December 28, 2024

Intel to Offer "Security" Features in Future Microprocessors

Intel is reportedly planning to include security technologies, code-named “LaGrande,” in a future processor chip.

I haven’t seen much in the way of technical detail. The article referenced above says:

Where Internet security technologies already protect information in transit between a user’s PC and Web sites, LaGrande and Palladium attempt to safeguard information and software once it is on a PC. The idea is to partition off parts of a computer into protected sections dubbed “vaults,” and protect the pathways between those areas and keyboards, monitors and other accessories.

One benefit is what Intel calls a “secure boot,” which means that the basic instructions used when starting a computer can’t be modified for improper purposes.

It’s way too early to tell whether this is good or bad for consumers. We’ll need many more technical details before we can even form sensible opinions.

Every security technology is designed to give somebody more control over something. The key questions are who is getting control, and over what will they be given control. We can’t answer those questions yet for LaGrande.

It used to be a given that when somebody talked about securing a computer, that meant giving more control to the computer’s owner. Nowadays the term “security” is more and more applied to measures that take control away from the owner. Whether LaGrande empowers consumers or erodes their control over their property remains to be seen.

Once we know what LaGrande is trying to do, we can move on to the question of whether it actually delivers on its promises. Intel got into trouble once before with a “security” feature – the Pentium III processor ID (PID). The PID raised privacy concerns, which Intel tried to defuse by arguing that the PID could protect consumers against fraud. Unfortunately the technical details of the PID made it fairly useless as an anti-fraud measure. Ultimately, Intel withdrew the PID feature after a storm of public criticism. Such an outcome is good for nobody.

It appears that Intel is being more careful this time. If Intel wants public buy-in, the best thing they could do is to release the technical specifications for LaGrande, to enable an informed public debate about it.

Classic Security Paper, with New Commentary

If you’re interested in computer security, check out the new paper by Paul Karger and Roger Schell. Thirty years ago, Karger and Schell wrote a classic paper reviewing the security of the Multics operating system, which was then the state of the art in secure OS design. Their new paper looks back on the original and reflects on what has happened since.

Economist Article

The article on me and my pro-tinkering work, from the June 20th issue of the Economist, is now available on line.

Dornseif on Source Code and Object Code

Maximillian Dornseif offers another comment on my source code vs. object code posting.

He points out, correctly, that we can still define “source code” and “object code” reasonably. We can get some mileage out of these definitions, as long as we remember that a piece of code might be either source code, or object code, or both, or neither.

Dornseif raises another interesting question, about the boundary between “writing a program” and “using a program”. Consider a typical Excel spreadsheet. To me as a computer scientist, a spreadsheet is a program – it directs the computer to combine some inputs in a certain way to produce some outputs. Yet the typical spreadsheet author probably doesn’t think of what he or she is doing as programming.

More on Berman-Coble's Peer-to-Peer Definition

In a previous posting, I remarked on the overbreadth of the Berman-Coble bill’s definition of “peer to peer file trading network”. The definition has another interesting quirk, which looks to me like an error by the bill’s drafters.

Here is the definition:

‘peer to peer file trading network’ means two or more computers which are connected by computer software that–
(A) [is designed to support file sharing]; and
(B) does not permanently route all file or data inquiries or searches through a designated, central computer located in the United States;

Last time I dissected (A). Now let’s look at (B). I read (B) as requiring that all inquiries or searches be routed through a single computer in the U.S.

Some people speculate that this exception is supposed to protect AOL Instant Messenger and similar systems. Others surmise that it is meant to exclude “big central server” systems like Napster, on the theory that the central server can be sued out of existence so no hacking attacks on it are necessary.

In either case, the exception fails to achieve its aim. In fact, it’s hard to see how any popular file sharing system could possibly be covered by (B).

The reason is simple. Big sites don’t use a single server computer. They tend to use a cluster of computers, routing each incoming request to one or another of the computers. This is done because the load on a big site is simply too large for any single computer to handle, and because it allows the server to keep going despite the crash of any individual computer.

A really big site might use a hundred or more computers, and they might not all be in the same physical location. (Spreading them out increases fault tolerance and allows requests to be routed to a nearby server for faster service.)

Sites that implement advanced functions need even more computers. For example, Google uses more than 10,000 computers to provide their service.

Some small file sharing systems might be able to function with a single computer, but as soon as such a system became popular, it would have to switch to multiple computers and so the exception would no longer protect it.

It seems unlikely that the exception was intended to cover only small, unpopular systems. More likely, the authors of the bill, and the people who vetted it for them, simply missed this point.