Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Secure hardware

  1. #1
    Join Date
    Jul 2005

    Secure hardware

    Does the choice in processor, or harddisk, or board make some difference in the security of a computer-system? It doesn't have to be much difference but would e.g. an Intel-system be slightly more secure than an AMD-system? Considering that modern hardware tends to come with some possible bugs and/or possible exploits, I could imagine that some hardware components would be less vulnerable than other, similar hardware components. So I wonder, which hardware brands are best-known for the least possible vulnerabilities and bugs? (And not just processors, btw!)

  2. #2
    Join Date
    Apr 2004
    Well.. that depends on your definition of "secure". If your talking about hacking/exploiting a processor, mobo, video card, ram, PSU, etc... lol, then no it doesn't matter. If your talking about heat, that's different. What processor runs cooler, etc... But there has already been tons of discussions on that topic...

    Back in the day BIOS virii were pretty common, but nowadays you got BIOS write protection, which means nothing can write to the BIOS unless your turn it off...
    I am the uber duck!!1
    Proxy Tools

  3. #3
    Frustrated Mad Scientist
    Join Date
    Dec 2004
    Not too sure about right now. You might want to do some googling (and a wiki ) for Microsoft Palladium which was the first name of MS proposed secured system for both hardware and software.


    The info in the links are out of date butthey still give some indication about the way MS and partners were thinking. MS has backtracked on a lot since then.

    I think it's been renamed as 'Trusted Computing' which the public spin being that only authorised code will run on the machine and spyware/viruses ect will be blocked within the hardware. Those with a more paranoid nature belive the systemn will be used to block the machine to only play DRM software/ hardware and media files.

    Some of these ideas are becoming apparent in MS Vista
    --or not. You've got me looking now.



  4. #4
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    There are some things you might wish to consider based on physical security.

    A CD ROM/Floppy/USB port offers a route to get malware onto the system.

    A case that can be opened can have other hardware added (eg ADSL modem to allow ecternal access) or the hard drive to be removed and cloned, allowing the system to analysed/craked at leisure

    A computer that can be physically carried out of the room allows the system to be opened and hence the above applies

    Etc, etc
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  5. #5
    Senior Member
    Join Date
    Mar 2004

    Let me look at it from a slightly different angle. The question I ask
    myself is, how do you evaluate the security a "system" provides?
    "For this", criterions are specificied (ISO 15408). The EAL's are
    described in an overview at IACS[1].

    At a certain (high) level of assurance, see DoD 5200.28-STD[2] it holds that
    "no computer system can be considered truly secure if the basic hardware
    and software mechanisms that enforce the security policy are themselves
    subject to unauthorized modification or subversion."

    Unfortunately, I would like to know much more about the certification processes than I
    do, hence I am careful with what I am saying. Anyway, the highest (I think)
    assurance level certified operating system, STOP[3a,3b], only has achieved
    this certification by the use of particular hardware!

    In this context, hardware is very relevant to achieve high-assurance level
    certification. I would be happy to listen to more qualified voices.


    [1] http://www.cesg.gov.uk/site/iacs/ind...displayPage=13
    [2] http://www.fas.org/irp/nsa/rainbow/std001.htm
    [3a] http://niap.nist.gov/cc-scheme/st/ST_VID3012a.html
    [3b] http://www.cygnacom.com/labs/pfSEL0181T3b.htm
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  6. #6
    Join Date
    Nov 2003
    I believe this would fall under assurance and good architecture, etc .......... how can you design good code following the criteria and then piss away all your potential assurance by not holding your hardware to the yardsticks of the industry?

    (Orange book)
    3.3.3 Assurance Operational Assurance System Architecture System Integrity

    The TCB shall maintain a domain for its own execution
    that protects it from external interference or tampering
    (e.g., by modification of its code or data structures).
    The TCB shall maintain process isolation through the
    provision of distinct address spaces under its control.
    The TCB shall be internally structured into well-defined
    largely independent modules. It shall make effective use
    of available hardware to separate those elements that are
    protection-critical from those that are not. The TCB
    modules shall be designed such that the principle of
    least privilege is enforced. Features in hardware, such
    as segmentation, shall be used to support logically
    distinct storage objects with separate attributes
    (namely: readable, writeable). The user interface to the
    TCB shall be completely defined and all elements of the
    TCB identified. The TCB shall be designed and structured
    to use a complete, conceptually simple protection
    mechanism with precisely defined semantics. This
    mechanism shall play a central role in enforcing the
    internal structuring of the TCB and the system. The
    TCB shall incorporate significant use of layering,
    abstraction and data hiding. Significant system
    engineering shall be directed toward minimizing the
    complexity of the TCB and excluding from
    the TCB modules that are not protection-critical. System Integrity
    Hardware and/or software features shall be provided that
    can be used to periodically validate the correct
    operation of the on-site hardware and firmware elements
    of the TCB

