Hacking the Xbox
Hacking the Xbox
Hacking the Xbox
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Note<br />
Chapter 9 - Sneaking in <strong>the</strong> Back Door 149<br />
Code compartmentalization based on hardware security<br />
levels is a different technique from sand-boxing. Sandboxing<br />
does not provide an adequate solution for situations<br />
where a user program requires direction from or interaction<br />
with secret or protected code or data. Lately,<br />
new processor architectures have been proposed that can<br />
solve this problem through <strong>the</strong> use of data tags that embed<br />
a sort of security audit log. 4<br />
Ano<strong>the</strong>r source of back doors are <strong>the</strong> design bugs that exist in every<br />
complex chip. It is common practice to ship chips with plenty of known<br />
bugs, also known as errata. For example, <strong>the</strong> Intel i860 XP processor (first<br />
released in 1991, not to be confused with <strong>the</strong> recently released i860 chipset<br />
for <strong>the</strong> Pentium4 processor) shipped with a book of errata that was<br />
comparable in size to <strong>the</strong> processor’s data sheet. Ano<strong>the</strong>r example closer to<br />
home is <strong>the</strong> bug in <strong>the</strong> nVidia MCPX’s address space decoder that made <strong>the</strong><br />
MIST Premature Unmap attack possible. Most of <strong>the</strong>se errata have simple<br />
work-arounds or have minor implications for <strong>the</strong> functionality of <strong>the</strong> chip<br />
under nominal conditions. However, some errata, such as those dealing<br />
with cache coherence, address decoding, and memory management can result<br />
in major software security holes.<br />
In <strong>the</strong> case of <strong>the</strong> <strong>Xbox</strong>, <strong>the</strong> business impact of a hardware back door is<br />
probably small. Perhaps Microsoft loses some small fraction of game sales<br />
revenue, but <strong>the</strong> losses due to piracy are dwarfed by <strong>the</strong> losses Microsoft<br />
takes on hardware sales. Also, <strong>the</strong> <strong>Xbox</strong> is just a game console — grandma’s<br />
bank account is not being tapped dry or credit card numbers stolen as a<br />
result of security weaknesses in <strong>the</strong> <strong>Xbox</strong>. However, more than game<br />
revenues will be at risk with <strong>the</strong> trusted PC. Unless <strong>the</strong> trusted PC architecture<br />
is a fundamental change from legacy PCs, people will be blindly trusting<br />
financial secrets and personal data security to untrustworthy hardware.<br />
Like most things in life, <strong>the</strong> first step is education. The more we learn about<br />
hardware security, even if it involves poking around a game console, <strong>the</strong><br />
better our security systems will be tomorrow. Now, on with <strong>the</strong> lesson . . .<br />
4 http://www.ai.mit.edu/projects/aries/Documents/Memos/ARIES-15.pdf.<br />
“A Minimal Trusted Computing Base for Dynamically Ensuring<br />
Secure Information Flow,” by Tom Knight and Jeremy Brown.