As previously reported in the Computing Community Consortium (CCC) Blog, two major hardware security design flaws—dubbed Meltdown and Spectre—were broadly revealed to the public in early January 2018. These flaws are described in detail by the discoverers in research papers on Meltdown and Spectre, as well as Google blog posts here and here. Understanding these sources, however, requires considerable expertise and effort.
For this reason, I have prepared a slide deck (animated PPTX or PDF) to give the general computer science audience the gist of these security flaws and their implications. My goal is to enable the audience to either stop there or have a framework to learn more. A non-goal is exploring many details of flaw exploitation and patch status, in part because I am a computer architect, not a security expert, and others know the details much better than me.
The slide deck first reviews Computer Architecture 1.0 (the version number is new) that specifies the timing-independent functional behavior of a computer and micro-architecture that is the set of implementation techniques that improve performance by more than 100x.
It then asks, “What if a computer that is completely correct by Architecture 1.0 can be made to leak protected information via timing, a.k.a., micro-architecture?” The answer is that this is exactly what is done by the Meltdown and Spectre design flaws. Meltdown leaks kernel memory, but software & hardware fixes exist. Spectre leaks memory outside of sandboxes and bounds check, and it is scary. An implication is that the definition of Architecture 1.0—the most important interface between software and hardware—is inadequate to protect information. It is time for experts from multiple viewpoints to come together to create Architecture 2.0.
About the Author: Mark Hill is a Professor of Computer Sciences at the University of Wisconsin and Vice Chair of the Computing Community Consortium
[Editor’s Note: This post is originally from the CCC blog and is re-posted here with permission.]
Disclaimer: These posts are written by individual contributors to share their thoughts on the Computer Architecture Today blog for the benefit of the community. Any views or opinions represented in this blog are personal, belong solely to the blog author and do not represent those of ACM SIGARCH or its parent organization, ACM.