{"id":641692,"date":"2023-04-26T10:05:40","date_gmt":"2023-04-26T15:05:40","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/04\/26\/google-researchers-identify-hole-in-intel-tdx\/"},"modified":"2023-04-26T10:05:40","modified_gmt":"2023-04-26T15:05:40","slug":"google-researchers-identify-hole-in-intel-tdx","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/04\/26\/google-researchers-identify-hole-in-intel-tdx\/","title":{"rendered":"Google researchers identify hole in Intel TDX"},"content":{"rendered":"<div id=\"content-header\">\n<h2>Intel has worked with Google to figure out how to harden the TDX module in Xeon chips to boost the security of virtual machines<\/h2>\n<\/div>\n<div id=\"content-center\">\n<ul>\n<li><i data-icon=\"1\"><\/i><\/li>\n<li><i data-icon=\"2\"><\/i><\/li>\n<\/ul>\n<div id=\"contributors-block\">\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Cliff-Saran-Sep-2022-140x180px.jpg\" alt=\"Cliff Saran\">\n\t\t\t\t\t<\/p>\n<p><span>By<\/span><\/p>\n<ul>\n<li>\n\t\t\t\t\t<a href=\"https:\/\/www.techtarget.com\/contributor\/Cliff-Saran\">Cliff Saran,<\/a><br \/>\n\t\t\t\t\t\t<span>Managing Editor<\/span>\n\t\t\t\t\t\t<\/li>\n<\/ul>\n<p>\n\tPublished: <span>26 Apr 2023 11:00<\/span>\n<\/p>\n<\/div>\n<section id=\"content-body\">\n<p><a href=\"https:\/\/www.techtarget.com\/searchsecurity\/news\/252468333\/Google-wants-Project-Zero-to-be-part-of-an-open-alliance\">Google\u2019s Project Zero<\/a> and cloud security teams\u2019 nine-month assessment of the security of the Intel Trust Domain Extension (TDX) has identified a number of areas it needs to improve, but overall, the company gave the new technology, which will be included in the fourth generation of Intel\u2019s Xeon Scalable processor, the thumbs-up.<\/p>\n<p>The TDX module is a feature in the next generation of <a href=\"https:\/\/www.techtarget.com\/searchdatacenter\/news\/252461147\/Intel-Xeon-Scalable-launch-prompts-server-upgrades\">Xeon processors<\/a> that provides hardware-isolated virtual machines (VM), known as Trust Domains (TD). These can be used to isolate sensitive resources, such as virtualised physical memory, from the host operating system on which the VM runs.<\/p>\n<p>The research, conducted in collaboration with Intel, looked at how to prevent confidential computing technology from threats today and into the future.<\/p>\n<p>Intel said the research was used to identify if there were obvious defects in TDX and test if it works as expected to ensure the technology could be deployed by both cloud customers and providers. The researchers also wanted to have a better understanding of the expected threat model for TDX, and identify limitations in the design and implementation that would better inform Google\u2019s deployment decisions.<\/p>\n<p>The security review assessed arbitrary code execution in a privileged security context; cryptographic weaknesses; temporary and permanent denial of service and weaknesses in debug or deployment facilities. Intel has also opened the source code to the components the team reviewed so that further research can be performed in public. The source code available for public review includes the TDX Module and Seam Loader.<\/p>\n<p>The report points out a serious implementation issue due to a bug in the Authenticated Code Module (ACM) responsible for initialising the TDX feature.<\/p>\n<p>The researchers found that when the ACM moves between its secure and unsecured state, the bug allows <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/definition\/principle-of-least-privilege-POLP\">untrusted code<\/a> to execute in \u201cprivileged execution mode\u201d, which has a high level of security. This bug can be exploited to compromise the integrity of the TDX feature and the security of any deployed VMs.<\/p>\n<p>The defects and weaknesses identified during the review were fed back to Intel for remediation.<\/p>\n<p>Nelly Porter, group product manager for Google Cloud, said: \u201cAs industry leaders in confidential computing, we make it our mission to thoroughly review the underlying technology, especially as we offer it to our customers. We are pleased at the level of security already baked into Intel TDX, as well as the collaboration between our teams that improves security outcomes for the entire industry.\u201d<\/p>\n<p>\u201cWe want to make it such that people don\u2019t worry about the security and trustworthiness of their data,\u201d said Anil Rao, vice-president and general manager of systems architecture and engineering in the office of the chief technology officer at Intel.<\/p>\n<p>\u201cOrganisations use confidential computing to control their data and provide access to trusted parties in a manner that is verifiable, revocable and time-sensitive \u2013 we have an obligation to make sure the technology is secure. Our early effort with Google solidifies our commitment to perform thorough analysis to address all potential vulnerabilities.\u201d<\/p>\n<\/section>\n<section id=\"DigDeeperSplash\">\n<h4>\n\t\t\t<i data-icon=\"m\"><\/i>Read more on IT risk management<\/h4>\n<ul>\n<li><a id=\"DigDeeperItem-1\" href=\"https:\/\/www.techtarget.com\/searchenterprisedesktop\/tip\/Key-Apple-native-macOS-security-features-for-administrators\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a303570139_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a303570139_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/security_a303570139.jpg 1280w\" alt ><\/p>\n<h5>Key Apple-native macOS security features for administrators<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/sheldon_robert.jpg\" alt=\"RobertSheldon\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Robert\u00a0Sheldon<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-2\" href=\"https:\/\/www.techtarget.com\/searchcloudcomputing\/definition\/confidential-computing\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/digdeeper\/2.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/digdeeper\/2_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/digdeeper\/2.jpg 1280w\" alt ><\/p>\n<h5>confidential computing<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/gillis_alex.jpg\" alt=\"AlexanderGillis\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Alexander\u00a0Gillis<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-3\" href=\"https:\/\/www.computerweekly.com\/blog\/Open-Source-Insider\/Civo-creates-ultra-high-performance-Kubernetes-on-Intel-SGX\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/visuals\/digdeeper\/3.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/visuals\/digdeeper\/3_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/visuals\/digdeeper\/3.jpg 1280w\" alt ><\/p>\n<h5>Civo creates ultra-high performance Kubernetes on Intel SGX<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/computerweekly\/Adrian-Bridgwater-60px.jpg\" alt=\"AdrianBridgwater\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Adrian\u00a0Bridgwater<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<li><a id=\"DigDeeperItem-4\" href=\"https:\/\/www.techtarget.com\/searchsoftwarequality\/news\/252525502\/Intel-SDKs-give-developers-tools-for-AI-quantum-software\"><br \/>\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/code_g1297696209_searchsitetablet_520X173.jpg\" srcset=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/code_g1297696209_searchsitetablet_520X173.jpg 960w,https:\/\/cdn.ttgtmedia.com\/rms\/onlineimages\/code_g1297696209.jpg 1280w\" alt ><\/p>\n<h5>Intel SDKs give developers tools for AI, quantum software<\/h5>\n<div>\n<p><img decoding=\"async\" src=\"https:\/\/cdn.ttgtmedia.com\/rms\/onlineImages\/botelho_bridget.jpg\" alt=\"BridgetBotelho\">\n\t\t\t\t\t\t\t\t\t<\/p>\n<p><span>By: <span>Bridget\u00a0Botelho<\/span><\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/div>\n<p>\t\t\t\t<\/a><\/li>\n<\/ul>\n<\/section>\n<\/div>\n<p><a href=\"https:\/\/www.computerweekly.com\/news\/365535529\/Google-researchers-identify-hole-in-Intel-TDX\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Anthony Antes<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Intel has worked with Google to figure out how to harden the TDX module in Xeon chips to boost the security of virtual machines By Cliff Saran, Managing Editor Published: 26 Apr 2023 11:00 Google\u2019s Project Zero and cloud security teams\u2019 nine-month assessment of the security of the Intel Trust Domain Extension (TDX) has identified<\/p>\n","protected":false},"author":1,"featured_media":641693,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[496,5016,46],"tags":[],"class_list":["post-641692","post","type-post","status-publish","format-standard","has-post-thumbnail","category-google","category-researchers","category-technology"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/641692","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=641692"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/641692\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/641693"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=641692"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=641692"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=641692"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}