Meltdown and Spectre: Security is a Systems Property

I don’t (and probably won’t) have anything substantive to say about the technical details of the just-announced Meltdown and Spectre attacks. (For full technical details, go here; for an intermediate-level description, go here.) What I do want to stress is that these show, yet again, that security is a systems property: being secure requires that every component, including ones you’ve never heard of, be secure. These attacks depend on hardware features such as “speculative execution” (someone I know said that that sounded like something Stalin did), “cache timing”, and the “translation lookaside buffer” — and no, many computer programmers don’t know what those are, either. Furthermore, the interactions between components need to be secure, too.

Read full news article on CircleID

 


Date:

Categorie(s):