Newer processors are able to contribute to the security of your system, but what exactly do they do to help? Today’s Super User Q&A post looks at the link between processors and system security.
Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.
Photo courtesy of Zoltan Horlik.
SuperUser reader Krimson wants to know what the link between processors and security is:
So, I have been on the web for a while today and came across the Intel Xeon processors. In the feature list, it mentions security. I remember in many other places, I’ve seen security somehow linked with processors. Here is the link for the Xeon and here is the page it links to.
As far as I know, processors just execute instructions given to them. So again, what is the link between a processor and security? How can a processor enhance security?
What is the connection between the two? And if the processor is contributing to the security of your system, then what is it doing that helps the user?
SuperUser contributors Journeyman Geek and chritohnide have the answer for us. First up, Journeyman Geek:
A lot of newer processors have parts of their core dedicated to doing AES instructions. This means the ‘cost’ of encryption, in terms of power and processor use is less, since these parts do that one job more efficiently and faster. This means it is easier to encrypt things, and as such you have better security.
You can use this for things like OpenSSL, or encrypting the hard drive, or any library designed to use it, with less of a hit on performance for regular tasks.
Followed by the answer from chritohnide:
Modern processors incorporate various protection techniques which facilitate an increase in the overall security of the system.
One example is the flagging of data areas in memory as No-eXecute in order to prevent over- and under-run vulnerabilities.
An older and more fundamental capability are the protection mechanisms provided by the virtual memory management system. The very nature of the conventional VMM techniques prevent one process from accessing another process’s memory.
Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.