Computing Community Consortium Blog

The goal of the Computing Community Consortium (CCC) is to catalyze the computing research community to debate longer range, more audacious research challenges; to build consensus around research visions; to evolve the most promising visions toward clearly defined initiatives; and to work with the funding organizations to move challenges and visions toward funding initiatives. The purpose of this blog is to provide a more immediate, online mechanism for dissemination of visioning concepts and community discussion/debate about them.


A Primer on the Meltdown & Spectre Hardware Security Design Flaws and their Important Implications

February 13th, 2018 / in CCC, research horizons, Research News / by Helen Wright

The following blog was written by CCC Vice Chair Mark D. Hill from the University of Wisconsin-Madison.

As previously reported in the Computing Community Consortium (CCC) Blog, two major hardware security design flaws—dubbed Meltdown and Spectre—were broadly revealed to the public in early January 2018. These flaws are described in detail by the discoverers in research papers on Meltdown and Spectre, as well as Google blog posts here and here. Understanding these sources, however, requires considerable expertise and effort.

For this reason, I have prepared a slide deck (animated PPTX or PDF) to give the general computer science audience the gist of these security flaws and their implications. My goal is to enable the audience to either stop there or have a framework to learn more. A non-goal is exploring many details of flaw exploitation and patch status, in part because I am a computer architect, not a security expert, and others know the details much better than me.

The slide deck first reviews Computer Architecture 1.0 (the version number is new) that specifies the timing-independent functional behavior of a computer and micro-architecture that is the set of implementation techniques that improve performance by more than 100x.

It then asks, “What if a computer that is completely correct by Architecture 1.0 can be made to leak protected information via timing, a.k.a., micro-architecture?” The answer is that this is exactly what is done by the Meltdown and Spectre design flaws. Meltdown leaks kernel memory, but software & hardware fixes exist. Spectre leaks memory outside of sandboxes and bounds check, and it is scary. An implication is that the definition of Architecture 1.0—the most important interface between software and hardware—is inadequate to protect information. It is time for experts from multiple viewpoints to come together to create Architecture 2.0.

A Primer on the Meltdown & Spectre Hardware Security Design Flaws and their Important Implications