User Guide

Contents

Security Best Practices

Performance profiling is an activity that may involve making important security decisions. Learn about some important security considerations that arise when installing and using
Intel® VTune™
Profiler
.
Due to the inherent nature of performance profiling,
Intel® VTune™
Profiler
requires certain levels of access to deliver some of the more advanced features. It is important that you are aware of these implications to enable you to make informed security decisions.

Administrator and Root Privileges

VTune
Profiler
requires administrator or root privileges for performing specific types of analyses. On Windows* OS, this means starting VTune Profiler as Administrator, and on Linux* systems, this requires sudo privileges.
It is recommended to only start VTune Profiler with elevated privileges if a specific analysis requires these privileges. Avoid staying in elevated mode for viewing collected results.

Controlling Sampling Driver Access (Linux* OS)

By default, on Linux OS,
VTune
Profiler
installer creates a
vtune
user group, which is given access to the Sampling Driver through the Linux* I/O Control. It is recommended to not alter the default settings, for example, by creating a broad user group. Since the driver runs on the kernel level, exposing the driver to a large group of users can make your system vulnerable. Additionally, any user that has access to the driver can potentially obtain sensitive information by collecting performance metrics from the system.
Though
VTune
Profiler
takes preemptive measures by validating all user input, it is recommended that you follow the principle of least required privilege when allowing access to the sampling driver.

Security Implications of Setting perf_event_paranoid (Linux* OS)

On Linux OS, the
perf_event_paranoid
setting controls the access levels for unprivileged users of
perf
.
VTune
Profiler
may recommend that you set this value to 0 to perform a specific analysis. At this level, the collected data includes per-process and system-wide performance monitoring data, including CPU and system events both from the user space and the kernel. This may create a potential for sensitive data leaks.
For more information on the usage of
perf
with
VTune
Profiler
and possible limitations, see the Profiling Hardware Without Intel Sampling Drivers Cookbook recipe.

VTune
Profiler
Server Authentication Security

Though all network traffic of
VTune
Profiler
Server is encrypted, it is important to select the appropriate authentication scheme when installing
VTune
Profiler
Server. While passphrase authentication is a viable option for some use cases, such as personal use, it is recommended to use other authentication schemes offered when using
VTune
Profiler
Server in broader environments. Detailed information on configuring secure user access channels is available in the Install VTune Profiler Server section of the User Guide.

Product and Performance Information

1

Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.

Notice revision #20110804