Hector Martin

i mean, I used to do silicon-level circuit design and layout, and architecture design. both at separate points, mind you, but i know the problem pretty well. the issue is that simple hardware is slow hardware, and asking for a complete architecture redesign is no small thing.

Like, it's hard to overstate the benefit of modern architecture changes. pipeline improvements, specex, etc, have made hardware /drastically/ faster by reducing fundamental bottlenecks. It's a tall order to ask people to go back to that level of simplicity.

That being said, my "ideal" solution to architecture problems in general isn't to fix architecture problems, its to have a physically separate introspection processor. One which is cheap, simple, open source, and replacable, which runs a watchdog firmware that monitors the CPU.

It's the easiest way to fix these flaws: have a fundamentally separate SoC with a small attack surface in a purely management role, which is responsible for confirming main CPU's behavior is in line with expectations. Like ME, but external and auditable.

How would this work? If it has to monitor everything the main CPU does, it has to be as powerful as the main CPU. If it doesn't, then you could make the main CPU do evil things that it wouldn't catch.

It wouldn’t be to different from monitoring software currently used. The goal is detection of malicious activity, so if you can do classification and identification fast enough you don’t need to replicate the CPU.

I mean, we all know antivirus doesn't work. Reactive technologies are great and all, but how would you fundamentally distinguish malicious behavior from normal operation besides known signatures?

I am similarly lost as to the how, but I’m given the impression that it is already employed in some high security environments. I was once told in avionics systems the working assumption is an attacker is already inside, and may have rooted one of the computers onboard.