Why Composite Evaluations Fail (A13a)
The topic of this presentation is the current approach for composite evaluations (where a hardware platform is evaluated separately from the software running on the hardware) and its failure to address some types of vulnerabilities in processors. The presentation shows that those problems are not new but have been widely neglected so far in the evaluation process. The presentation will present examples of vulnerabilities that have been identified in the past (one of them even in 1979) and why they are hard to address as part of hardware evaluations. The presentation will present an outlook on problems similar to Meltdown and Spectre that we should expect to see in the near future. Finally the presentation will present an architectural approach for hardware that could drastically reduce the likelihood of exploiting such vulnerabilities in real world systems.