>
curriculum/Computer Architecture and Organization
section 10 of 133 min read

10. Hardware Security Implications: A Roadmap

Computer architecture and hardware security are inseparable. Every clever optimization is a potential leak. A short tour to motivate Chapter 24:

10.1 Speculative execution attacks

  • Spectre v1 (bounds-check bypass). Mistrain the branch predictor to skip a bounds check; speculatively access out-of-bounds memory; leak via cache.
  • Spectre v2 (branch target injection). Poison the BTB to redirect speculation in a victim domain.
  • Meltdown. Exploit user-mode speculative reads of kernel memory (pre-Cascade Lake Intel only).
  • MDS (Microarchitectural Data Sampling). Leak from internal CPU buffers (line-fill buffers, store buffers, load ports).
  • L1TF. Leak from L1 cache via faulting loads.
  • Retbleed, BHI, etc. Continued variants discovered through 2022-2024.

10.2 Cache side channels

Even without speculation, cache occupancy reveals what the victim accessed.

  • Flush+Reload. Flush a shared cache line (CLFLUSH on x86), wait, time the reload. Fast = victim accessed; slow = victim did not.
  • Prime+Probe. Fill a cache set with attacker data; wait; reaccess the attacker's data. Slow accesses indicate victim evicted them, hence accessed the same set.
  • Evict+Reload. Like Flush+Reload but using normal memory operations.

10.3 DRAM attacks

  • Rowhammer. Repeatedly accessing one DRAM row leaks charge into adjacent rows, flipping bits. A user-space program can flip bits in kernel memory. Mitigations: ECC (helps but not enough), refresh rate, target row refresh, and on-DIMM countermeasures.
  • Cold boot. DRAM retains data for seconds after power loss. Reboot into attacker OS; read keys from RAM.
  • Bus snooping. A logic analyzer on DDR signals can read all data in motion.

10.4 Bus and DMA attacks

  • PCIe DMA. A malicious card reads all of memory.
  • Thunderbolt DMA. Hot-pluggable PCIe; same attack from outside the case. Mitigations: IOMMU, DMAR.

10.5 Microcode and firmware

Microcode patches the CPU itself. Sign-verification of microcode is critical. Researchers have demonstrated decryption of microcode signing keys on some older AMD chips. The supply chain matters: who controls the keys controls the silicon.

10.6 Side channels: power and EM

The instantaneous power draw of a chip leaks information about what it computes (different bits of a key cause different transistor switching). Differential Power Analysis has broken AES on countless smartcards. Electromagnetic emanations leak too (TEMPEST). Mitigations: balanced logic, masking, dual-rail, careful PCB layout. We cover this in Chapters 22 and 24.

Every defense costs performance. Architecture is now a constant negotiation between speed and security.