Battling Persistent Hacks At The Flash Level


Hardware vendors are beginning to close up security vulnerabilities across a broader range of technology than in the past, a sign that they are taking potential hardware breaches much more seriously. Awareness of security flaws has been growing since the introduction of Meltdown, Spectre and Foreshadow, and more recently, the Cable Haunt attack. The general conclusion among chipmakers is tha... » read more

Hardware Attack Surface Widening


An expanding attack surface in hardware, coupled with increasing complexity inside and outside of chips, is making it far more difficult to secure systems against a variety of new and existing types of attacks. Security experts have been warning about the growing threat for some time, but it is being made worse by the need to gather data from more places and to process it with AI/ML/DL. So e... » read more

A Glossary For Chip And Semiconductor IP Security And Trust


A significant portion of electronic system vulnerabilities involves hardware. In 2015 the Common Vulnerabilities and Exposures (CVE-MITRE) database recorded 6,488 vulnerabilities. A considerable proportion (43%) can be classified as software-assisted hardware vulnerabilities (see Fig. 1). The discovery of Meltdown and Spectre in January 2018 has sparked a series of investigations into hardware ... » read more

New Approaches For Hardware Security


Semiconductor Engineering sat down to discuss a wide range of hardware security issues and possible solutions with Norman Chang, chief technologist for the Semiconductor Business Unit at ANSYS; Helena Handschuh, fellow at Rambus, and Mike Borza, principal security technologist at Synopsys. What follows are excerpts of that conversation. (L-R) Norman Chang, Helena Handschuh, Mike Borza. Pho... » read more

Protecting Computing Systems in a Post-Meltdown/ Spectre World


When Jann Horn of Google’s Project Zero posted a detailed blog titled “Reading privileged memory with a side-channel,” it set off a firestorm of activity as the post confirmed that secret information inside a computer could be accessed via two different attacks, Meltdown and Spectre. Essentially, both attacks utilize CPU data cache timing to efficiently exploit and leak informatio... » read more

Understanding The Importance Of Silicon Security


Vulnerabilities like Meltdown, Spectre and Foreshadow are understandably considered quite serious by the semiconductor industry. This is because they can be exploited by a determined attacker to access sensitive data that should be securely locked down but isn’t. We can think about a cloud-based server running multiple applications that process and store sensitive data. Vulnerabilities lik... » read more

Holes In AI Security


Mike Borza, principal security technologist in Synopsys’ Solutions Group, explains why security is lacking in AI, why AI is especially susceptible to Trojans, and why small changes in training data can have big impacts on many devices. » read more

Meltdown, Spectre And Foreshadow


Ben Levine, senior director of product management for Rambus’ Security Division, talks with Semiconductor Engineering about hardware-specific attacks, why they are so dangerous, and how they work. » read more

Power/Performance Bits: May 21


More speculative vulnerabilities Security researchers at the Graz University of Technology, KU Leuven, Cyberus Technology, and Worcester Polytechnic Institute point to two new speculative execution vulnerabilities related to Meltdown and Spectre. The first, which they dubbed ZombieLoad, uses a similar approach to Meltdown. After preparing tasks in parallel, the processor needs to discard th... » read more

Can The Hardware Supply Chain Remain Secure?


Malware in computers has been a reality since the 1990s, but lately the focus has shifted to hardware. So far, the semiconductor industry has been lucky because well-publicized threats were either limited or unproven. But sooner or later, luck runs out. Last year saw two significant incidents that shook people’s faith in the integrity of hardware security. The first was the Meltdown/Spectr... » read more

← Older posts