TechnologyGoogle, AMD Release Security Audit of Epyc Processors Used...

Google, AMD Release Security Audit of Epyc Processors Used in Google Cloud’s Confidential Computing

An unusual partnership between Google and AMD may offer a blueprint for how the tech industry can better tackle processor security risks before they spiral out of control. The only problem? The setup requires an equally rare level of trust, which may be hard for other companies to replicate.

On Tuesday, Google Cloud is releasing a detailed audit of AMD’s confidential computing tech produced in a collaboration between Google’s Project Zero bug-hunting group, two teams within Google Cloud Security, and AMD’s firmware group. The audit follows years of Google Cloud putting increasing emphasis on its offerings for Confidential Computing—a suite of capabilities that keep customers’ data encrypted at all times, even during processing. The stakes are high, as customers increasingly depend on the privacy and security protections conferred by these services and the physical infrastructure underlying them, which is built on special, secure processors from AMD. An exploitable vulnerability in Confidential Computing could be disastrous.

Flaws in how processors are designed and implemented pose massive risks, turning widely used chips into single points of failure in the computers, servers, and other devices in which they’re installed. Vulnerabilities in specialized security chips have particularly dire potential ramifications because these processors are designed to be immutable and provide a “root of trust” that all the other components of a system can rely on. If hackers can exploit a flaw in security chips, they can poison a system at that root and potentially gain undetectable control. So AMD and Google Cloud have developed an unusually close-knit partnership over more than five years to collaborate on auditing the Epyc processors used in Google Cloud’s sensitive infrastructure and attempting to plug as many holes as possible. 

“When we find something and know that the safety is getting better, that’s the best,” says Nelly Porter, group product manager of Google Cloud. “It’s not pointing fingers, it’s combined effort to fix things. Adversaries have unbelievable capability, and their innovation is growing, so we need not only to catch up but to get ahead of them.”

Porter underscores that the partnership with AMD is unusual because the two companies have been able to build up enough trust that the chipmaker is willing to let Google’s teams analyze closely guarded source code. Brent Hollingsworth, AMD’s director of the Epyc software ecosystem, points out that the relationship also creates space for pushing the boundaries on what types of attacks researchers are able to test. For example, in this audit, Google security researchers used specialized hardware to mount physical attacks against AMD technology, an important and valuable exercise that other chipmakers are increasingly focusing on as well, but one that goes beyond the traditional security guarantees chipmakers offer.

PCIe hardware pentesting using an IO screamerPhotograph: Google

Original Source Link

Latest News

Kanye West and Bianca Censori Spotted After Alleged Assault – Hollywood Life

View gallery Kanye “Ye” West and wife Bianca Censori were spotted out in Los Angeles separately one day after...

Lawmakers advance measure to bring more booze to movie theaters in New York—’Someone should be able to enjoy a cocktail while they watch a...

New York would expand access to booze by allowing movie theaters to sell liquor and continuing to let...

Pick Your Poisson

This article is featured in Bitcoin Magazine’s “The Halving Issue” and is sponsored by HIVE Digital Technologies LTD...

Meta Is Already Training a More Powerful Successor to Llama 3

Zuckerberg took to Instagram today to explain that Meta would incorporate the new Meta AI assistant, powered by...

Two Cheers for the Proposed End Kidney Deaths Act

At the Vox website, Dylan Matthews offers a compelling defense of the proposed End Kidney Deaths Act....

Must Read

- Advertisement -

You might also likeRELATED
Recommended to you