What about virtualization?
So, what’s the common tool these system software developers are using to protect against the consequences of privilege escalation and potentially defend against the side-channel attack even when it’s a consequence of a multicore design fault? In short, it’s virtualization. Not solely utilized to enable the hosting of multiple different OSs, but actually as a security technology. When properly utilized, virtualization offers one of the other key building blocks of secure system design—separation—in effect delivering secured isolation for those hosted OSs that enable the legacy-code reuse for next-generation systems.
Surely all hypervisors and VMMs deliver this security? Actually, no. It seems that most of them are based on a kernel or OS and, as a result, can fall prey to the privilege escalation problem, and worse, all of these can fall prey to the side-channel attack of Meltdown or Spectre. Thus, it demonstrates the core design flaw in the OS-based virtualization solution. Such weaknesses can’t be tolerated in systems where lives are at stake.
The issue is now going beyond just safety. The privacy and confidentiality of any system on the Internet or otherwise publicly or semi-publicly connected, has recently (May 25, 2018) become a huge issue. In Europe, those failing to deliver against expectations of public trust risk fines of up to 4% of company global turnover (not profits!). The new regulation, the GDPR (General Data Protection Regulation) is enforcing a new focus on the need for security by design as a support for privacy by design. Rightly so perhaps, if digital is to become ever more integral to our daily lives.
The OS has its role to play as a portable application-development platform. However, as a trustworthy solution to manage the merger of multiple capabilities across highly integrated cores sharing memory and caches and I/O, it has manifestly been shown to fail on a far too regular basis, as the daily occurrence of hacks and lost data attest.