Anil Rao, Intel’s vice president and general manager of systems architecture and engineering, says the opportunity for Intel and Google engineers to work as a team was particularly fruitful. The group had regular meetings, collaborated to track findings jointly, and developed a camaraderie that motivated them to bore even deeper into TDX.
Of the two vulnerabilities the researchers found that Rao called “critical,” one related to loose ends from a cryptographic integrity feature that had been dropped from the product. “It was a leftover thing that we didn’t catch, but the Google team caught it,” he says. The other major vulnerability uncovered by the project was in Intel’s Authenticated Code Modules, which are cryptographically signed chunks of code that are built to run in the processor at a particular time. The vulnerability involved a small window in which an attacker could have hijacked the mechanism to execute malicious code.
“For me, that was something which was surprising. I wasn’t expecting that we had such a vulnerability in our internal system,” Rao says. “But I was super happy that this team caught it. It’s not that these are easy vulnerabilities for someone to tap into, but the fact that it’s there is not a good thing. So at least once we fix it then we can sleep better at night.”
Rao and Porter also point out that the finding was significant because ACM is used in other Intel security products beyond TDX.
Additionally, as part of the collaboration, Google worked with Intel to open source the TDX firmware, low-level code that coordinates between hardware and software. This way, Google Cloud customers and Intel TDX users around the world will have more insight into the product.
“Confidential computing is an area where we are opening up and telling customers, ‘bring your most sensitive applications, bring your most sensitive data, and operate it on shared infrastructure in the cloud,’” Rao says. “So we want to make sure that we follow a rigorous process in ensuring that the key handlers of that sensitive data are rugged. Whether we like it or not, establishment of trust takes a long time, and you can break it very easily.”
Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here
Elmer's Disappearing Purple School Glue Sticks, Washable, 7 Grams, 60 Count
$15.71 (as of March 13, 2025 20:23 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Custom Easter Bunny Custom Bunny Stuffed Animals With Child's Name Handmade Personalized Plush Rabbit Toy for Girls Boys Kids
$13.99 (as of March 13, 2025 19:47 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Apple AirPods Pro 2 Wireless Earbuds, Active Noise Cancellation, Hearing Aid Feature, Bluetooth Headphones, Transparency, Personalized Spatial Audio, High-Fidelity Sound, H2 Chip, USB-C Charging
$166.59 (as of March 13, 2025 19:47 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Split Fiction Playstation 5 (PS5)
$49.94 (as of March 13, 2025 19:47 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
