• Corpus ID: 37285788

Intel x86 considered harmful

  title={Intel x86 considered harmful},
  author={Joanna Rutkowska},

Management Engine ME Processor Crypto Engine DMA Engine HECI Engine ROM Internal SRAM Interrupt Controller Timer

Overall, this paper aims to give an essential checkpoint of the state-ofthe-art systems that use HIEEs for trustworthy computing and compares their features from the security perspective.

Abusing Trust: Mobile Kernel Subversion via TrustZone Rootkits

These results highlight the feasibility of TrustZone rootkits that potentially survive kernel updates and raise awareness about the real danger of having to put trust into unvetted proprietary vendor code, which, as it can easily be abused.

Extensible Performance-Aware Runtime Integrity Measurement

EPA-RIMM demonstrates that SMM-based rootkit detection can be made performance-efficient and effective, providing a new tool for defense.

A brief tour on control-flow protection

The purpose of this work is to give an overview on the topic under discussion, control-flow protection, by providing sufficient background in beginning and related material in the end and a control- flow integrity feature of Clang compiler is tried out.

Supporting Security Sensitive Tenants in a Bare-Metal Cloud

Bolted is a new architecture for bare-metal clouds that enables tenants to control tradeoffs between security, price, and performance and exploits a novel provisioning system and specialized firmware to enable elasticity similar to virtualized clouds.

A Secure Cloud with Minimal Provider Trust

Bolted is a new architecture for a bare metal cloud that allows tenants to elastically allocate secure resources within a cloud while being protected from other previous, current, and future tenants of the cloud.

Who Watches the Watchmen

A survey on state-of-the-art techniques that detect, mitigate, and analyze malware attacks, as well as approaches based on Hardware Virtual Machines introspection, System Management Mode instrumentation, Hardware Performance Counters, isolated rings, and others based on external hardware.

Root of Trust : Technical vs . Political Considerations

This paper presents and discusses the different root-of-trust solutions that have been proposed for the X86 platforms by different industry players, and analyzes possible strategic or political motives behind the design of these solutions.

Reverse Engineering x86 Processor Microcode

This paper reverse engineer the microcode semantics and inner workings of its update mechanism of conventional COTS CPUs on the example of AMD's K8 and K10 microarchitectures and presents a set of microprograms that demonstrate the possibilities offered by this technology.

Secure Processors Part I: Background, Taxonomy for Secure Enclaves and Intel SGX Architecture

Secure Processors Part I: Background, Taxonomy for Secure Enclaves and Intel SGX Architecture



How Many Million BIOSes Would you Like to Infect?

Platform Embedded Security Technology Revealed: Safeguarding the Future of Computing with Intel Embedded Security and Management Engine

This book describes how this advanced level of protection is made possible by the engine, how it can improve users security experience, and how third-party vendors can make use of it.

Attacking Intel R © BIOS

  • Presented at Black Hat USA, http://invisiblethingslab.com/resources/ bh09usa/Attacking%20Intel%20BIOS.pdf,
  • 2009

Attacking Intel TXT via SINIT code execution hijacking

A software attack against Intel TXT is presented that exploits an implementation problem within a so called SINIT module, an internal part of theintel TXT infrastructure, that allows to fully bypassIntel TXT, Intel Launch Control Policy (LCP), and additionally also provides yet-another-way to compromise SMM code on the platform.

Exploiting 802 . 11 Wireless Driver Vulnerabilities on Windows Nov

  • Computer Science
  • 2007
It is hoped that the description and illustration of the process of identifying and exploiting 802.11 wireless device driver vulnerabilities on Windows can be used to show that kernel-mode vulnerabilities can be just as dangerous and just as easy to exploit as user- mode vulnerabilities.

A stitch in time saves nine

ABSTRACT: Producing a fair and flexible rota quickly and efficiently is a daunting prospect for anyone responsible for arranging staff work patterns, but new technology can help.

Following the White Rabbit : Software attacks against Intel ( R ) VT-d technology

Three software attacks that might allow for escaping from a VT-d-protected driver domain in a virtualization system are discussed, and one is focused on, and a practical and reliable code execution exploit is demonstrated against a Xen system.

Inaudible Sound as a Covert Channel in Mobile Devices

This work implemented an ultrasonic modem for Android and found that it could send signals up to 100 feet away and was practical with the transmitter inside of a pocket, and proposed two sound-based covert channels, ultrasonic and isolated sound.

Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches

An automated attack on the T-table-based AES implementation of OpenSSL that is as efficient as state-of-the-art manual cache attacks and can reduce the entropy per character from log2(26) = 4.7 to 1.4 bits on Linux systems is performed.

CPU bugs, CPU backdoors and consequences on security

  • Loïc Duflot
  • Computer Science
    Journal in Computer Virology
  • 2008
The security implications of x86 processor bugs or backdoors on operating systems and virtual machine monitors are presented and it is shown how it is possible for an attacker to implement a simple and generic CPU backdoor to bypass mandatory security mechanisms with very limited initial privileges.