Computer Architecture Today

Informing the broad computing community about current activities, advances and future directions in computer architecture.
Two high impact microarchitectural timing attacks were disclosed yesterday. (https://nyti.ms/2EOX03d).
10000 ft overview: This is a very intricate attack but the root cause is unflushed speculative state from the cache resulting in a timing variations.
Apparently the issue is impacting the stock prices (https://reut.rs/2lYGFRR);
Questions to ponder as the community considers the implications:
– Is this enough for processor vendors to consider microarchitectural timing attacks in their threat model?
– This has been the year of hardware 0-day attacks: does it mean that our investment in software security, and hardware support for software security paying off, and that attackers have to work harder? Or  is it simply because we now know how to exploit microarchitectural timing attacks remotely through browsers and javascript bringing more access? (e.g., http://bit.ly/2lX3BAL)
– How are companies going to handle hardware 0-days? More frequent microcode patching? disabling/fuzzing timing sources to frustrate attackers? AV signatures for spy code? compiler fixes?
More here from last year on this topic:

HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART I) 

HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART II)

HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART III)

HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART IV)

Offensive Security Research in Computer Architecture Conferences

About the Author: Simha Sethumadhavan is an associate professor in the Computer Science Department at Columbia University. His research interests are in computer architecture and computer security. He is @thesimha on twitter.