A New Doctrine for Hardware Security

Recent woes in hardware security are not only because of a lack of convincing technical solutions but also because market forces and incentives prevent those with the ability to fix problems from doing so. At the root of the problem is the fact that hardware security comes at a cost; Present issues in hardware security can be seen as the result of the players in the game of hardware security finding ways of avoiding paying this cost. We formulate this idea into a doctrine of security, namely the Doctrine of Shared Burdens and analyze three case studies---Rowhammer, Spectre, and Meltdown---through the lens of this doctrine.

Following this we discuss a novel approach to incentivize vendors to include security in their products. Our approach, called open mandates, mandates that all vendors must dedicate some amount of resources (e.g. system speed, energy, design cost, etc.) towards security. Unlike the current state-of-the-art, "checklist security", open mandates do not prescribe specific controls that must be implemented. The goal of open mandates is to provide flexibility to vendors in implementing security controls that they see fit while requiring all vendors to commit to a certain level of security.

We quantitatively demonstrate that such open mandates can lead to measurable improvements, and then describe how open Mandates can be enforced with a case study on hardware support for software security. We will describe our prototype system (The proto-COMMAND system) and demonstrate its deployability.