Dr Yarom receives coveted Chris Wallace Award
Congratulations to Dr Yuval Yarom, winner of the prestigious Chris Wallace Award for Outstanding Research in computer security and computer architecture.
This is the most prestigious award in Australia for Computer Science research and given on a yearly basis for a notable breakthrough or a contribution of particular significance to the field.
On completion of his PhD, Dr Yarom was employed at the University of Adelaide, first as a Research Associate and later as a Senior Lecturer. He is co-affiliated with CSIRO's Data61.
He has in a short space of time become one of Australia’s most significant researchers in computer security with particular focus on the implications of processor and hardware designs on data confidentiality.
Dr Yarom was nominated for this award for his internationally significant recent work on hardware vulnerabilities. During 2017 Dr Yarom started investigating Out-of-Order execution, a hardware optimisation that has been available in processors for over two decades. This investigation led to the discovery of two vulnerabilities dubbed Spectre and Meltdown.
Specifically, Spectre allows adversaries to access data outside the normal control flow of a program and Meltdown allows user-level code to read privileged kernel data. The work was a result of a multi-national collaboration, in which Dr Yarom led the Adelaide team that was instrumental in validating that speculative execution leaves traces in the cache.
The impact of these discoveries on the industry has been unprecedented. Upon public disclosure, in early 2018, Intel stock price dropped by 10%.
Addressing the vulnerabilities involved a concerted effort from hardware and software vendors, including Intel, Arm, Microsoft, RedHat and Apple.
Fixes include hardware and firmware updates to processors, design changes in all major operating systems and web browsers, and countermeasures within major compilers and runtime environments. Google engineers describe the discovery as a watershed moment to computer security and state that the vulnerabilities "Defeat all language-enforced confidentiality with no known comprehensive software mitigations". Following the disclosure, Intel has awarded Dr Yarom a grant to continue researching processor vulnerabilities.
Academic impact of the research has also been significant. The Spectre paper received the Distinguished Paper Award in IEEESP'19 (CORE A*), Dr Yarom's follow-up work on Foreshadow has been selected to appear in Micro magazine's Top-Picks, and his work on mitigating timing channels was selected as the Best Paper at EuroSys'19 (CORE A). As Hennessy and Patterson acknowledge in their Turing Award lecture, the discovery of Spectre and Meltdown has motivated new research on understanding, extending, and mitigating the vulnerabilities. Consequently, the papers describing Spectre and Meltdown are highly cited and have each garnered almost 200 citations in the first half of 2019.