Security is generally assured at the ISA level in an architecture, and it assumed that the microarchitecture preserves it through a faithful implementation. However, there is a great deal of state that the microarchitecture manages that isn’t part of the ISA, or at least not fully exposed, since it is designed to enhance performance while preserving the semantics of the ISA. Such state includes the cache and other memory hierarchy components, TLB, branch predictor, reorder buffer, etc. Precisely because these affect performance, they are open to timing side channel attacks. But beyond that, performance enhancments that run ahead, like out-of-order execution and speculation, can cause transient changes to state that persist beyond the ISA compensatory technique of squashing their results. 

Meltdown and Spectre are two of the earliest attacks that took advantage of these windows of opportunity to combine abandoned state changes with timing side channels to extract protected information. 

Slides are here