Application-Specific Principals Must Align With Platform Boundaries
Many application types (including web browsers, database servers, and application servers) define their own security principals. Unless these applications align their principals with boundaries that the hardware and OS support, they are trivially vulnerable to Spectre and other side channels. We need to motivate all such application vendors to re-engineer their systems, and doing so is likely to require new APIs from OS and hardware vendors for best results.
I’m an application security engineer. Technology should serve people. Hence, technologists should serve people. So, I try to. The best way to see what I am about is to visit my blog, https://noncombatant.org/.