SCW_APRMAY18

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

BSpainter_vfx/Shutterstock.com

HIGH PERFORMANCE COMPUTING

silicon and software partners. Current advice to customers and users is that if they are concerned their systems are exposed, they should immediately engage with their OEM or solution provider to determine if they are vulnerable and then understand how to protect their systems. ‘It’s important to remember that the exploit only works if a specific type of malicious code is already running on a user’s device,’ said Cepulis. ‘Since Spectre can potentially be executed through JavaScript, the browser solution providers have put temporary mitigations in place that disables the share-array buffer in advance of their upcoming permanent patches.’ A full list of impacted Arm processors, including its Cortex model variants, is available on their website. With regard to other affected

companies, when contacted IBM did not want to comment, but it did point to its blog with updates on the latest security vulnerabilities. The blog states it does not publically disclose or confirm security risks to protect its customers. Security bulletins are released after its analyses are complete.

Anticipating flaws and future-proofing In January this year, a number of researchers, including Gruss, published a paper on arXiv.org: Spectre Attacks: Exploiting Speculative Execution. They argue that even though countermeasures have and are being implemented, there is currently no way to know whether a particular code construction is, or is not,

www.scientific-computing.com | @scwmagazine

“Our initial testing on mobile devices indicates that any performance impact from Meltdown will be less than one per cent for some use cases and non-existent in others”

safe across today’s processors – and future designs. For example, mitigations for Meltdown do not work against Spectre. ‘Long-term solutions will require that instruction set architectures be updated to include clear guidance about the security properties of the processor, and CPU implementations will need to be updated to conform,’ according to the researchers. The problem is that compilers, device

drivers, operating systems, processors and so on have all evolved multiple layers of complexity that introduce security risks. Future designs, in many cases, will need alternative implementations with security front-of-mind. Computational performance may take a back seat. According to Cepulis, future Arm

architectures, processor cores and designs will address these security exploits. Arm is already working together with Intel and AMD to release mitigations. Any successful partnership will require the exploration of different ideas and approaches for the industry to find better solutions. ‘However, in the case of Spectre, it’s important to understand that it’s not just

a hardware issue and [it] will require an ongoing discipline in the design of secure systems which needs to be addressed, through both software and hardware.’ What we will see could be similar to

the automobile industry’s evolution over the last 50 years, according to Gruss, as people become aware of a problem they finally decide to invest more in security. Undoubtedly, the more complicated the supply chains, the more vulnerable devices within that system are to hacking or information leaks, especially in today’s globalised networks. Gatekeepers are needed. One idea floating around is to implement the blockchain to create new transparent security features and a decentralised database of any transactions for manufacturing production lines, for example. ‘Most people amazed by blockchain

technology don’t understand that what they want is a database, not a blockchain,’ said Gruss. Almost everything about blockchain is a huge nonsense that just wastes huge amounts of energy for something that you also could have with a simple database.’ These problems are here for the long

term until the next generation of silicon processors hit the market. In the end, one of the original teams that found these security vulnerabilities says it best on their website: ‘As it is not easy to fix, it will haunt us for quite some time.’

Adrian Giordani is a freelance science writer who previously worked for CERN

April/May 2018 Scientific Computing World

15

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40