Abstract
Historically, the attacks on platforms have been transitioning from application-level software (SW) to user mode SW to kernel mode SW to firmware (FW) and now hardware (HW). The frequency of HW- and FW-level vulnerabilities increased substantially from 2003 to 2019 and therefore reinforces a concrete need for HW-based security to harden the platform. This is evident from the data cataloged in the National Vulnerability Database (NVD) organized as CVEs; more information about NVD can be found at https://nvd.nist.gov/ . The Common Vulnerabilities and Exposures (CVE) is a list of entries with the information that identifies a unique vulnerability or an exposure and is used in many cybersecurity products and services including the NVD; more information about CVE can be found at https://cve.mitre.org/ . The NVD has been mined to derive the statistics and visualizations with pertinent search terms such as Firmware and Hardware. It is evident from Figure 3-1 (a) that the firmware-related CVEs have increased significantly and 2017–2018 saw the biggest jump when the hacker community started attaching the FW on the platforms. Similarly Figure 3-1 (b) shows that during the same time period, the HW-related CVEs also hit a peak. Please note that all these CVEs need to be investigated carefully for the impacted areas within a platform. But the trends are clearly pointing toward the HW as the last line of defense.
Highlights
Background and TerminologyBefore the actual security capabilities can be described, it is important to understand the terminology, the threat pyramid, the relevance of endto-end security, and Intel Security Essentials for leveraging built-in HW security technologies.Assets, Threats, and Threat PyramidSecurity design begins with the process of identifying a set of assets that are to be protected and classifying these assets according to the different levels of protection based on strategic or other pertinent value vectors
This section explains about the usage of Digital Random Number Generator (DRNG) with the new instructions supported in IA components include Intel® VTx (CPU)
This section explains the usage of Software Guard Extensions (SGX) for implementing a Trusted Execution Environment (TEE) with the new instructions supported in IA CPUs
Summary
Every distraction is a possibility, Every downfall is an opportunity. Historically, the attacks on platforms have been transitioning from application-level software (SW) to user mode SW to kernel mode SW to firmware (FW) and hardware (HW). The frequency of HW- and FWlevel vulnerabilities increased substantially from 2003 to 2019 and reinforces a concrete need for HW-based security to harden the platform. This is evident from the data cataloged in the National Vulnerability Database (NVD) organized as CVEs; more information about NVD can be found at https://nvd.nist.gov/. Note Please note that by the time this book is published, some new security features may be released by Intel, and please refer to Intel web site or contact the relevant OEM/ODMs for latest information
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
