Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs


Google Cloud and Intel released results today from a nine-month audit of Intel’s new hardware security product: Trust Domain Extensions (TDX). The analysis revealed 10 confirmed vulnerabilities, including two that researchers at both companies flagged as significant, as well as five findings that led to proactive changes to further harden TDX’s defenses. The review and fixes were all completed before the production of Intel’s fourth-generation Intel Xeon processors, known as “Sapphire Rapids,” which incorporate TDX. 

Security researchers from Google Cloud Security and Google’s Project Zero bug-hunting team collaborated with Intel engineers on the assessment, which initially turned up 81 potential security issues that the group investigated more deeply. The project is part of Google Cloud’s Confidential Computing initiative, a set of technical capabilities to keep customers’ data encrypted at all times and ensure that they have full access controls.

The security stakes are incredibly high for massive cloud providers that run much of the world’s digital infrastructure. And while they can refine the systems they build, cloud companies still rely on proprietary hardware from chip manufacturers for their underlying computing power. To get deeper insight into the processors they’re depending on, Google Cloud worked with AMD on a similar audit last year and leaned on the longtime trusted relationship between Intel and Google to launch the initiative for TDX. The goal is to help chipmakers find and fix vulnerabilities before they create potential exposure for Google Cloud customers or anyone else.

“It’s not trivial because companies, we all have our own intellectual property. And in particular, Intel had a lot of IP in the technologies that they were bringing to this,” says Nelly Porter, group product manager of Google Cloud. “For us to be able to be incredibly open and trusting each other is valuable. The research that we’re doing will help everybody because Intel Trusted Domain Extension technology is going to be used not only in Google, but everywhere else as well.”

Researchers and hackers can always work on attacking hardware and online systems from the outside—and these exercises are valuable because they simulate the conditions under which attackers would typically be looking for weaknesses to exploit. But collaborations like the one between Google Cloud and Intel have the advantage of allowing outside researchers to conduct black box testing and then collaborate with engineers who have deep knowledge about how a product is designed to potentially uncover even more about how a product could be better secured.

After years of scrambling to remediate the security fallout from design flaws in the processor feature known as “speculative execution,” chipmakers have invested more in advanced security testing. For TDX, Intel’s in-house hackers conducted their own audits, and the company also put TDX through its security paces by inviting researchers to vet the hardware as part of Intel’s bug bounty program.

Anil Rao, Intel’s vice president and general manager of systems architecture and engineering, says the opportunity for Intel and Google engineers to work as a team was particularly fruitful. The group had regular meetings, collaborated to track findings jointly, and developed a camaraderie that motivated them to bore even deeper into TDX.

#Intel #Google #Cloud #Hack #Secure #Chips #Bugs


Related Posts

Marvel’s Blade Movie Delayed by Writer’s Strike

[ad_1] Marvel’s vampire hunter Blade is a fierce warrior but he may have finally met his match: labor unions. The upcoming, long-in-development reboot of the Marvel franchise…

How to Watch the Coronation of King Charles III Live

[ad_1] King Charles III officially shed his princedom when Queen Elizabeth II died, and the British royal’s new position will be formalized on May 6 in a coronation…

‘Quordle’ today: See each ‘Quordle’ answer and hints for May 6

[ad_1] If Quordle is a little too challenging today, you’ve come to the right place for hints. There aren’t just hints here, but the whole Quordle solution….

How to use a passkey instead of a password to sign into your Google account

[ad_1] Passwords have always been a necessary evil, giving you the choice of either using one that is too simple (so you can easily remember it) or…

Amazon quietly acquired audio content discovery engine Snackable AI to boost its podcast projects

[ad_1] Amazon quietly acquired New York-based audio content discovery engine Snackable AI last December to boost its podcast features, as first reported by New York Post. The…

Warhammer 40K’s New Tyranid Screamer-Killer Is a Great Update

[ad_1] A new edition of Warhammer 40K means new models—and for some of the 40-year-old wargaming franchise’s creatures and characters, that means updates they’ve not had in…

Leave a Reply

Your email address will not be published. Required fields are marked *