Google cloud and smart publish the result today from one nine-month audit belong to New Intel hardware security product: Trusted Domain Extensions (TDX). The analysis revealed 10 confirmed vulnerabilities, two of which were marked by researchers at both companies as critical, as well as five that led to proactive changes to enhance the ability to perform. defensive capabilities of TDX. The review and repair was completed before Intel’s fourth generation manufacturing Intel Xeon processors, called “Sapphire Rapids”, incorporate TDX.
Security researchers from Google Cloud Security and Google’s Project Zero bug team, which collaborated with Intel engineers during the review, initially raised 81 potential security issues that the team investigated. investigate more deeply. This project is part of the Google Cloud Confidential Computing initiative, a set of technical capabilities to Always encrypt customer data and make sure they have full access control.
The security risks are extremely high for the major cloud providers that operate much of the world’s digital infrastructure. And while they can fine-tune the systems they build, cloud companies still rely on proprietary hardware from chipmakers for basic computing power. For a deeper understanding of the processors they depend on, Google Cloud worked with AMD in a similar test last year, and relied on the longstanding trusting relationship between Intel and Google to launch the initiative for TDX. The goal is to help chip manufacturers find and fix vulnerabilities before they create potential exposure to Google Cloud customers or anyone else.
“It’s not trivial because companies, we all have our own intellectual property. And in particular, Intel has a lot of IP in the technologies they are bringing to this,” said Nelly Porter, group product manager for Google Cloud. “For us, it is precious to be able to open up and trust each other. The research we’re doing will help everyone because Intel’s Trusted Domain Expansion technology will not only be used at Google, but everywhere else.”
Researchers and hackers can always work to attack hardware and online systems from the outside—and these exercises are valuable because they simulate the conditions under which attackers typically Look for weaknesses to exploit. But a partnership like the one between Google Cloud and Intel has the advantage of allowing outside researchers to conduct black-box testing and then collaborate with engineers with deep knowledge of how a product works. designed to be more discoverable about how a product can be better secured.
After many years struggling to fix the security fallout From design flaws in a processor feature known as “speculative execution”, chipmakers have invested more in advanced security testing. For TDX, Intel internal hackers conducted their own audit, and the company also put TDX through security steps by inviting researchers to test the hardware as part of its bug bounty program. Intel.
Anil Rao, vice president and general manager of system architecture and engineering at Intel, said the opportunity for Intel and Google engineers to work as a team is particularly productive. The team has had regular meetings, collaborating to track the findings together and develop a camaraderie to push them to dig deeper into TDX.
