You are currently viewing SemiWiki as a guest which gives you limited access to the site. To view blog comments and experience other SemiWiki features you must be a registered member. Registration is fast, simple, and absolutely free so please, join our community today!




Results 1 to 3 of 3

Thread: Security Goes Offence instead of Defence

  1. #1
    Expert
    Join Date
    Apr 2013
    Location
    East SF Bay Area
    Posts
    1,289
    Thumbs Up
    Received: 366
    Given: 324

    Security Goes Offence instead of Defence

    This security that takes system security from defense to offense could bring major changes to both software and hardware. Right now the economic scales make attacking a system far cheaper than defending one. This would tip the scales in favor of defense, making defense cheaper than offense, causing a radical change throughout the tech industry at all levels. Polyverse may be a game changer across both hardware and software. Any opinions and thoughts on this are solicited and appreciated. Could this be the radical change of fortunes needed to speed progress in the industry by removing a ever growing security problem?

    It works by constantly using binary scrambling of code making an attack strategy a single use event, driving up cost and difficulty immensely. Any other thoughts on security defense would also be appreciated. How might this also affect semi design?

    This is especially important with the massive security failure in Intel chips. I wonder if a version of this might be the best fix for the Intel security problem. It's time for better security than the failing patch work mess we have now, it's way beyond time for a more effective approach.

    With the new Meltdown and Spectre attacks that may even require new hardware to mitigate and the performance drop caused by new patches and the fact like old routers may never get an update this has become an even more serious issue for the semi industry. This is further degenerated now that class action lawsuits have been filed in several jurisdictions.

    The bottom line is it takes not just technical excellence to solve the security issues now and in the future, but great strategy and strategy is a totally different skill set than technical skills and rarely in the same person. This will have to be a team work effort.

    Polyverse | Cyber Resilience, Zero-Day & Moving Target Defense


    Meltdown and Spectre Vulnerability Fixes Have Started, But Don'''t Solve Everything | WIRED

    Addition, the story behind the current meltdown

    ‘It Can’t Be True.’ Inside the Semiconductor Industry’s Meltdown - Bloomberg

    1 Not allowed!
    Last edited by Arthur Hanson; 01-08-2018 at 05:49 AM. Reason: update
     

  2. #2
    Blogger Bernard Murphy's Avatar
    Join Date
    Aug 2015
    Location
    California Gold Country
    Posts
    1,086
    Thumbs Up
    Received: 301
    Given: 356
    Good find Arthur. Address Space Layout Randomization has been around for a while, usually static in what is practiced today. Dynamic randomization is likely to be more expensive (more overhead). I wrote about this a couple of years ago (https://www.semiwiki.com/forum/conte...ng-target.html). Like all good defenses, we probably need a spectrum of anti-invader barriers. Behavioral detection is a hot area right now, honeypots to trap attackers are another possibility.

    1 Not allowed!
     

  3. #3
    Expert
    Join Date
    Apr 2013
    Location
    East SF Bay Area
    Posts
    1,289
    Thumbs Up
    Received: 366
    Given: 324
    Update, this is already causing a hard look at other security companies by the financial/technical community that looks at this as maybe a major disruptor of the entire security community and companies. This is happening at a speed I haven't seen in years and I follow finance for a living.

    Scramble, Cycle, Repeat: Polyverse’s Fascinating Take on Computer Security - Barron's

    0 Not allowed!
     

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •