DARPA is looking to avoid another version of Meltdown or Spectre

The Pentagon's R&D wing has contracted Tortuga Logic to develop hardware security tools that use commercial testing platforms to catch vulnerabilities in computer chips.
(Getty Images)

The Defense Advanced Research Projects Agency has contracted Tortuga Logic to develop hardware security tools that use commercial testing platforms to catch vulnerabilities in computer chips before they are deployed, the firm announced.

The goal of the contract, awarded by the Pentagon’s R&D arm, is to prevent a repeat of Meltdown and Spectre, the security vulnerabilities revealed in January that affected virtually all modern computer chips.

The contract is part of a DARPA hardware and firmware program that strives to make chips more secure at the “microarchitecture level.” DARPA says the program, which is tackling seven classes of hardware vulnerabilities, supports security methods that limit “hardware to states that are assured to be secure while maintaining the performance and power required for system operation.”

Tortuga Logic says it can verify hardware security throughout the design process, arguing in a recent white paper that such verification is much more common in the software industry than it is in hardware.


A Tortuga Logic spokesperson declined to say how much the contract is worth. The security product resulting from the DARPA contract will be available on the market later this year, according to Tortuga.

“More than ever, hardware designers need solutions to identify security vulnerabilities throughout the chip design lifecycle, rather than post-fabrication or post-deployment,” Tortuga Logic CEO Jason Oberg said in a statement.

Meltdown and Spectre’s scourge on computer security has been slow to fade. A security researcher last week revealed that Microsoft’s early patches for Meltdown had introduced a more serious vulnerability in Windows 7 that allowed attackers to read kernel memory much faster and to write their own memory. Microsoft subsequently issued a patch for that vulnerability.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts