Today’s hardware cannot keep secrets. Indeed, the past two decades have seen the discovery of a slew of attacks where an adversary exploits hardware features to leak software’s sensitive data. These attacks have shaken the foundations of computer security and caused a major disruption in the software industry. Fortunately, there has been a saving grace, namely the widespread adoption of models that have enabled developers to build secure software while comprehensively preventing hardware vulnerabilities.

In this talk, I will present two new classes of vulnerabilities that fundamentally undermine these prevailing models for building secure software. In the first part, I will demonstrate that the current constant-time programming model is insufficient to guarantee constant-time execution. In the second part, I will demonstrate that the current resource partitioning model is insufficient to guarantee software isolation. Finally, I will provide an overview of my future research plans for enabling the design of more secure software and hardware systems.