Security Best Practices and Guidance
Access Intel Security Insight
Security is a shared concern. We contribute our security learnings and expertise to benefit the global community through participation in industry events and governance bodies, through direct engagements, and by sponsoring academic programs that mentor future security professionals. Following is a selection of security best practices Intel has published.
Securing Workloads Against Side Channels
An overview of the types of incidental channels in CPUs, the security threat these incidental channels can pose, Intel’s position on incidental channels, and strategies to mitigate the risks.
Mitigating Timing Side Channels Against Cryptographic Implementations
The primary concern with side channels is the protection of secrets. Secrets are broadly defined as any data that shouldn’t be seen or known by other users, applications, or even other code modules. When using side channel methods, potential malicious actors most commonly seek: API keys, user passwords, and cryptographic key. These resources may allow potential malicious actors to decrypt or access other protected secrets.
Microcode Update Guidance
This document describes details about the microcode update (MCU) process on current Intel processors. It includes the points when a microcode update may be loaded (Firmware Interface Table, BIOS, OS, and runtime) as well as guidelines for microcode updates.
Security Best Practices for Side Channel Resistance
Developers can employ security best practices to help protect against various types of potential side channel attacks and provide defense in depth. These include using the latest software version, not sharing resources when sharing can be avoided, limiting error messages, writing constant timing code, and being aware of compiler optimizations. To prioritize side channel defense, consider the threat model of your applications.
Refined Speculative Execution Terminology
Current terminology being used to describe speculative execution side channel vulnerabilities can be imprecise in certain situations. Intel seeks to introduce a unified terminology that is concise and unambiguous, while also reasonably aligning with the research community. Intel plans to adopt the terms in this article for future guidance.
Software Security Guidance
Are you a software developer or system admin looking for resources to help you assess risk and build more secure solutions? We’ve designed a site for you. The Intel Developer Zone includes guidance on designing solutions with security in mind, including best practices for cryptography, software-based mitigations and affected processors by vulnerability for side channels.