October 25th, 2019 – By: Sergio Marchese
Security used to be about system and software. As threats evolve, hardware engineers also have to familiarise themselves with the security vocabulary.
A significant portion of electronic system vulnerabilities involves hardware. In 2015 the Common Vulnerabilities and Exposures (CVE-MITRE) database recorded 6,488 vulnerabilities. A considerable proportion (43%) can be classified as software-assisted hardware vulnerabilities (see Fig. 1). The discovery of Meltdown and Spectre in January 2018 has sparked a series of investigations into hardware security, particularly processors. Researchers have already exposed numerous other vulnerabilities, including Foreshadow, ZombieLoad, and RIDL and Fallout. Computer scientists at Stanford and Kaiserslautern (Germany) have also unveiled a new type of attack, dubbed the Orc attack, which threatens simple processors commonly used in embedded applications. These hardware flaws affect the security of personal computers, smartphones, and even the cloud.