Technology & Research

Intel® Technology Journal Home

Volume 12, Issue 04

Intel® vPro™ Technology


Intel Technology Journal - Featuring Intel's recent research and development

ISSN 1535-864X DOI 10.1535/itj.1204.10

  • Volume 12
  • Issue 04
  • Published December 23, 2008

Intel® vPro™ Technology

  Section 3 of 9  

Advanced Security Features of Intel® vPro™ Technology

Attack Surfaces

As with any security analysis, we start with analyzing the attack surfaces. Intel® Active Management Technology (Intel® AMT) provides very unique and powerful computer-manageability features that provide ample benefits to the IT administrator of the enterprise. Just like most other powerful capabilities in any system, the adversaries can and will attempt to misuse Intel AMT to attack the computer. The extent of the damage caused depends on the nature of the attack. For example, it could be something relatively innocuous that just creates a nuisance for the end user of the computer, or it could be something serious, such as disabling some of the security protections offered by Intel AMT.

The first attack surface is the Intel AMT internal processor itself. If the attacker is able to execute arbitrary code on the Intel AMT processor, he or she can access the secrets stored on the platform and also bypass several of the protection mechanisms. Such an attack is of course difficult to mount, but very rewarding for the attacker. Therefore, the Intel AMT execution environment is an obvious attack surface.

Next is the fact that Intel AMT is a network entity, and it is therefore important to make sure that any network communication between the Intel AMT platform and the remote management console is secured, such that no secrets are revealed to a network eavesdropper. Anyone who accesses Intel AMT through the network interface should not be able to reveal any secrets without authentication.

There are also local attackers. Should one of the enterprise’s platforms, enabled with Intel® vPro™ technology, be stolen, the thief might attempt to discover the enterprise’s secrets, by using any of the Intel AMT local management interfaces or by physically accessing the nonvolatile flash memory storage.

Finally, an insider who has legitimate authentication credentials to access Intel AMT might abuse his or her position and cause damage to the system, or he or she might gain access to the computer’s secrets through a backdoor into the computer (more on this later).

In the following sections we describe the specific protections designed into Intel AMT to prevent these attacks.

  Section 3 of 9  

Back to Top

In this article

Download PDF of this article