    NCSC-TG-021(Purple Book)

    entails a global perspective of the entire system

    Attached below is a simple yet comprehensive pdf

  7. #7
    Join Date
    Apr 2004
    Once again, I have forgotten my glasses at school lol... but what I made out it's sounding like, I'm wrong and you guys are saying that there is a difference security wise between AMD and Intel for example... How is this?????
    I am the uber duck!!1
    Proxy Tools

  8. #8
    Senior Member
    Join Date
    Oct 2001
    More features = More problems

    Recently we had the fiasco over Intel's Hyperthreading and cache timings. This feature had the side effect of allowing you to explore what is in the cache as it is being used. That could make it somewhat less secure. But it isn't a major issue.

    Another thing you may consider secure/insecure is the ability to perform un-intended hardware modifications to your processors.

    Such as overclocking.

    Intel tries their best to prevent overclocking, and recently one of their chipsets and processor combinations somehow enforced a tight FSB speed. But it was fairly quickly reverse-engineered by other chipset makers with their own compatible chipsets and such security measures were no longer possible. There are also some software modifications to many of their smaller processors that allow control over their CPU speeds.

    AMD generally allowed many modifications but are now trying to prevent them...it used to be possible to cut your own speed modifications into the PCB, but now that is pretty difficult... There are some software modifications that allow you to change the speed the hardware operates at.

    There are other processors that you can perform modifications to to overclock...including that in a TI-83 calculator, a Palm Pilot / PDA, etc. You can even overclock a clock, but that's not useful since it wouldn't tell the time anymore... You could also make a 12 hour clock with hour and minute hands out of a 5400RPM hard drive, but that's another story...

    You pretty much can reprogram any hardware. Sometimes it isn't financially possible because you may need a fab or electron microscope to reverse engineer it, but it is theoretically do-able.

    It probably doesn't help show how "insecure" it is as much as the more common things people here have mentioned... In some systems there are multiple redundant processors that check for errors on critical stuff, but that's very specialized and exorbantly expensive stuff...something you wouldn't see in your standard x86 processor workstation.

  9. #9
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Those with a more paranoid nature belive the systemn will be used to block the machine to only play DRM software/ hardware and media files.
    And I am one of them. Today, hardware is irrelevant to computer security.
    A processor will execute the instructions fed to it. A hard drive will save the file
    you send to it. The monitor will display what it's told to display.

    Some evil wannabe fascist monster<rcgreen starts foaming at mouth> idiots
    in the business want to insert "security" into the firmware on devices like hard drives
    and vid cards<rcgreen puts on tinfoil hat>, and it would be a baaaaaaaaaaad thing.

    But the answer is no, hardware has(today) no effect on security AFAIK.
    I came in to the world with nothing. I still have most of it.

  10. #10
    Join Date
    Jul 2005
    Hardware has no effect on security? Okay, then how about network printers? And there's a lot more hardware that are almost computers all by themselves. Phones these days are also not that safe anymore as they used to be because some wireless virus that seems to be running around wildly.
    But my main concern is about internal hardware though. One of the first Intel processors had a floating-point bug in them that would mess up some calculations. I can imagine that modern processors might have even more bugs. And maybe even bugs that would allow someone to break into the system or just break the system. And of course, not only the processor could be abused for this but perhaps also network cards, IDE cards, graphic-cards, etc.
    It doesn't have to be about hackers getting access. It could also just be some nasty instruction to some piece of hardware that just kills the system until a reset will reincarnate it again.

    I've read a book about computer-virusses that was printed in 1989. ("Computervirusses" By Data-Becker) It mentioned a virus that could actually damage a diskdrive by moving the drive head to a non-existing track. The hardware didn't check for illegal values thus the head started to bump against the case and thus could get damaged. These are the vulnerabilities that I am thinking about.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts