This article is published in the March 2018 issue.

A Primer on the Meltdown & Spectre Hardware Security Design Flaws and their Important Implications

As previously reported in the Computing Community Consortium (CCC) Blog, two major hardware security design flaws—dubbed Meltdown and Spectre—were broadly revealed to the public in early January 2018. These flaws are described in detail by the discoverers in research papers on Meltdown and Spectre, as well as Google blog posts here and here. Understanding these sources, however, requires considerable expertise and effort.

For this reason, I have prepared a slide deck (animated PPTX or PDF) to give the general computer science audience the gist of these security flaws and their implications. My goal is to enable the audience to either stop there or have a framework to learn more. A non-goal is exploring many details of flaw exploitation and patch status, in part because I am a computer architect, not a security expert, and others know the details much better than me.

The slide deck first reviews Computer Architecture 1.0 (the version number is new) that specifies the timing-independent functional behavior of a computer and micro-architecture that is the set of implementation techniques that improve performance by more than 100x.

It then asks, “What if a computer that is completely correct by Architecture 1.0 can be made to leak protected information via timing, a.k.a., micro-architecture?” The answer is that this is exactly what is done by the Meltdown and Spectre design flaws. Meltdown leaks kernel memory, but software & hardware fixes exist. Spectre leaks memory outside of sandboxes and bounds check, and it is scary. An implication is that the definition of Architecture 1.0—the most important interface between software and hardware—is inadequate to protect information. It is time for experts from multiple viewpoints to come together to create Architecture 2.0.