laarcnew | comments | discord | tags | ask | show | place | submitlogin
Google Says Spectre And Meltdown Are Too Difficult To Fix (
6 points by akkartik to news tech security 777 days ago | 2 comments

2 points by davidk01 777 days ago

We wanted performance and we got it. In exchange we gave up security.


It was a mix of social, business, and performance factors as I described in my rant:

I'll admit I was pretty pissed at that point. Security people had been ignoring pioneering work, high-assurance security, covert channels, VAX VMM... about anything we gave them. Obviously, there were some exceptions. Most ignored it or even claimed it didn't happen. Keep reinventing old stuff or getting those that trusted them hit by preventable stuff. If they'd knock it off, we'd get so far so fast in ways I've seen or could never anticipate (i.e. innovative folks).

Threw together quick examples of high-assurance hardware or at least ways to detect these problems in open designs here:

In one, may or may not be in that list, non-interference (separation) was proved down to the gates. We can definitely do it with some designs. Whether we can use these crazy tricks CPU designers use for highest performance along with timing channel mitigation is an open question that might have no answer. Several works I saw just used a dedicated core (or cores) for that stuff which mitigated timing channels with acceptable, performance hit. Most work that didn't use secrets or with that less a problem used high-speed cores. Seems like decent compromise given we're already squeezing in cores. Make them deterministic to resell them for real-time markets. High-assurance security already does that in software (eg INTEGRITY-178B) selling as RTOS's to safety-critical markets and/or secure TCB's to defense/commercial sectors.


Welcome | Guidelines | Bookmarklet | Feature Requests | Source | Contact | Twitter | Lists

RSS (stories) | RSS (comments)