Google Cloud and Intel today released the results of a nine-month audit of Trust Domain Extensions (TDX), Intel’s new hardware security product. The analysis revealed 10 confirmed vulnerabilities, two of which were flagged as important by researchers from both companies, and five findings that resulted in proactive changes to further strengthen TDX defenses. The checks and fixes were all done before the production of Intel’s fourth-generation Intel Xeon processors (called “Sapphire Rapids”), which feature TDX.
Security researchers from Google Cloud Security and Google’s “Project Zero” bug hunting team worked with Intel engineers to conduct the assessment, initially uncovering 81 potential security issues, which the team investigated more deeply. The project is part of Google Cloud’s Confidential Computing program, a suite of technology capabilities that keeps customers’ data encrypted at all times and ensures they have full access control.
For the large cloud providers that run much of the world’s digital infrastructure, the security risks are high. While they can improve the systems they build, cloud companies still rely on chipmakers’ proprietary hardware for their underlying computing power. To gain more insight into the processors they rely on, Google Cloud partnered with AMD on a similar audit last year and launched the TDX program, relying on the long-standing trusted relationship between Intel and Google. The goal is to help the chipmaker find and fix vulnerabilities before they create potential risks for Google Cloud customers or anyone else.
“It’s not trivial because companies, we all have our own intellectual property. In particular, Intel has a lot of intellectual property in the technology that they bring to this,” said Nelly Porter, Google Cloud Group product manager. “It’s valuable for us to be able to be very open and trust each other. The research we’re doing will help everyone because Intel’s Trusted Domain Extension technology will be used not just at Google, but everywhere else. “
Researchers and hackers can always attack hardware and online systems from the outside—and these exercises are valuable because they simulate the conditions that attackers would typically look for vulnerabilities to exploit. But a collaboration like the one between Google Cloud and Intel has the advantage of allowing outside researchers to do black-box testing and then work with engineers who have a deep understanding of how products are designed to potentially discover more about how to better secure them. information.
After years of trying to fix the security consequences of design flaws in a processor feature known as “speculative execution,” chipmakers are investing more in advanced security testing. For TDX, Intel’s internal hackers conducted their own audits, and the company also put TDX through its security pace by inviting researchers to review hardware as part of Intel’s bug bounty program.
Anil Rao, vice president and general manager of systems architecture and engineering at Intel, said the opportunity for teams of Intel and Google engineers to work together was particularly productive. The group meets regularly, collaborates to track findings, and develops a camaraderie that inspires them to dig deeper into TDX.