an academic example of security validation

By: hobold (, May 19, 2019 12:58 am
Room: Moderated Discussions
I was made aware that I have been wrong on two accounts:

1. The existence of people doing advanced security validation is not hypothetical, but actual.

2. The location of said people is not inside a company.

Here's the relevant paper "Processor Hardware Security Vulnerabilities and their Detection by Unique Program Execution Checking" (from Dec 2018):

Those researchers developed a formal and automated methodology to look for security vulnerabilities. To their surprise, they did find a vulnerability in a simple in-oder CPU.

(One note of caution: on your first quick skimming of the paper, you will think that it is pointless. As their detailed example, they present an existing RISC-V design into which they first have to insert an optimization, which in turn opens up the previously unknown vulnerability.

They do not name or even only mention the processor core which they originally investigated. Presumably they did not want to hand out a zero day exploit.)

Salient points are: it is quite possible to objectively determine the flow of secrets through a processor pipeline design, and this can be practically automated. If the processor simulation is complete enough (e.g. includes timing, if you want to check timing based side channels), the automated testing can even find explicit cases where secrets are leaking into observable architectural state. In other words, the tool can essentially produce specific exploits.

Lastly, I want to apologize that my attempts of arriving at relevant insights cause so much distress to some.
 Next Post in Thread >
TopicPosted ByDate
an academic example of security validationhobold2019/05/19 12:58 AM
  an academic example of security validationdmcq2019/05/19 04:33 PM
    an academic example of security validationhobold2019/05/22 09:30 AM
Reply to this Topic
Body: No Text
How do you spell purple?