Protecting Computing Systems in a Post-Meltdown/ Spectre World


When Jann Horn of Google’s Project Zero posted a detailed blog titled “Reading privileged memory with a side-channel,” it set off a firestorm of activity as the post confirmed that secret information inside a computer could be accessed via two different attacks, Meltdown and Spectre. Essentially, both attacks utilize CPU data cache timing to efficiently exploit and leak informatio... » read more

Understanding The Importance Of Silicon Security


Vulnerabilities like Meltdown, Spectre and Foreshadow are understandably considered quite serious by the semiconductor industry. This is because they can be exploited by a determined attacker to access sensitive data that should be securely locked down but isn’t. We can think about a cloud-based server running multiple applications that process and store sensitive data. Vulnerabilities lik... » read more

Holes In AI Security


Mike Borza, principal security technologist in Synopsys’ Solutions Group, explains why security is lacking in AI, why AI is especially susceptible to Trojans, and why small changes in training data can have big impacts on many devices. » read more

Meltdown, Spectre And Foreshadow


Ben Levine, senior director of product management for Rambus’ Security Division, talks with Semiconductor Engineering about hardware-specific attacks, why they are so dangerous, and how they work. » read more

Power/Performance Bits: May 21


More speculative vulnerabilities Security researchers at the Graz University of Technology, KU Leuven, Cyberus Technology, and Worcester Polytechnic Institute point to two new speculative execution vulnerabilities related to Meltdown and Spectre. The first, which they dubbed ZombieLoad, uses a similar approach to Meltdown. After preparing tasks in parallel, the processor needs to discard th... » read more

Can The Hardware Supply Chain Remain Secure?


Malware in computers has been a reality since the 1990s, but lately the focus has shifted to hardware. So far, the semiconductor industry has been lucky because well-publicized threats were either limited or unproven. But sooner or later, luck runs out. Last year saw two significant incidents that shook people’s faith in the integrity of hardware security. The first was the Meltdown/Spectr... » read more

New Approaches To Security


Different approaches are emerging to identify suspicious behavior and shut down potential breaches before they have a chance to do serious damage. This is becoming particularly important in markets where safety is an issue, and in AI and edge devices where the rapid movement of data is essential. These methods are a significant departure from the traditional way of securing devices through l... » read more

Don’t Have A Meltdown Over A Spectre In Your SoC


You may be concerned about last year’s widely published Spectre and Meltdown vulnerabilities affecting most processors. Are your phone and computer OK? Or more importantly, if you are designing or verifying a System on Chip (SoC), do you have a specter in your design? Let’s first look at what these two vulnerabilities are and how they may be affecting your system. Both vulnerabilitie... » read more

Meltdown And Spectre, One Year Later


About this time last year, reports surfaced about security attacks on today’s most popular microprocessors (μPs). Researchers called them Meltdown, Spectre gaining widespread attention. Today, however, the industry and especially μP vendors have made some progress toward stemming these vulnerabilities. Here is my analysis as we enter into 2019. When it comes to these vulnerabilities, we ... » read more

Open-Source RISC-V Hardware And Security


Semiconductor Engineering sat down with Helena Handschuh, a Rambus fellow; Richard Newell, senior principal product architect at Microsemi, a Microchip Company; and Joseph Kiniry, principal scientist at Galois. What follows are excerpts of that conversation. (L-R) Joseph Kiniry, Helena Handschuh and Richard Newell. SE: Is open-source hardware more secure, or does it just open up vulnera... » read more

← Older posts