Aligning Architecture to Security Objectives

Reviewing architecture and designs early in product development is an important part of the Intel Security Development Lifecycle (SDL). Our security architecture review board brings together expertise from across disciplines to review each product’s architecture and carefully consider potential threats - and does so more comprehensively than any tools could.

The role of security architecture reviews is to evaluate product or technology architecture. The process helps ensure that security objectives are properly scoped and identified, and the architecture meets the defined objectives, covering: 

• Network 
• Unprivileged software 
• System software 
• Software side-channel/Covert-channel 
• Startup code (e.g. BIOS, firmware, System Management Mode) 
• Simple hardware 
• Skilled hardware  
• Hardware reverse engineer 
• Authorized

These reviews help ensure that the problem statement is clearly defined and threat models are complete. Completing architecture reviews helps identify and mitigate risks early and results in an action plan for development teams to follow.