Intel’s Chief Technology Officer, Justin Rattner, has been pretty gung-ho with the world’s technology press in the past week. His approach seems to have worked, if even a few of the breathess headlines are to be believed.
From “Intel Technology Will Eliminate Zero-Day Threat” to “Intel Developing Zero-Day Proof Security System”, you’d be forgiven for thinking that we’re at the Beginning of the End of vulnerabilities and exploits.
And one might also think that all pigs are fuelled and cleared for take-off.
Applying in-chip solutions to security problems is hardly new. Intel’s own 80286 processor, for example, was its first widespread desktop PC chip which provided strong memory protection.
Back in 1982, the 80286 supported byte-granularity memory management based on segments, descriptor tables and selectors. (Chip makers seem to favour extensive and expansive nomenclatures.)
In theory, the 286 would have allowed an operating system to use the CPU itself to detect and prevent any buffer overflow in any memory block in any process. Even a memory overrun by a single byte could be prevented in hardware.
In 1985, the 80386 brought memory paging as well as the selector system, making both page-granularity – usually 4KByte – and byte-granularity memory overruns automatically detectable and preventable.
By 2004, Intel had followed AMD’s lead and added a no-execute bit (called XD, for Execute Disable, in Intel’s terminology) to its paging system so that memory pages – but not individual bytes – could be marked as “data only”, preventing memory overruns from executing untrusted code injected into data buffers.
These approaches have, collectively, helped operating system vendors to improve security, but not to perfect it. So is it likely that Intel will be able to do what has eluded it so far, and to eliminate zero-day exploits entirely through hardware? No.
A zero-day, by definition, is simply an attack of any sort which becomes known for the first time publicly before there is a fix for it. Zero-days don’t always depend on buffer overflows or other deliberately-provoked misbehaviour in the management and use of memory.
Attacks sometimes involve the malevolent but unexpected use of an existing legitimate feature – a left-over design decision, perhaps, from a more innocent and trusting era. One example is the so-called WMF vulnerability – a feature in Microsoft’s Windows Metafile Format which purposefully allowed remotely-delivered files to specify code to execute.
Whilst a crazy-sounding idea today, this WMF feature dated back to an era in which remotely delivering such files was simply not considered. They existed simply as a sort of local cache for recording and repeating Windows graphics operations. The exploitable code – which predated even Windows 95 – was harmlessly forgotten until rediscovered by an attacker and used for malicious purposes.
I’m sure Intel’s recently-promoted innovation is going to give one more headache – hopefully a very serious headache – to the Bad Guys. But stories about eliminating attacks altogether just sound too good to be true, especially when they are shrouded in such secrecy – as in this case – that no details are revealed of how they might work.
It’s a pity that Intel’s work has been touted in such hyperbolic fashion. Headlines like “Intel to add new low-level layer of computer security” would, surely, have been much more meaningful.
As it is, you’d be forgiven for assuming that the need for any other security precautions will evaporate when Intel finally releases whatever-this-is.
And if you do, be sure to have your camera handy. The pigs will be overhead soon.