Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 1 April, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Siloing security: A response to Meltdown and Spectre

by The Gurus
January 5, 2018
in Editor's News
Share on FacebookShare on Twitter

Earlier this week, Jann Horn of Google’s Project Zero published a detailed blog post titled “Reading privileged memory with a side-channel.” The post confirmed that CPU data cache timing can be exploited to efficiently leak information out of mis-speculated execution. This could lead to – at worst – arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.

 

Put simply, the above-mentioned security issue could allow cyber criminals to steal the entire memory contents of computers, including mobile devices, personal computers and servers running in cloud computer networks. Categorized as two distinct security flaws, Meltdown and Spectre were previously disclosed by a number of security experts, including senior Rambus technology advisor Paul Kocher and senior Rambus security engineer Mike Hamburg.

 

Both flaws are expected to pose significant challenges for the semiconductor industry, as Spectre may require companies to redesign their processors, while the current Meltdown patch could slow processing by as much as 30 percent under certain workloads.

 

According to Kocher, the Spectre threat is going to negatively affect the industry for decades.

 

“Whereas Meltdown is an urgent crisis, Spectre affects virtually all fast microprocessors. We’ve really screwed up,” Kocher told the New York Times. “There’s been this desire from the industry to be as fast as possible and secure at the same time. Spectre shows that you cannot have both.”

 

A fix, says Kocher, may not be available for Spectre until a new generation of chips hit the market.

 

“This will be a festering problem over hardware life cycles. It’s not going to change tomorrow or the day after. It’s going to take a while.”

 

Senior Rambus security engineer Mike Hamburg expressed similar sentiments.

 

“Despite affecting system performance in certain cases, Meltdown is a vulnerability that should be patched immediately,” Hamburg told Rambus Press. “However, beyond short-term solutions such as patching, the semiconductor industry should seriously consider designing chips that run sensitive cryptographic functions in a physically separate secure core, siloed away from the CPU. This design approach will go a long way in helping to prevent vulnerabilities that can be exploited by Meltdown and Spectre.”

 

With Spectre affecting virtually all fast microprocessors, Hamburg also emphasized that the semiconductor industry should work together to formulate a new set of best practices for more securely designing ICs.

 

Indeed, it should be noted that the U.S. Department of Homeland Security (DHS) recently recommended the use of hardware in devices that incorporates security features to strengthen the protection and integrity of the product. More specifically, the DHS highlights the use of computer chips that integrate security at the transistor level, embedded in the processor, to provide encryption and anonymity. In addition, the DHS recommends designing silicon with system and operational disruption in mind, which would allow devices to fail safely and securely, in an attempt to prevent greater systemic disruption.

 

From our perspective, securing processors should start at the core. Embracing a hardware-first strategy and implementing the necessary functionality on the SoC level is a key element of fully securing devices and platforms across multiple verticals. As Meltdown and Spectre illustrate, the importance of adopting a hardware-based approach at the most basic core level cannot be overemphasized. Aside from ensuring fundamental chip security during manufacturing, embedding a separate security IP core into a SoC can help manufacturers design devices, platforms and systems that remain secure throughout their respective lifecycles.

FacebookTweetLinkedIn
Tags: CybersecurityTechnology
ShareTweetShare
Previous Post

Major Intel Chip Flaws Discovered

Next Post

Blockchain, virtualization and the rise of AI

Recent News

Data Privacy Day: Securing your data with a password manager

For Cybersecurity, the Tricks Come More Than Once a Year

March 31, 2023
cybersecurity training

Only 10% of workers remember all their cyber security training

March 30, 2023
Pie Chart, Purple

New API Report Shows 400% Increase in Attackers

March 29, 2023
Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis

March 29, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information