Google Reveals Its Servers All Contain Custom Security Silicon (theregister.co.uk) 48
Google has published an Infrastructure Security Design Overview that explains how it secures the cloud it uses for its own operations and for public cloud services. From a report on The Register: The document outlines six layers of security and reveals some interesting factoids about the Alphabet subsidiary's operations, none more so than the disclosure that: "We also design custom chips, including a hardware security chip that is currently being deployed on both servers and peripherals. These chips allow us to securely identify and authenticate legitimate Google devices at the hardware level." That silicon works alongside cryptographic signatures employed "over low-level components like the BIOS, bootloader, kernel, and base operating system image." "These signatures can be validated during each boot or update," the document says, adding that "the components are all Google-controlled, built, and hardened. With each new generation of hardware we strive to continually improve security: for example, depending on the generation of server design, we root the trust of the boot chain in either a lockable firmware chip, a microcontroller running Google-written security code, or the above mentioned Google-designed security chip."
It won't stop a warrant or a subpoena...
They presumably try do peer reviews on security software to reduce the chance of sabotaged code from getting through.
Neither true nor meaningful (Score:2)
Your statement of "fact" is utterly false, and would be meaningless if it were true.
Mac OS X, Mac iOS, several versions of Windows, several Linux distributions each have more CVEs than Android. Android is in fact #17 on the list of most vulnerabilities (in other words, it's among the most secure popular operating systems, by CVE count).
However, counting the number of reported vulnerabilities is utterly bogus. One day we got a CVE for Linux which was essentially "by running 'ls
/*/*/*/*/*/*' a local user c
Google even has a help article [google.com] that tells you how to reuse one when the GSA license expires.
Any of the modern bits can not be reused they mucked about with them.
Why is this news... (Score:2)
I didn't. Know. Or work at Google.
Everything I knew about Google when I worked at Google came from the tech press. Although working in the data center gave me more hands on experience with the actual hardware, especially the $50K optical switch that in a box with two feet of foam cushion on all sides.
I'm pretty sure many companies' employees are privy to said companies trade secrets, don't you think?
The only trade secrets at Google is how much duct tape and baling wire these systems are held together with.
So then provide links to where this exact information was published previously.
https://blog.codinghorror.com/building-a-computer-the-google-way/ [codinghorror.com]
Nothing in that article mentions anything about running custom silicon for securing their servers. It's simply a high-level spec sheet. So that doesn't actual answer the GPs question.
EE: Google Ramps Up Chip Design
http://www.eetimes.com/document.asp?doc_id=1320981 [eetimes.com]
creimer: life-pro-tip -- it's not all about you and what you know.
You're wrong. If I wasn't an asshole, I wouldn't be working in IT.
This just in: Company employees will know things people outside the company don't. Film at 11!
This just in: Company employees will know things people outside the company don't.
My knowledge of Google while working at Google came from the tech press and some books.
And yet you fail to side even a single link or book.
Cite*. Goddamn phone dictation.
And yet you fail to side even a single link or book.
If you can't use Google, that's not my problem.
Translation: I'm just talking out of my ass.
Translation: I'm just talking out of my ass.
This is Slashdot. You must be new around here.
I did Google it but the source information is from only a 4-day-old Google blog story.
https://cloud.google.com/secur... [google.com]
So it seems your claims of this information bein published before in numerous tech posts and books was bullshit.