TechnologyGoogle, AMD Release Security Audit of Epyc Processors Used...

Google, AMD Release Security Audit of Epyc Processors Used in Google Cloud’s Confidential Computing

An unusual partnership between Google and AMD may offer a blueprint for how the tech industry can better tackle processor security risks before they spiral out of control. The only problem? The setup requires an equally rare level of trust, which may be hard for other companies to replicate.

On Tuesday, Google Cloud is releasing a detailed audit of AMD’s confidential computing tech produced in a collaboration between Google’s Project Zero bug-hunting group, two teams within Google Cloud Security, and AMD’s firmware group. The audit follows years of Google Cloud putting increasing emphasis on its offerings for Confidential Computing—a suite of capabilities that keep customers’ data encrypted at all times, even during processing. The stakes are high, as customers increasingly depend on the privacy and security protections conferred by these services and the physical infrastructure underlying them, which is built on special, secure processors from AMD. An exploitable vulnerability in Confidential Computing could be disastrous.

Flaws in how processors are designed and implemented pose massive risks, turning widely used chips into single points of failure in the computers, servers, and other devices in which they’re installed. Vulnerabilities in specialized security chips have particularly dire potential ramifications because these processors are designed to be immutable and provide a “root of trust” that all the other components of a system can rely on. If hackers can exploit a flaw in security chips, they can poison a system at that root and potentially gain undetectable control. So AMD and Google Cloud have developed an unusually close-knit partnership over more than five years to collaborate on auditing the Epyc processors used in Google Cloud’s sensitive infrastructure and attempting to plug as many holes as possible. 

“When we find something and know that the safety is getting better, that’s the best,” says Nelly Porter, group product manager of Google Cloud. “It’s not pointing fingers, it’s combined effort to fix things. Adversaries have unbelievable capability, and their innovation is growing, so we need not only to catch up but to get ahead of them.”

Porter underscores that the partnership with AMD is unusual because the two companies have been able to build up enough trust that the chipmaker is willing to let Google’s teams analyze closely guarded source code. Brent Hollingsworth, AMD’s director of the Epyc software ecosystem, points out that the relationship also creates space for pushing the boundaries on what types of attacks researchers are able to test. For example, in this audit, Google security researchers used specialized hardware to mount physical attacks against AMD technology, an important and valuable exercise that other chipmakers are increasingly focusing on as well, but one that goes beyond the traditional security guarantees chipmakers offer.

PCIe hardware pentesting using an IO screamerPhotograph: Google

Original Source Link


Please enter your comment!
Please enter your name here

Latest News

Best Places to Work in Healthcare – 2022 (alphabetical list)

AKASA South San Francisco Aledade Bethesda, Md. All Star Healthcare Solutions Deerfield Beach, Fla. Amedisys Baton Rouge, La. Aspen RxHealth Tampa, Fla. Aya Healthcare San Diego b.well Connected Health Baltimore Bailey Medical...

“You begin to look over your shoulder”

On Friday, Justice Thomas was interviewed by John Yoo, his former law clerk, at an event in Dallas....

NASA’s InSight lander has recorded the largest Marsquake yet

Any Martians out there should learn to duck and cover. On May 4, the Red Planet was rocked by...

Patti Payne's Cool Pads: 'Street of Dreams' home in Bellevue put up for sale

The 4,360-square-foot home in the fashionable Summit Ridge neighborhood is owned by the chief financial officer of Kent-based...

‘Today Something Broke’: Princess Diaries Star Heather Matarazzo Explains Distressing Tweets ‘Struggling’ In Hollywood

Aw, this genuinely hurt out heart! Heather Matarazzo was having a rough one this week and decided to really...

Must Read

- Advertisement -

You might also likeRELATED
Recommended to you