A New Doctrine for Hardware Security
This work identifies a systemic problem in hardware security for industry and researchers, offering a conceptual framework rather than incremental technical improvements.
The paper argues that hardware security issues stem from market incentives that discourage implementing solutions, rather than technical limitations, and proposes the Doctrine of Shared Burdens to analyze and address problems like Rowhammer, Spectre, and Meltdown.
In this paper, we promote the idea that recent woes in hardware security are not because of a lack of technical solutions but rather because market forces and incentives prevent those with the ability to fix problems from doing so. At the root of the problem is the fact that hardware security comes at a cost; Present issues in hardware security can be seen as the result of the players in the game of hardware security finding ways of avoiding paying this cost. We formulate this idea into a doctrine of security, namely the Doctrine of Shared Burdens. Three cases studies---Rowhammer, Spectre, and Meltdown---are interpreted though the lens of this doctrine. Our doctrine illuminates why these problems and exist and what can be done about them.