An unusual partnership between the two companies may offer a glimpse into how the tech industry can better tackle processor security risks before they spiral out of control. The only problem? The setup requires an equally rare level of trust, which may be hard for other companies to duplicate.
A detailed audit of confidential computing tech produced in a collaboration between the Project Zero bug-hunting group and two teams within the security division of the company will be released on Tuesday. The audit follows years of increasing emphasis on its offerings for Confidential Computing, a suite of capabilities that keep customers data secure at all times. The stakes are high, as customers increasingly depend on the privacy and security protections conferred by these services and the physical infrastructure underlying them, which is built on special, secure processors. There is a vulnerability in Confidential Computing.
The design and implementation of processor chips can pose massive risks, as they can turn widely used chips into single points of failure in the computers, server, and other devices in which they are installed. The root of trust that all the other components of a system can rely on is at risk because of vulnerabilities in specialized security chips. If hackers can exploit a flaw in security chips, they can poison a system at its root and gain control. Over the course of five years, the two companies have collaborated on auditing and plugging as many holes as possible in the infrastructure of the cloud.
When we know that the safety is getting better, that is the best. Adversaries have great capability, and their innovation is growing, so we need to catch up to them.
The partnership withAMD is unusual because the two companies have been able to build up enough trust that the chipmaker is willing to let their teams analyze closely guarded source code. The relationship creates space for pushing the boundaries on what types of attacks researchers are able to test. In this audit, the security researchers at Google used specialized hardware to mount physical attacks against the technology of Advanced Micro Devices, an important and valuable exercise that other chipmakers are increasingly focusing on, but one that goes beyond the traditional security guarantees chipmakers offer.