Google Cloud and Intel have completed a nine-month audit of Intel’s new hardware security product, Trust Domain Extensions (TDX). The assessment involved security researchers from Google Cloud Security and Google’s Project Zero bug-hunting team, who collaborated with Intel engineers to investigate 81 potential security issues. The review uncovered 10 confirmed vulnerabilities, including two significant ones flagged by researchers from both companies. T
he findings led to proactive changes to further harden TDX’s defenses, which were completed before the production of Intel’s fourth-generation Intel Xeon processors. The project is part of Google Cloud’s Confidential Computing initiative, which aims to keep customers’ data encrypted at all times and ensure they have full access controls. The collaboration between Google Cloud and Intel allows outside researchers to conduct black box testing and then collaborate with engineers to potentially uncover even more about how a product could be better secured.
Chipmakers have invested more in advanced security testing to remediate the security fallout from design flaws in the processor feature known as “speculative execution” after years of scrambling. For TDX, Intel’s in-house hackers conducted their own audits, and the company also put TDX through its security paces by inviting researchers to vet the hardware as part of Intel’s bug bounty program. According to Anil Rao, Intel’s vice president and general manager of systems architecture and engineering, the opportunity for Intel and Google engineers to work as a team was particularly fruitful. The group had regular meetings, collaborated to track findings jointly, and developed camaraderie that motivated them to bore even deeper into TDX.
The researchers found two critical vulnerabilities, one related to loose ends from a cryptographic integrity feature that had been dropped from the product, and the other in Intel’s Authenticated Code Modules, which are cryptographically signed chunks of code built to run in the processor at a particular time. The vulnerability involved a small window in which an attacker could have hijacked the mechanism to execute malicious code. Rao and Porter also point out that the finding was significant because ACM is used in other Intel security products beyond TDX.
Additionally, as part of the collaboration, Google worked with Intel to open-source the TDX firmware, low-level code that coordinates between hardware and software. This way, Google Cloud customers and Intel TDX users around the world will have more insight into the product. According to Rao, “confidential computing is an area where we are opening up and telling customers, ‘bring your most sensitive applications, bring your most sensitive data, and operate it on shared infrastructure in the cloud.'” He also added that they want to make sure that they follow a rigorous process in ensuring that the key handlers of that sensitive data are rugged, as the establishment of trust takes a long time, and it can be broken very easily.
Go to Source
Author: Lily Hay Newman
