When Engineers think like Mathematicians, and act like Scientists   5 comments

You get discoveries like this one, that Ben (Hammer) sent to me over the weekend:

From the IEEE article:

1 May 2008—Anyone familiar with electronics knows the trinity of fundamental components: the resistor, the capacitor, and the inductor. In 1971, a University of California, Berkeley, engineer predicted that there should be a fourth element: a memory resistor, or memristor. But no one knew how to build one. Now, 37 years later, electronics have finally gotten small enough to reveal the secrets of that fourth element. The memristor, Hewlett-Packard researchers revealed today in the journal Nature, had been hiding in plain sight all along—within the electrical characteristics of certain nanoscale devices.

The original Nature article is here.

From the Nature article, here’s the “Gee, Pat, why the hell do I care about this?” quote:

They should be crucial in developing ‘non-volatile’ memory — the type that doesn’t decay when the power is switched off. Most computers use ‘volatile memory’ to perform their running functions, because this offers faster access to data than the non-volatile memory used to store data on hard disks and flash devices such as iPods. Building computers with memristors might allow a full switch to non-volatile memory, doing away with power-sapping ‘running memory’ and allowing devices to consume far less power when operating.

Of course, Hammer worried that I was going to put a security spin on it (and of course I am); having your computer remember its state all the time has a lot of security implications. But it’s been shown that this is already a problem, so that’s not news. We need to fix the bad security here anyway. The efficiency and power implications of this are enormous.

Leon Chua is a rare genius; someone whose discipline domain boundaries are very, very fuzzy. I came up with the title of the blog post to poke fun at Hammer, but this sort of cross-boundary thinking is something that mathematicians and scientists don’t do often enough either.

Advertisements

Posted May 5, 2008 by padraic2112 in hardware, tech

5 responses to “When Engineers think like Mathematicians, and act like Scientists

Subscribe to comments with RSS.

  1. No,

    I actually read the earlier posts about persistent memory. Persistent memory could be physically taken from the machine, which is more of a risk.

  2. > Persistent memory could be physically taken from the
    > machine, which is more of a risk

    Not exactly. It’s certainly a different attack scenario, but as far as “more” of a risk, that’s only true if it requires more resources to mitigate it… otherwise it’s just a different risk 🙂

    Protecting the state of the machine by working on the data in memory problem would apply to this, too, presumably.

  3. Sorry,

    Vinnie’s second rule of theivery. If it fits in your pocket, you should walk out with it.

  4. You’re losing me, Hammer.

    Are you just talking about physical loss? Like, someone shoplifted it out of your machine for the value of the chip itself? Or are you talking about there being an additional data security risk if someone can swipe the (analog-to-) DIMM out of the machine and read data off of it?

    The Felten attack scenario consists of someone walking off with the whole laptop, as opposed to opening the machine and taking out the DIMM and walking off with that. You’re right, the second attack is a little less obvious in transit, but the first attack is a lot less obvious at execution.

    Picking up someone’s hibernating laptop and walking away with it is a short attack with a short vulnerability window -> someone who knows the laptop isn’t yours needs to see you pick up the laptop. Picking the thing up unobserved is pretty easy (happens here on campus all the time), and once you’re out of the building it’s pretty difficult to differentiate you from anybody else carrying a laptop.

    Physically hacking open the machine and taking the memory is a long(er) attack with a different vulnerability window -> you have to take the time to physically open the machine and get the chip out. Admittedly, this isn’t a *lot* of time, but look at the advantage you get for taking this extra step… once you get your hands on the chip, you can easily conceal it on your person. Well, that really only helps you in getting out of the building, because once you’re out the difference between carrying a chip that can only be spotted with a search and carrying a laptop that is marginally less difficult to conceal isn’t that big. Not to mention the fact that lots of people carry some sort of bag that you could stash the whole laptop in anyway, so it’s pretty easy to conceal a laptop.

    Sure, there’s uber-secret scenarios and military installations (and movie plots) where the attacker might go after the chip instead of the machine, but it’s easy enough to make the chip itself tamper resistant and have it scramble its own brains when removed from the motherboard, or make it difficult to get the chip out of the machine to begin with.

    Or, you can come up with ways to protect the data in use, and then you’ve solved the data security problem in both scenarios.

    Although someone can still walk off with your gear 🙂

  5. Actually, way back at Hughes, there was a rash of desktop thefts. Then they secured all desktop units, and then drives and RAM started to disappear. All got past security at entrance and exits, the smaller devices got out with a much larger pool of suspects. But I assume a level of physical security, which goes to different assumptions. That physical security slants the overriding risk/reward decision of what someone is likely to steal. I also didn’t start with the assumption that anything worth my time to take would be on a laptop. So that’s how I lost ya, well that and trying to dash stuff off.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: