This presentation will describe the need to integrate approaches to the physical aspects of computer and network device security during design.
Even if steps are taken to make software attacks on a system impractical, it is possible to bypass these by attacking weaknesses in the physical implementation of systems. These attacks are much harder or even impossible to “patch” once systems are fielded, and include attacks on the physical implementation of memory (Row Hammer) and attacks on cryptographic systems using timing (cache timing attacks). Recently both of these have been demonstrated to be practical even without direct access to privileged instructions or native code; both have been accomplished from inside a browser’s Javascript “sandbox.” Dealing with these sort of attacks requires thinking about security at the physical device design stage.