Siloing security: A response to Meltdown and Spectre

This entry was posted on Thursday, January 4th, 2018.

Earlier this week, Jann Horn of Google’s Project Zero published a detailed blog post titled “Reading privileged memory with a side-channel.” The post confirmed that CPU data cache timing can be exploited to efficiently leak information out of mis-speculated execution. This could lead to – at worst – arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.

Put simply, the above-mentioned security issue could allow cyber criminals to steal the entire memory contents of computers, including mobile devices, personal computers and servers running in cloud computer networks. Categorized as two distinct security flaws, Meltdown and Spectre were independently disclosed by a number of security experts, including senior Rambus technology advisor Paul Kocher and senior Rambus security engineer Mike Hamburg.

Both flaws are expected to pose significant challenges for the semiconductor industry, as Spectre may require companies to redesign their processors, while the current Meltdown patch could slow processing by as much as 30 percent under certain workloads.

According to Kocher, the Spectre threat is going to negatively affect the industry for decades.

“Whereas Meltdown is an urgent crisis, Spectre affects virtually all fast microprocessors. We’ve really screwed up,” Kocher told the New York Times. “There’s been this desire from the industry to be as fast as possible and secure at the same time. Spectre shows that you cannot have both.”

A fix, says Kocher, may not be available for Spectre until a new generation of chips hit the market.

“This will be a festering problem over hardware life cycles. It’s not going to change tomorrow or the day after. It’s going to take a while.”

Senior Rambus security engineer Mike Hamburg expressed similar sentiments.

“Despite affecting system performance in certain cases, Meltdown is a vulnerability that should be patched immediately,” Hamburg told Rambus Press. “However, beyond short-term solutions such as patching, the semiconductor industry should seriously consider designing chips that run sensitive cryptographic functions in a physically separate secure core, siloed away from the CPU. This design approach will go a long way in helping to prevent vulnerabilities that can be exploited by Meltdown and Spectre.”

With Spectre affecting virtually all fast microprocessors, Hamburg also emphasized that the semiconductor industry should work together to formulate a new set of best practices for more securely designing ICs.

Indeed, it should be noted that the U.S. Department of Homeland Security (DHS) recently recommended the use of hardware in devices that incorporates security features to strengthen the protection and integrity of the product. More specifically, the DHS highlights the use of computer chips that integrate security at the transistor level, embedded in the processor, to provide encryption and anonymity. In addition, the DHS recommends designing silicon with system and operational disruption in mind, which would allow devices to fail safely and securely, in an attempt to prevent greater systemic disruption.

From our perspective, securing processors should start at the core. Embracing a hardware-first strategy and implementing the necessary functionality on the SoC level is a key element of fully securing devices and platforms across multiple verticals. As Meltdown and Spectre illustrate, the importance of adopting a hardware-based approach at the most basic core level cannot be overemphasized. Aside from ensuring fundamental chip security during manufacturing, embedding a separate security IP core into a SoC can help manufacturers design devices, platforms and systems that remain secure throughout their respective lifecycles.