cryptographic microcontroller running secure code which intercepts accesses from the host to flash over the SPI bus (where firmware is stored).

Project Cerberus continuously measures these accesses and validates the integrity, protecting against malicious updates. According to Microsoft, it can prevent malware that exploits operating system bugs, supply chain attacks, and compromised firmware binaries. Importantly, it also protects against insiders with admin privileges or physical access.

Easy Integration

Of course, it wouldn't be much of a solution if it was difficult to implement. Cerberus is CPU and architecture agnostic, meaning it shouldn't be too hard to integrate into new designs.

As a result, Microsoft expects a much wider range than initially intended, including use in IoT devices. To further advancement, the draft specification will be open sourced to OCP, and will help explore implementation models.

In many ways, this is Project Olympus‘ next phase. The hardware development model was put forward by Microsoft at Zettastructure in London just over a year ago, and seeks to bring open source to physical devices.

As a result, Microsoft shares designs when they're just 50% complete, and Project Cerberus is one of its first contributions.

“The initial draft being contributed today covers motherboard firmware (UEFI BIOS, BMC, Options ROMs) and the vision is to work with the OCP community to extend the specifications over time to cover all peripheral I/O components such as HDD, SSD, NIC, FPGA, GPU, etc,” said Vaid in a recent blog post.

“We're encouraging the industry to collaborate on Project Cerberus to drive a new level of security for future hardware platforms.”

You can see the draft for yourself on GitHub.

Tip: If your business is running its own server infrastructure, consider taking benefit of the usually higher data center security via colocation.

Last Updated on March 15, 2023 9:18 am CET

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News