EECS 598-12: Topics in Hardware Security
Syllabus
The security of a system is only as good as its weakest
link. Even if a system's software is perfectly secure, the complex interactions
between the system's hardware and the physical world have not been properly
understood. Side-channel attacks exploit unintentional, abstraction-defying
leakage from physical devices (such as the device's power consumption,
electromagnetic radiation or execution timing variations) to recover
otherwise-unavailable secret information.
In this class, we shall review recent papers in the area of
side channel attacks and their mitigations. Specific topics include (but not
limited to):
1. Physical side channel attacks such as power and electromagnetic
analysis.
2. Microarchitectural attacks such as cache attacks and Rowhammer.
3. 3. Speculative execution attacks: Spectre, Meltdown and
Foreshadow.
4. Side channel mitigations and countermeasures.
Class
requirements:
1. 45min - 1 hour presentation
2. Final project (maybe substituted by presenting two papers if enrollment
is low)
3. Active participation in paper discussion
Class
prerequisites:
Prior experience in low level programing (C / C++ /
assembly) is required. Familiarly with basic signal processing (for physical
attacks) as well as basic operating system principles (for microarchitectural
attacks) will be helpful. The class might also include some basic cryptographic
background which is required for understanding attacks on cryptographic
systems.
List of
papers
|
Date
|
Paper1
|
Speaker
|
Paper2
|
Speaker
|
|
Sep 7, 2018
|
Introduction to side channels
|
Daniel Genkin
|
|
|
|
Sep 14, 2018
|
Timing Attacks on
Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
|
|
Remote Timing Attacks
Are Practical
|
|
|
Sep 21, 2018
|
On Subnormal Floating
Point and Abnormal Timing
|
|
On the effectiveness of mitigations against floating-point timing channels
|
|
|
Sep 28, 2018
|
CACHE MISSING FOR FUN AND
PROFIT
|
|
Cache attacks and
countermeasures: the case of AES
|
|
|
Oct 5, 2018
|
Hey, you, get off of my
cloud: exploring information leakage in third-party compute clouds
|
|
FLUSH+RELOAD: A High
Resolution, Low Noise, L3 Cache Side-Channel Attack
|
|
|
Oct 12, 2018
|
Last-Level Cache
Side-Channel Attacks are Practical
|
|
The Spy in the Sandbox
- Practical Cache Attacks in Javascript and their Implications
|
|
|
Oct 19, 2018
|
Cache Template
Attacks: Automating Attacks on Inclusive Last-Level Caches
|
|
ARMageddon: Cache
Attacks on Mobile Devices
|
|
|
Oct 26, 2018
|
Drive-By
Key-Extraction Cache Attacks from Portable Code
|
|
Practical Keystroke
Timing Attacks in Sandboxed JavaScript
|
|
|
Nov 2, 2018
|
Meltdown + Spectre
|
|
Foreshadow+Foreshadow-NG
|
|
|
Nov 9, 2018
|
Electromagnetic
Eavesdropping Risks of Flat-Panel Displays
|
|
Keyboard Acoustic
Emanations
|
|
|
Nov 16, 2018
|
Introduction
to differential power analysis
|
|
Get Your Hands
Off My Laptop: Physical Side-Channel Key-Extraction Attacks on PCs
|
|
|
Nov 23, 2018
|
Stealing Keys from PCs Using
a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation
|
|
Exploiting
the DRAM Rowhammer bug to gain kernel privilege
|
|
|
Nov 30, 2018
|
Rowhammer.js: A Remote
Software-Induced Fault Attack in JavaScript
|
|
Drammer: Deterministic
Rowhammer Attacks on Mobile Platforms
|
|
|
Dec 7, 2018
|
Flip Feng Shui:
Hammering a Needle in the Software Stack
|
|
Grand Pwning Unit:
Accelerating Microarchitectural Attacks with the GPU
|
|