Product Security Assurance
Investments in people, processes, and tools to drive the highest levels of security in our technology.
Start Secure, Stay Secure
It’s not enough to look at product capabilities. Security demands you consider how products are developed and supported.
Intel applies best-known methods to integrate security principles throughout product design, build, and support. It’s why we say, no matter what you get from Intel, you can trust it was developed with security in mind.
Intel Ranked #1 in Product Security Assurance
ABI Research assessed top silicon vendors on the innovation and implementation of their security assurance practices. Their conclusion:
“Intel has been pioneering the way for product security assurance, placing high importance on investments in personnel, practices, and processes that embed security assurance into daily operations and silicon.”
Security from Beginning to End
The Intel Security Development Lifecycle (SDL) guides us in applying privacy and security practices throughout the product lifecycle.
Intel has tailored this industry standard to our specific needs, pioneering SDL for hardware, firmware, and platform development in addition to software development, reflecting our role as an industry leader.
It Starts with a Secure Mindset
Security is more than a feature; it requires unwavering focus that priorities secure development alongside quality and performance. Our security-first mindset is defined by:
Vision: Empower our customers with the most secure systems, software, and solutions, driven by innovation, to enhance security capabilities they trust.
Purpose: Build world-changing technology that earns trust and enriches the lives of every person on earth.
Culture: Every Intel engineer is empowered to incorporate security in their daily roles, inspired to make security a personal value, and trained to “think like a hacker,” breaking what they make.
Intel Security Hack-a-Thons (HaT)
Having a security-first mindset means that employees learn to think like hackers. To accomplish this, employees receive ongoing training and hands-on experience through hackathons, bringing together product and security experts. Each uses their expertise to find security vulnerabilities within the product through all legitimate means available, to complement a structured security evaluation:
Security experts provide guidance on a security-driven mindset and knowledge about how to break systems. This why Intel refers to this internally as “breaking what we build.” Product experts provide intimate knowledge about the inner workings of the specific target product.
Goals and Motivations
- Improve product security
- Increase security know-how and build a community of practice
- Assess the quality of product assurance execution
- Improve tools and training
- Enable cross-pollination of technology and security knowledge
Truc Nguyen, Director, Offensive Security Research
Hareesh Khattri, Senior Security Researcher
Results
Intel follows a closed-loop learning approach, meaning anything discovered is rolled into current and future products. Suggestions are reviewed as part of post hackathon actions to update and improve next-generation products. Post-hackathon review of the reported vulnerabilities can identify a specific feature or type of vulnerability that isn’t being detected during regular security validation. Researchers often recommend tools or methodology the product team should adopt to identify such issues.
Thus, hackathons drive long-term improvements in product architecture and identifying issues with security validation done on the products.
Robust Security Practices
Our product and process breadth puts us at the forefront of secure development practices. This discipline guides how we design, develop, test, and support products customers can trust.
Secure Development Starts Here
Fortifying component hardware, firmware, and software is critical to building more secure systems. The most effective way to build more secure products is to integrate security requirements into every phase of the development lifecycle, beginning with the product definition.
With our broad product portfolio, no single solution exists for component-level security. Security requirements are driven by context and vary by component features, complexity, and risk level. Security requirements are typically defined early in design, helping ensure they match a product’s features as well as functional, user, and legal requirements and standards, among other factors. Since these factors change, security requirements must also adapt over the entire lifecycle.
Examples of software and firmware requirements:
- Approved crypto algorithms and implementations (for components with crypto)
- Input validation and secure coding requirements
- Static code analysis (SCA) of all Intel-developed code, with the SCA tool determined by programming language
Examples of hardware security requirements:
- Access management requirements for protected or sensitive registers
- Architecture reviews by a team of HW security experts
- Security requirements for third-party IP and components
Standard security and privacy requirements include:
- Security and privacy validation
- Privacy assessments
- Security-focused reviews
Addressing Potential Threats Before They Happen
Product security is an ongoing priority, not a one-time event. The heart of this discipline is our comprehensive threat modeling process. Threat modeling analyzes each of our products to determine the array of potential security threats to those products, then creates a plan to protect against those threats.
