Tuesday, December 8, 2020 | Time: 12:30 – 13:15 EST

Bio: David Patterson is a UC Berkeley professor of the graduate school, a Google distinguished engineer, and the RISC-V Foundation Vice-Chair. He received his BA, MS, and PhD degrees from UCLA. His Reduced Instruction Set Computer (RISC), Redundant Array of Inexpensive Disks (RAID), and Network of Workstation projects helped lead to multibillion-dollar industries. This work led to about 40 awards for research, teaching, and service plus many papers and seven books. The best known book is Computer Architecture: A Quantitative Approach and the newest is The RISC-V Reader: An Open Architecture Atlas. He and his co-author John Hennessy shared the 2017 ACM A.M Turing Award.

Title: Put Up or Shut Up: Advancing Security by Creation, not Criticism

Abstract: “I've been all over the world and I've never seen a statue of a critic.” ― Leonard Bernstein

When proprietary architectures and proprietary operating systems dominated the information technology industry, the only option available to security experts was to point out the flaws in proprietary hardware-software systems. The hope was that companies would learn from their mistakes, but security remains the Achilles Heel of information technology.

The time for contribution by criticism is past. The security community should evolve to advancing the state of the art by trying to build secure systems and test them in the real world.

Open source operating systems like Linux have been the norm since at least 2010, and in 2020 the RISC-V open instruction set and open source implementations of RISC-V are commercially viable. Open architectures, open-source implementations, and open-source software stacks, plus the plasticity of Field Programmable Gate Arrays (FPGAs) mean engineers can deploy and evaluate novel solutions online and iterate them weekly instead of every few years. While FPGAs are 10× slower than custom chips, such performance is still fast enough to support online users and thus subject security innovations to real attackers.

Moreover, while there are financial incentives for companies to continually increase the complexity of their proprietary architectures, there is little technical reason to do so. The simplicity of the industrial strength RISC-V architecture enabled formal specifications of its instruction set and makes its open source implementations easier to check and enhance.

Finally, proprietary operating systems and architectures limit innovation to employees of those companies, but open operating systems and open architectures allow everyone to innovate.

In 2020, anyone can demonstrate their ideas by enhancing realistic hardware-software systems. It’s time for security experts to put up or shut up.