In many ways, the Meltdown Spectre computer vulnerabilities disclosure on January 2, 2018, was unprecedented. Even experts were shock and scare by it.
These vulnerabilities can bypass security measures on the computer, and they affect billions of devices from mobile phones to large cloud servers.
Unfortunately, we have become accustomed to computer systems being attack for their inherent flaws due to vast conceptual complexity. Computer systems are among the most complex objects humans have ever create, and our ability to manage them has been greatly surpass.
A new Type Of Vulnerability Spectre
Meltdown, Spectre and other vulnerabilities are qualitatively different. They are also effective on a broad range of computers and operating systems from other vendors. The vulnerabilities not hidden for more than a decade. It is shocking to realize that Meltdown or Spectre don’t exploit flaws within the computer software or hardware.
These attacks, Intel stated in a press release. Collect sensitive data from computers that are working as intended. Combining seemingly unrelated design elements that are thought to be well-understood is what allows for the ingenuity behind these attacks something we teach our undergraduate computer science students. The vulnerability lies not in the individual features but in their complex interaction.
Computer systems can be insecure due to ill-conceived designs, not mistakes in implementation. We, computer system experts, need to ask ourselves how this could happen and how we can prevent it from happening again.
Since a long time, we know that the wait for it to happen method also known as patch & pray doesn’t work for common implementation flaws as evidenced by the proliferation exploits. This approach is even less effective in situations that are not secure by design.
Automated Design Evaluation Spectre
Humans are not able to comprehend the complexity of computer systems, and how they interact with each other. This is the fundamental problem. This is not likely to change.
Complex problems are what machines are becoming more adept at solving. The only solution is the automated evaluation and validation of designs. This will allow for mathematical proof that a design behaves in a secure manner under any circumstances, including by not leaking confidential data.
This means that a design cannot be considered unsecure unless it is supported mathematically. This is not an easy task by any definition. It will take more effort across many areas in computer science and engineering to make it a reality. We must start somewhere and we must start now.
Even if we do not achieve our goal of stringent end-to-end proof, we will still reap the benefits of such a program. Partially proving properties that are less important or establishing properties in a more rigorous manner will result in significant improvements.
An incomplete evaluation, for example, may be more possible than a full one and result in a probabilistic result such as a significantly reduced likelihood of exploits.
Rewriting The Hardware-Software Agreement
It is time to take the first step, which is necessary and long overdue: a new, improved hardware-software agreement. Computer systems combine hardware and software. Software development is often done by different people and companies. This is due to the vastly different skills required and the experience required.
Both sides must agree on an interface called instruction-set architecture (ISA) to make development possible. This is the contract between software functionality and hardware.
The Meltdown and Spectre attacks clearly show that the ISA is not sufficiently secure or safe. It doesn’t provide any way to distinguish the progress of a computation’s execution from other system activities.