@inproceedings{DBLP:conf/esorics/Duflot08, author = {Lo\"{\i}c Duflot}, title = {CPU Bugs, CPU Backdoors and Consequences on Security}, booktitle = {ESORICS}, year = {2008}, pages = {580-599}, ee = {http://dx.doi.org/10.1007/978-3-540-88313-5_37}, crossref = {DBLP:conf/esorics/2008}, bibsource = {DBLP, http://dblp.uni-trier.de} } @proceedings{DBLP:conf/esorics/2008, editor = {Sushil Jajodia and Javier L{\'o}pez}, title = {Computer Security - ESORICS 2008, 13th European Symposium on Research in Computer Security, M{\'a}laga, Spain, October 6-8, 2008. Proceedings}, booktitle = {ESORICS}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, volume = {5283}, year = {2008}, isbn = {978-3-540-88312-8}, bibsource = {DBLP, http://dblp.uni-trier.de} } CPU Bugs, CPU Backdoors and Consequences on Security Loïc Duflot Computer Science Publisher Springer Berlin / Heidelberg ISSN 0302-9743 (Print) 1611-3349 (Online) Volume Volume 5283/2008 Book Computer Security - ESORICS 2008 DOI 10.1007/978-3-540-88313-5 Copyright 2008 ISBN 978-3-540-88312-8 DOI 10.1007/978-3-540-88313-5_37 Pages 580-599 Subject Collection Computer Science SpringerLink Date Sunday, October 05, 2008 Abstract In this paper, we present the consequences on the security of operating systems and virtual machine monitors of the presence of a bug or a backdoor in x86 processors. We will not try to determine whether the backdoor threat is realistic or not, but we will assume that a bug or a backdoor exists and analyse the consequences on systems. We will show how it is possible for an attacker to implement a simple and generic CPU backdoor to be later able to bypass mandatory security mechanisms with very limited initial privileges. We will explain practical difficulties and show proof of concept schemes using a modified Qemu CPU emulator. Backdoors studied in this paper are all usable from the software level without any physical access to the hardware.