In today’s episode of Chips & Salsa, CRob and I talk with Henrique Kawakami about the Intel STrategic Offensive Research and Mitigations (STORM) team. As the name suggests, the STORM team is made up of elite security researchers who focus on different ways to hack various aspects of Intel firmware and software and develop new mitigation methodologies. When considering the triage phase of a mature vulnerability management process, the STORM team is involved in validating reports from external researchers and in helping to develop Intel’s mitigation strategy.
To give you and example of the type of work this team does, in March 2022, the STORM team, in the course of investigating the lfence;jmp side channel mitigation more deeply, discovered that it was not effective in some scenarios on certain x86 processors from both Intel and AMD. After coordinating public disclosure of these findings with other silicon vendors, the team published a research paper to arXiv for the benefit of the industry which was covered by a few news outlets such as this Tom’s Hardware article.
This is the first in a series of episodes we plan to do over the next few months to dig deeper into the critical role the STORM team has in security at Intel and introduce you to the members of the team and the different areas of research they focus on. In the video below, Henrique, the team manager, gives us a high level overview of that work.
More about Henrique:
Henrique is a security researcher and manager of the Intel STORM team. He was one of Intel's first internal researchers to reproduce and craft proof-of-concepts for transient execution attacks – a topic that he continues to research in his role on the team. His ongoing work has contributed to the discovery of new vulnerabilities and resulted in two patents.
Thanks for watching!
Jerry Bryant Sr. Director of Security Communications and Incident Response Intel Product Assurance and Security
Intel Product Assurance and Security (IPAS) is designed to serve as a security center of excellence – a sort of mission control – that looks across all of Intel. Beyond addressing the security issues of today, we are looking longer-term at the evolving threat landscape and continuously improving product security in the years ahead.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Intel Product Assurance and Security (IPAS) is designed to serve as a security center of excellence – a sort of mission control – that looks across all of Intel. Beyond addressing the security issues of today, we are looking longer-term at the evolving threat landscape and continuously improving product security in the years ahead.