Implementing security on the chip level

Question

With Intel's recent purchase of a well known security company, I'm starting to think about what software w/could be more secure on a chip level. Examples I've come up with are:

• Random number generation
• Encryption
• Memory protection

But is hardware level security any more secure than software based security? ( I would assume garbage in garbage out no matter what level you operate at) What are the design considerations for embedded security? What are the limitations? Finally, do you have any good resources for learning more about the topic?

Answer 1

Hardware level security can only solve some security problems. For instance NX zones makes buffer overflows more difficult to exploit (but not impossible, return-to-libc). The cpu archatecture you are using isn't going to affect more common vulnerablites like SQL Injection and I don't think it can. There can also be vulnerabilities in hardware, for instance this vulnerability in Intel cpu's.

Intel wants to make their current products more secure. Intel also has a lot of money in savings and they might be looking at this recent purchase as an investment in a growing field.

Answer 2

Actually intel already implemented a lot of hardware-based security technologies (chip and chipset).

Some relevant technologies are:

• intel vPro, which includes:
  • intel Trusted execution Technology
  • intel Active Management Technology
  • intel Virtualization Technology
• intel Anti-Theft Technology
• intel RNG (Random Number Generator)
• Hardware based encyption
• XD (eXecute Disable)

In general, hardware-based security is more secure, because it is virtually impossible to 'go under' your code (tweak it at a lower level).

Answer 3

Here is the primary wikipedia topic on Trusted Computing.