Threat modeling starts with product planning and continues through deployment. Security architects compile a comprehensive list of threats and extensively monitor the landscape of emerging threats throughout the lifespan of the product. Threat models are archived and reviewed regularly against known and emerging attacks.
Once a threat model is complete, it’s presented in our security architecture review forum. A team of security experts reviews the threat model and the associated product architecture for consistency. The threat model is examined for completeness, and the security architecture is analyzed to determine its effectiveness in protecting against specified threats.
Commonly Used Adversaries
To understand the threat landscape better, Intel has developed nine Adversary Models:
- Unprivileged Software Adversary: Typically known as a “user-space” adversary; capabilities are limited by the instruction set architecture (ISA) or hardware platform or x86/x64 (or IA-32/Intel 64) to the capabilities granted by the system software.
- System Software Adversary: Full control over the operating system, or virtual machine monitor. This adversary can manipulate x86/x64 in any manner allowed by the instruction set architecture specification.
- Startup code and SMM Adversary: All capabilities of the System Software Adversary, as well as control over initial boot code and system management mode. This adversary can manipulate x86/x64 in any manner allowed by the instruction set architecture specification. This adversary also has the ability to compromise system and platform firmware.
- Network Adversary: Access to and may have control over various network fabrics that are used to connect the platform to other platforms, intranet, or extranet resources. This adversary can also interact with remote systems through predefined APIs.
- Software Side Channel Adversary: Able to gather statistics from the CPU regarding execution and may be able to use them to extract secrets from the software being executed. This adversary can also observe hardware resource usage to infer information. This adversary can often directly influence resource usage (e.g., by causing contention) or by modulating an input to a victim program.
- Simple Hardware Adversary: Physical access to the system and typically doesn’t require expensive equipment or extraordinary training/specialty.
- Skilled Hardware Adversary: Physical access to the system and additional equipment and/or training that isn’t accessible to the average individual consumer.
- Hardware Reverse Engineer Adversary: Physical access to the system, specialized tooling (which can be rented), and highly specialized expertise.
- Authorized Adversary: Intel or partner-granted authority that has capabilities not available to unauthorized entities. This may include access to manufacturing facilities and systems, access to design facilities, and design systems or with access to devices that haven’t completed all manufacturing steps.
Aligning Architecture to Security Objectives
Reviewing architecture and designs early in product development is an important part of the Intel Security Development Lifecycle (SDL). Our security architecture review board brings together expertise from across disciplines to review each product’s architecture and carefully consider potential threats - and does so more comprehensively than any tools could.
The role of security architecture reviews is to evaluate product or technology architecture. The process helps ensure that security objectives are properly scoped and identified and that the architecture meets the defined objectives, covering:
- Network
- Unprivileged software
- System software
- Software side-channel/Covert-channel
- Startup code (e.g. BIOS firmware, System Management Mode)
- Simple hardware
- Skilled hardware
- Hardware reverse engineer
- Authorize
These reviews help ensure that the problem statement is clearly defined and threat models are complete. Completing architecture reviews helps identify and mitigate risks early and results in an action plan for development teams to follow.
Delivering On Our Security Goals
Security validation aims to ensure that our products adhere to the goals we set, with validation teams focused on confirming that designs are functionally correct.
Security validation teams work with the pre-silicon functional validation teams, so that their testing strategies consider relevant scenarios. Additionally, we want product updates designed to improve security, to be thoroughly validated. As we learn new techniques that researchers are creating to break our security models, we adjust our testing strategies and create tools and methodologies, so that future generations of products are more secure than the last.
Proof-of-Concept Code
Developing proof-of-concept code to run on a post-silicon debug platform is useful for stressing parts of the microarchitecture in a real-world environment. We test our mitigations to reported vulnerabilities using techniques learned from the academic community, and we build on this foundation to verify that our patches are effective and future generations of products are more secure.
Security Belt Program
The Intel Security Belt Certification program, launched in October 2020, is one way we strive to develop that security-first mindset measurably. Each security belt earned increases security knowledge and impacts the security of our products as well as impact across the ecosystem as our employees engage in helping to drive industry-wide initiatives and standards.
Continually Strengthening Our Products Through Security Research
Intel employs dedicated teams of security research experts who are always examining ways to make our products more secure. From researching known attacks to identifying what’s next, before it impacts you, Intel is always looking to break what we build to make our technology even stronger.
Offensive Research
Investigating products for known and emerging threats, vulnerabilities, and attacks, including physical attacks. The focus is system-wide targets from transistor level to hardware design, system firmware, drivers, operating systems, and application software.
Defensive Research
Examining new vulnerabilities and exploits that require systemic mitigations and evaluating response effectiveness. The focus includes industry-wide edge hardware and software mitigations for emerging and future vulnerabilities.
Culture and Capabilities
Empowering our architects, developers, designers, and validators to think like a hacker, through tools, training, and immersive mentoring including hands-on research.
Academic and Community Outreach
Engaging the community to better understand researcher perspectives through sponsored research, awards and recognition, community outreach, and mentorship/ internship opportunities.
Industry-Leading Incident Response
You can trust we’re always looking for vulnerabilities. When we find them or they’re reported to us, we act with integrity and transparency.
The Intel Product Security Incident Response Team (PSIRT) includes seasoned experts and works to minimize customer impact of issues in Intel products, following robust processes modeled on industry best practices for how we respond to, mitigate, and disclose security issues according to principles for coordinated vulnerability disclosure (CVD).
Bug Bounty Program
We engage with some of the best and brightest external security researchers and academics across the globe. Our Bug Bounty Program encourages collaboration with the research community and incentivizes researchers to help us identify and mitigate security vulnerabilities in Intel products.
An extension of the public program, Project Circuit Breaker brings together ethical hackers and security researchers from within our company to hunt bugs in the latest software and hardware products through virtual and live hacking events, leading to more secure products.
Intel Platform Update
Intel regularly releases functional and security updates for supported products and services. Due to the integrated nature of hardware, firmware, and software, product updates often require additional validation and integration from Intel partners.
The Intel Platform Update process enhances our partners’ ability to validate and release updates for their products on a timely and predictable cadence to end customers.
Supply Chain: Sourcing and Manufacturing Securely
Security is more complex than antivirus or memory protections. Attack surfaces can include third-party components or the physical alteration of hardware in manufacturing.
Our sourcing and manufacturing practices are built on decades of experience and aligned to industry standards and best practices - many we helped establish. From suppliers and raw materials to world-class manufacturing and secure delivery, nobody has more expertise in driving secure supply chain and manufacturing practices.
Design, Sourcing, and Procurement
Risk management across the supply chain guides supplier selection, conformance to industry certifications and standards, and continuous quality management.
Manfucture, Assembly, and Test
Statistical monitoring, audits, proprietary algorithms plus unit-level traceability to detect issues and mitigate risks contribute to improved security throughout the manufacturing process.
Distribution and Customer Delivery
Advanced provenance/surveillance technologies help mitigate counterfeiting risk, helping enable the secure storage and transport of our products to customers.
Industry Standards and Best Practices
A key aspect of our supply chain and manufacturing security is the use of industry standards and best practices. Highlights include:
- International Organization for Standardization (ISO)
- National Institute of Standards and Technology (NIST)
- Transported Asset Protection Association (TAPA)
- U.S. Customs Trade Partnership Against Terrorism: Tier III Certified
Expert Insight
Security Belt Program
Salina Fan-Carman, director of product security training, shares how security belt training improves the security of Intel products.
SDL Impact
Diana Carroll, SDL content architect discusses how security across six phases positions Intel technology to deliver defense in depth.
Lenovo Supply Chain
LaTrea Shine on Lenovo’s supply chain and how they use Intel Transparent Supply Chain to support their customers.
2024 Intel Product Security Report
This report provides a transparent analysis of the product vulnerabilities Intel disclosed in 2024. Additionally, it looks at common platform firmware and graphics processing unit (GPU) vulnerabilities as a comparative analysis of product security assurance results.
For example: AMD reported 4.4x more firmware vulnerabilities in their hardware root-of-trust than Intel and 1.8x more firmware vulnerabilities in their confidential computing technologies.