by Gus Uht on Jan 31, 2019 | Tags: Opinion, Security
There are millions of viruses, etc., in the wild today. Countless new ones are devised by black-hat hackers all the time. In order to proactively defend against new exploits, some white-hatters seek out or create weaknesses or vulnerabilities and then devise fixes for them. However, in some cases, such as Spectre, fixes are not readily apparent, either to the inventor or the vendor of the target software or hardware. Regardless of the existence of a fix or not, the question arises as to what to publicize or disclose about the vulnerability. We argue that no public disclosure should be made at all, until and unless the exploit appears in the wild.
Read more...
by Chris Fletcher and Simha Sethumadhavan on Oct 4, 2018 | Tags: Architecture, Hardware, Security
This is the first post in a series of posts on different approaches to systems security especially as they apply to hardware and architectural security. In this post, we will consider the use of mathematics/cryptography as an approach to improving systems security....
Read more...
by Mark Silberstein on Sep 25, 2018 | Tags: Security
The security community will remember the year of 2018 as the year of speculative execution attacks. Meltdown and Spectre, the recent Foreshadow (L1TF in Intel’s terminology), and their variants demonstrate how the immense processor design complexity, perpetual...
Read more...
by Tilman Wolf on Aug 20, 2018 | Tags: Architecture, Security
Using hardware that does not provide software and data interoperability could address security problems.
Read more...
by Mark Silberstein, Oleksii Oleksenko, Christof Fetzer on Jul 2, 2018 | Tags: Security, software, speculative execution
Spectre and Meltdown opened the Pandora box of a new class of speculative execution attacks that defeat standard memory protection mechanisms. These attacks are not theoretical, they pose a real and immediate security threat, and have been reportedly exploited by...
Read more...
