Re: Possibility of malicious CPUs

Here is an article about this problem:

http://www.schneier.com/blog/archives/2008/10/designing_a_mal.html

Regards,
Carlos Baiget

Vesa-Matti Kari wrote:

Hello,

First of all, sorry for the poor newsgroup choice, but I
really could not find a better alternative.

I have recently given some thought to computer security.
This means a big dose of paranoia, but please bear
with me.

Suppose that we have succeeded to build an OS with perfect
security. By "perfect security" I mean the following:

1) There are no errors in the design of the security model

2) There are no errors in the implementation of the security model

3) There are no errors in the entire code development chain (e.g
build utilities, compilers, linkers) so we get perfect
executables from our perfectly designed perfect implementation

How safe would such a system be?

Descending to the hardware level, we could next investigate
the CPU. For example, suppose that we would examine a
modern Intel or AMD processor, with the protected mode and the
privilege rings 0-3.

Could it be possible that the CPU itself were malicious?

By "malicious" I mean that for those-in-the-know it would be
possible to bypass the CPU's security measures because the
CPU was designed that way from the beginning.

Suppose a CPU contains a mechanism similar to the one in
combination locks. Using machine code, you could feed the
CPU a secret sequence of undocumented OP-codes and bypass the
security at will. After "unlocking" the CPU, you could run
privileged instructions, have free access to all the memory
and so on. Game over.

My question is: How trustworthy are the CPUs that we
constantly use and trust? Any thoughts?

I know next to nothing about the low-level details of the CPU
implementations, so I cannot assess the feasibility of the
malicious CPUs I have described above.

Best regards,
vmk

.

Relevant Pages

  • [Full-disclosure] Re: [ISN] How To Save The Internet
    ... programmable PCs are dangerous, so why not treat them like guns? ... defend against the execution of unwanted machine code. ... which constitutes the code that the owner of the CPU desires it to run. ... be left with all of the wonderful array of security problems that are ...
    (Full-Disclosure)
  • Possibility of malicious CPUs
    ... I have recently given some thought to computer security. ... There are no errors in the design of the security model ... Could it be possible that the CPU itself were malicious? ... Tietotekniikkaosasto / Helsingin yliopisto ...
    (comp.security.unix)
  • Re: Cisco VPN AIM: is really needed for me?
    ... offloads the encryption and the only benefit is lower CPU utilization. ... will receive security updates. ... IOS 12.4ADV SECURITY ... you terminate the tunnel further into your network - eg on a 2nd router, ...
    (comp.dcom.sys.cisco)
  • Re: Cisco VPN AIM: is really needed for me?
    ... offloads the encryption and the only benefit is lower CPU utilization. ... As far as security goes, the 2600 series is supported on 12.4 code, ... IOS 12.4ADV SECURITY ...
    (comp.dcom.sys.cisco)
  • Re: Win 200 SP4 Boot time
    ... As for the security software - I think you may well be right. ... Clicking on the CPU heading in that window will arrange the ... > executing processes by CPU cycles used. ... >> I have been asked by a friend to find out what would be a reasonable time ...
    (microsoft.public.win2000.setup)