Architecture | SIGARCH

HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART IV)

by Simha Sethumadhavan on Jun 2, 2017 | Tags: Architecture, Hardware, Policy, Security

What should vendors do when they discover that a hardware 0-day has been used to exploit systems built on their product? Some vulnerabilities may permit vendors to patch the vulnerability using microcode updates. For instance, a mitigation for the row hammer DRAM...

HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART III)

by Simha Sethumadhavan on Jun 1, 2017 | Tags: Architecture, Hardware, Policy, Security

What should academics do if they come across a hardware 0-day attack? Obviously, disseminate. But before the vulnerability is made public, it is important to responsibly disclose the vulnerability to the vendor to give them a chance to fix it. If the vendor determines...

HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART II)

by Simha Sethumadhavan on May 31, 2017 | Tags: Architecture, Hardware, Policy, Security

What should governments do when they discover a hardware 0-day? In the US, as a matter of policy, any vulnerability that is deemed to affect critical infrastructure is disclosed to the vendors by the government [VEP]. The government can hide vulnerabilities (and...

HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART I)

by Simha Sethumadhavan on May 25, 2017 | Tags: Architecture, Hardware, Policy, Security

[Editor’s Note: This post is the first in a series of micro-blogs over four consecutive days.] 0-day security exploits are attacks that use vulnerabilities that are unknown to a vendor. They are referred to as 0-days because the vendor knows about them for zero...

Computer Architecture Today

HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART IV)

HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART III)

HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART II)

HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART I)

Contribute

Recent Blog Posts

Archives

Subscribe

Join Us