It's a very sophisticated attack method that few could pull off, but the security bugs exploited by security researchers Joanna Rutkowska and colleague Rafal Wojtczuk to bypass Intel Trusted Execution Technology (TXT) should be noted by security pros. Especially those considering the potential applications of TXT to drive virtualization to Intel-based desktops, servers and mobile devices. There is no need for IT to panic yet; as there are no known attacks and the vulnerabilities take great expertise to exploit.
The attack is noteworthy because Citrix and VMware have recently announced major partnerships using Intel's vPro architecture and TXT as a foundation. Intel is looking at the vulnerability and has pledged to ensure the security of TXT.
As background, Intel's vPro architecture has been architected to provide a secure platform for execution of operating systems and virtual machines. Its major security features include hardware enforced isolation of virtual machines to compartmentalize any attacks, Trusted Platform Module (TPM) for secure storage of secrets, and TXT as a trusted mechanism for loading system software, such as operating systems or virtual machines. TXT has a feature with nice potential that allows for off-line and off-hours configuration management of the endpoint where TXT could be used to refresh a desktop/laptop and backup sensitive data while the device is inactive. This is the real danger of this vulnerability -- an attack that undermines SMM could force TXT to distribute malicious code that passes TXT integrity checks.
The TXT vulnerability is tremendously difficult to exploit, requires a skilled attacker, and thus far it does not appear as if it could propagate in the wild. It requires an advanced attack to specifically targeted servers. The primary business risk is to a distribution server to which an attacker has hands-on access, and can result in an attack that burrows into the system software before it is distributed to corporate endpoints. This risk is very, very low, but would be extremely damaging if it were to occur.
IT should be sure that software and virtual machine distribution servers are kept under physical control. The main system software distribution system, including endpoint refresh, patches, and virtual machine images, needs to be the most trusted service in the network. These servers belong in the data center where physical and logical security can work together in protecting the infrastructure.
Attackers will find many more vulnerabilities that are easier to exploit and leverage for profit than messing around with TXT. It is not a major worry for IT. However, IT is advised to ensure that its critical system software and VM servers are under lock and key control to help prevent any loss of trust in the corporate execution environment.
Eric Ogren is founder and principal analyst of the Ogren Group, which provides industry analyst services for vendors focusing on virtualization and security. Prior to founding the Ogren Group, Eric served as a security industry analyst for the Yankee Group and ESG. Ogren has also served as vice president of marketing at security startups Okena, Sequation and Tizor. He can be reached by sending an email to firstname.lastname@example.org.