Platform Embedded Security Technology Revealed: Safeguarding the Future of Computing with Intel Embedded Security and Management Engine
Format: PDF / Kindle (mobi) / ePub
Platform Embedded Security Technology Revealed is an in-depth introduction to Intel’s platform embedded solution: the security and management engine. The engine is shipped inside most Intel platforms for servers, personal computers, tablets, and smartphones. The engine realizes advanced security and management functionalities and protects applications’ secrets and users’ privacy in a secure, light-weight, and inexpensive way. Besides native built-in features, it allows third-party software vendors to develop applications that take advantage of the security infrastructures offered by the engine.
Intel’s security and management engine is technologically unique and significant, but is largely unknown to many members of the tech communities who could potentially benefit from it. Platform Embedded Security Technology Revealed reveals technical details of the engine. The engine provides a new way for the computer security industry to resolve critical problems resulting from booming mobile technologies, such as increasing threats against confidentiality and privacy. This book describes how this advanced level of protection is made possible by the engine, how it can improve users’ security experience, and how third-party vendors can make use of it.
It's written for computer security professionals and researchers; embedded system engineers; and software engineers and vendors who are interested in developing new security applications on top of Intel’s security and management engine.
It’s also written for advanced users who are interested in understanding how the security features of Intel’s platforms work.
chipset; it operates independently of the host operating system; and more importantly, its security is rooted in the hardware. The AMT is also software because the majority of its functionalities are realized by specific software programs that are compiled into the platform’s flash device. Thanks to its dual identity, the AMT enjoys both the stability, security, and independency of hardware solutions, and the flexibility and affordability of software solutions at the same time. The security and
The security and management engine comes with a number of features stored on the flash chip. But they are not nearly enough to make the most out of the engine’s rich set of capabilities. The DAL offers desirable flexibility and extends the boundary of the engine by loading Java applets to the engine from the host at runtime. As software, it is easier to create an applet, change its functionalities, and patch bugs. No firmware update is necessary for building new consumer features to the engine.
presentation explains the technical details of provisioning secrets to an enclave, including how to generate hardware-based attestation for software inside an enclave and how software in an enclave seals and unseals secret data. “Using innovative instructions to create trustworthy software solutions.” 9 This paper focuses on the software programming model of SGX. Interestingly, for proof of concept, the authors had built on prototype hardware of SGX three trustworthy applications, namely,
security practice or performance considerations in mind. It is a bad practice to reuse the POC code in the final product, if and when the POC hatches to production, because in most cases, it is more difficult and resource consuming to repair poor code than to rewrite. Another source of possibly low-quality code similar to POC code is test code. Following the completion of coding, the implementation review kicks off. The review is a three-fold effort: static analysis, dynamic analysis, and manual
x, y, y, y), where x[i] and y[i] are big integers ranging from 0 to q – 1 inclusive. G3 is 512-bit in size. An element of G3 takes the format of (x, y) where x and y are big integers ranging from 0 to q – 1 inclusive. GT is 1536-bit in size. An element of GT takes the format of (x, x, ..., x), where x[i] is a big integer ranging from 0 to q – 1 inclusive. All EPID groups share the same predefined parameters for G1, G2, G3, and GT. These groups are defined by the following