Rethinking Architectures and Abstraction for a World Where Security Improvements Matter More than Performance Gains presented at 27thUsenixSecuritySymposium 2018

by Paul Kocher,


Summary : During the now-ended performance boom, microprocessor performance optimizations brought enormous economic benefits that vastly exceeded the costs of insecurity. As CPU improvements stalled out, security costs continued to scale exponentially. As a result, we are now at the beginning of a starkly different era characterized by staggering insecurity costs and modest performance gains.This talk explores the technical and business implications of a world where security risk is the dominant issue, while performance merely needs to be good enough. Architectures will increasingly need to address messy real-world problems, such as side channels and fault attacks. Likewise, security models need to reflect realistic assumptions about the fallibility of the humans who architect, implement, test, and administer systems. Ultimately, changing constraints present a major challenge for previously-dominant companies while creating enormous opportunities for entrepreneurs.