New Concepts Required For Security Verification

Verification for security requires new practices in both the development and verification flows, but tools and methodologies to enable this are rudimentary today. Flows are becoming more complex, especially when they span multiple development groups. Security is special in that it is pervasive throughout the development process, requiring both positive and negative verification. Positive ver... » read more

Capabilities In CAP, CHERI, And Morello

At the recent Arm DevSummit, one of the presentations mentioned CHERI and the Arm Morello board in passing. This was in the context of using capabilities (perhaps) in some future Arm processors to increase the amount of memory safety, and to protect against vulnerabilities like Spectre and Meltdown. I'd never heard of either, so I was intrigued and decided to look into the details. But the f... » read more

A Trillion Security Risks

An explosion in IoT devices has significantly raised the security threat level for hardware and software, and it shows no sign of abating anytime soon. Sometime over the next decade the number of connected devices is expected to hit the 1 trillion mark. Expecting all of them to be secure is impossible, particularly as the attack surface widens and the attack vectors become more sophisticated... » read more