Meltdown and Spectre

Introduction

In my AI blog series, I have discussed the power of inductive logic and its weakness – a vulnerability to Black Swans. There are many possible realities which fit with known facts, only some of which are desirable – or anticipated.

And so it is with the recently announced CPU security bugs, known as Meltdown and Spectre. Discovered in Intel CPUs after ten years, almost all installed CPUs are flawed.

Complexity is the enemy of security

Complex CPUs have had bugs for years. These are fixed in later revisions, usually without fuss. The Pentium Floating Point Divide bug, which received a lot of attention at the time, is typical: the CPU didn’t do what it was supposed to.

Meltdown and Spectre are different – the CPUs are doing exactly what people designed them to do. They just didn’t realise the capabilities of the design.

By allowing introspection, modern CPUs have opened a door for software to work out what the CPU it is running on is up to, even when running other software in supposedly secure areas of the same chip.

Significantly, all major chip designers have introduced the same types of critical security flaws. They didn’t understand the novel ways the instructions could be used. Using groupthink, they followed each other.

We think more sceptically at Forbidden.

The Blackbird Cloud

Forbidden’s cloud editing platform, running its suite of Blackbird tools, has significant protection from this latest range of CPU bugs.

The platform runs on Forbidden’s own hardware, dedicated to running our video platform. Unlike public clouds, members of the public cannot hire Blackbird computer resources to run spyware on each other – or on us.

By restricting the complexity of our environment, we have limited the range of possible vulnerabilities, making it easier to keep secure.

It is encouraging Microsoft’s Azure and Amazon’s AWS have responded so quickly with patches, and advice to users – we have prototypes for running our cloud in both. Their rapid response seems to have prevented any actual attacks.

In security, it is worth following Andy Grove, Intel founder and former CEO, when he wrote: “Only the paranoid Survive”.

Stephen B Streater
Founder and Director of R&D

Share on Facebook0Share on LinkedIn0Tweet about this on TwitterShare on Google+0

One comment:

Leave a comment

Your email address will not be published.