_______________
Meltdown and Spectre provide insight into building more resilient systems. Less covered in the press than the vulnerabilities themselves, problems with patching, or “timelines to discovery” is that some systems were, in fact, prepared and protected— requiring no patches, recompiles, or redesigns. Their distinguishing feature? A separation kernel technology based on the work of John Rushby which provides system developers with a stronger ability to separate critical and non-critical computing environments through increased hardware control.
Separation is the key to safety and security and has guided high assurance system designs for decades. For safety, partitioning for aviation systems fundamentally relies on separating components to ensure their protection. For security, the Department of Defense (DoD) relies on modular separation of system design and controlled information flow for securing information in the highest threat environments. Within these critical contexts, separation failures are safety and security failures. Meltdown is thus a practical litmus test, revealing those who achieved safe and secure separation and those who did not.