Rethinking Architectures and Abstraction for a World Where Security Improvements Matter More than Performance Gains

Paul Kocher

Abstract: 

During the now-ended performance boom, microprocessor performance optimizations brought enormous economic benefits that vastly exceeded the costs of insecurity. As CPU improvements stalled out, security costs continued to scale exponentially. As a result, we are now at the beginning of a starkly different era characterized by staggering insecurity costs and modest performance gains.

This talk explores the technical and business implications of a world where security risk is the dominant issue, while performance merely needs to be good enough. Architectures will increasingly need to address messy real-world problems, such as side channels and fault attacks. Likewise, security models need to reflect realistic assumptions about the fallibility of the humans who architect, implement, test, and administer systems. Ultimately, changing constraints present a major challenge for previously-dominant companies while creating enormous opportunities for entrepreneurs.

Paul Kocher

Paul Kocher is an entrepreneur and researcher focused on cryptography and data security and is currently exploring independent research topics. Areas of interest include trade-offs between complexity/performance and security, as well as how computer systems could be architected to reduce the likelihood and severity of exploitable security vulnerabilities. One of the results of this work discovering a class of vulnerabilities (which I named Spectre) arising from the use of speculative execution in microprocessors.

Paul was elected to the National Academy of Engineering in 2009 for contributions to cryptography and Internet security. He's a member of the Forum on Cyber Resilience, which is a National Academies roundtable. He's also a member of the Cybersecurity Hall of Fame and is a frequent speaker on security topics.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

Presentation Audio

BibTeX
@conference {219973,
author = {Paul Kocher},
title = {Rethinking Architectures and Abstraction for a World Where Security Improvements Matter More than Performance Gains},
year = {2018},
address = {Baltimore, MD},
publisher = {{USENIX} Association},
}