Security from the ground up

Security Flaws in Out-of-Order Processing

Meltdown and Spectre

Processor design switched from in-order processing to out-of-order processing in the late 1990s with the market demand of performance increases. However, it was discovered that out-of-order processing allows Meltdown and Spectre attacks due to its use of speculative branching, speculative caching and cache dumping.

  • The processor must guess how to execute data to each branch while potentially unaware of dependencies.

    Speculative Branching

    Goes to Cache Dump

  • Speculative execution data is cached until the actual instructions are available.

    Speculative Caching

    Goes to Cache Dump

  • The cache is always dumped so developers can view the contents to debug the hardware and software.

    Cache Dumping

    Hacker Extracts Data

“The computer industry is scrambling…to patch a massive security vulnerability that’s present in the processors used on almost all the computers in the world” (Rosoff,, 2018). Software patching of those vulnerabilities has quickly eroded any performance gains.

Meltdown and Spectre Variants

Whenever an operating system kernel goes into panic mode, it allows access to all the data in the cache. Several variants of the Meltdown and Spectre vulnerabilities exploiting this data have been identified. With these variants, any hacker could use side-channel analysis to gain unauthorized access to potentially sensitive data.

and more...

Axiado's Firewall Processor Architecture

Fast and Secure In-Order Processing

Axiado's firewall processor architecture delivers superior performance by executing many functions directly in hardware rather than software. Simpler in-order processing offers at least five times the performance of current processors, while eliminating known vulnerabilities like Meltdown and Spectre, and blocking future attacks At the 1st Point of IntrusionTM.

Axiado's firewall processor architecture eliminates attack surfaces in hardware, firmware, operating system and application layers: contention, malware penetration, unauthenticated root privileges, unencrypted data, timing vulnerabilities and hundreds of other factors are not allowed.

contact us