Outras ferramentas de software

Finding BIOS Vulnerabilities with Symbolic Execution and Virtual Platforms

Finding BIOS Vulnerabilities With Excite

Finding vulnerabilities in code is part of the constant security game between attackers and defenders. An attacker only needs to find one opening to be successful, while a defender needs to search for and plug all or at least most of the holes in a system. Thus, a defender needs more effective tools than the attacker to come out ahead.

Signed UEFI Firmware Updates in EDK II

Intel has recently contributed a full implementation for UEFI Capsule update, including support for the EFI System Resource Table (ESRT) and Firmware Management Protocol (FMP), under EDK II. The SignedCapsulePkg has been ported to two open platforms, MinnowBoard Max/Turbot and Intel® Galileo, for further development and validation.

Intel® RealSense™ for Linux - Object Library Documentation

Version: 1.0

Intel® RealSense™ Object Library middleware gives machines the ability to understand what they are looking at, in other words, imparting meaning to the vision the Intel RealSense cameras provide. This ability allows for more dynamic human-machine interaction. Object Library uses a CNN-based architecture that utilizes depth to efficiently and accurately classify and localize objects. This middleware includes a library for recognizing, localizing, and tracking objects from a pre-defined library.

Arrays

The Enclave Definition Language (EDL) supports multidimensional, fixed-size arrays to be used in data structure definition and parameter declaration. Zero-length array and flexible array member, however, are not supported. The special attribute isary is used to designate function parameters that are of a user defined type array.

Example

enclave {

   

Unsafe C++11 Attributes

Developers should use C++11 attributes inside an enclave with care. The attribute noreturn, in particular, may cause a potencial security risk. For instance, if a trusted function calls a noreturn function any clean-up code placed after the function call will be ignored.

[noreturn]]void foo(parameters…)
{
    ...
}
int ecall_function(parameters…)
{
    ...
    foo(...);
    // Clean-up code below will be ignored
    ...
    return 0;
}

Intel® Enhanced Privacy ID (Intel® EPID)

Attestation using standard asymmetric cryptographic signature algorithms has a well-known privacy concern when a small number of keys are used across the life of the platform. Because the key used for signing the quote needs to be associated with the hardware performing the quote operation, it allows third parties to collude and track which sites users have visited. To overcome this problem, Intel has introduced the use of an anonymous signature technique, known as Intel® Enhanced Privacy ID (Intel® EPID), for signing enclave quotes.

Intel® Software Guard Extensions Technology Overview

Intel® Software Guard Extensions is an Intel technology whose objective is to enable a high-level protection of secrets. It operates by allocating hardware-protected memory where code and data reside. The protected memory area is called an enclave. Data within the enclave memory can only be accessed by the code that also resides within the enclave memory space. Enclave code can be invoked via special instructions. An enclave can be built and loaded as a Windows* DLL.

Supported Application Types

The Intel® Software Guard Extensions SDK supports a number of application types and user accounts on the Windows* OS. Users of regular, guest and administrator accounts may run an enclave application in the form of a DLL to load and interface with an Intel® SGX enclave. User-level driver and system services that execute in the security context of a user account also have access to the functionality provided by the Intel® SGX software stack.

Assine o Outras ferramentas de software