DARPA is looking to avoid another version of Meltdown or Spectre

The Defense Advanced Research Projects Agency has contracted Tortuga Logic to develop hardware security tools that use commercial testing platforms to catch vulnerabilities in computer chips before they are deployed, the firm announced.

The goal of the contract, awarded by the Pentagon’s R&D arm, is to prevent a repeat of Meltdown and Spectre, the security vulnerabilities revealed in January that affected virtually all modern computer chips.

The contract is part of a DARPA hardware and firmware program that strives to make chips more secure at the “microarchitecture level.” DARPA says the program, which is tackling seven classes of hardware vulnerabilities, supports security methods that limit “hardware to states that are assured to be secure while maintaining the performance and power required for system operation.”

Tortuga Logic says it can verify hardware security throughout the design process, arguing in a recent white paper that such verification is much more common in the software industry than it is in hardware.

A Tortuga Logic spokesperson declined to say how much the contract is worth. The security product resulting from the DARPA contract will be available on the market later this year, according to Tortuga.

“More than ever, hardware designers need solutions to identify security vulnerabilities throughout the chip design lifecycle, rather than post-fabrication or post-deployment,” Tortuga Logic CEO Jason Oberg said in a statement.

Meltdown and Spectre’s scourge on computer security has been slow to fade. A security researcher last week revealed that Microsoft’s early patches for Meltdown had introduced a more serious vulnerability in Windows 7 that allowed attackers to read kernel memory much faster and to write their own memory. Microsoft subsequently issued a patch for that vulnerability.