Google, AMD issue security audit of Epyc processors for Google Cloud confidential computing

unusual partnership The collaboration between Google and AMD could provide a blueprint for how the tech industry can better address processor security risks before they get out of hand. The only question? The setup requires an equally rare level of trust that other companies may have difficulty replicating.

google cloud on tuesday freed A sort of Detailed audit AMD’s confidential computing technology is powered by Google and Project Zero Vulnerability Search Group, two teams within Google Cloud Security, and AMD’s Firmware Group.The audit comes as Google Cloud has put increasing emphasis on its confidential computing products over the years (a set of Keep customer data encrypted at all times, even during processing. The stakes are high, as customers increasingly rely on the privacy and security protections these services offer, as well as the physical infrastructure on which they are built, built on AMD’s special secure processors. Exploitable vulnerabilities in confidential computing can be catastrophic.

Flaws in the way processors are designed and implemented pose a huge risk of turning widely used chips into single point of failure in computers, servers, and other equipment where they are installed. Vulnerability exist specialized Safety Chips have particularly dire potential consequences because these processors are designed to be immutable and provide a “root of trust” on which all other components of the system can rely. If hackers can exploit a flaw in a security chip, they can poison a system from the root and potentially gain undetectable control. As a result, AMD and Google Cloud have formed an unusually close partnership for over five years, Collaborative review of Epyc processors Used in Google Cloud’s sensitive infrastructure and trying to plug as many loopholes as possible.

“When we discover something and know that security is getting better and better, that’s the best,” said Nelly Porter, group product manager for Google Cloud. “It’s not about pointing fingers, it’s about working together to solve problems. The opponents are incredibly capable and their innovation is growing, so we’re not just catching up, we’re getting ahead of them.”

Porter emphasized that the partnership with AMD is unusual because the two companies have built enough trust that the chipmaker is willing to let Google’s team analyze the closely guarded source code. The relationship also creates room for pushing the boundaries of the types of attacks that researchers can test, noted Brent Hollingsworth, director of the Epyc software ecosystem at AMD. For example, in this audit, Google security researchers used specialized hardware to physically attack AMD technology, an important and valuable exercise, Other chip makers There are also growing concerns, but beyond the traditional security guarantees offered by chipmakers.

PCIe Hardware Penetration Testing with IO ScreamerPhoto: Google

Source link