EECS 588: Computer and Network Security

Syllabus

The security of a system is only as good as its weakest link. Even if a system's software is perfectly secure, the complex interactions between the system's hardware and the physical world have not been properly understood. Side-channel attacks exploit unintentional, abstraction-defying leakage from physical devices (such as the device's power consumption, electromagnetic radiation or execution timing variations) to recover otherwise-unavailable secret information.

In this class, we shall review recent papers in the area of side channel attacks and their mitigations. Specific topics include (but not limited to):

  1. Physical side channel attacks such as power and electromagnetic analysis.
  2. Microarchitectural attacks such as cache attacks and Rowhammer.
  3. peculative execution attacks: Spectre, Meltdown and Foreshadow.
  4. Side channel mitigations and countermeasures.

Class requirements:

  1. 45min - 1 hour presentation
  2. Final project (maybe substituted by presenting two papers if enrollment
  3. Active participation in paper discussion

Class prerequisites:

Prior experience in low level programing (C / C++ / assembly) is required. Familiarly with basic signal processing (for physical attacks) as well as basic operating system principles (for microarchitectural attacks) will be helpful. The class might also include some basic cryptographic background which is required for understanding attacks on cryptographic systems.

List of papers

Week Paper1 Speaker Paper2 Speaker
Sep 3, 2019 Introduction to side channels Daniel Genkin Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems TBD
Sep 10, 2019 Remote Timing Attacks Are Practical TBD On Subnormal Floating Point and Abnormal Timing TBD
Sep 17, 2019 On the effectiveness of mitigations against floating-point timing channels TBD CACHE MISSING FOR FUN AND PROFIT TBD
Sep 24, 2019 Cache attacks and countermeasures: the case of AES TBD Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds TBD
Oct 1, 2019 FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack TBD Last-Level Cache Side-Channel Attacks are Practical TBD
Oct 8, 2019 The Spy in the Sandbox - Practical Cache Attacks in Javascript and their Implications TBD Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches TBD
Oct 15 2019 ARMageddon: Cache Attacks on Mobile Devices TBD Drive-By Key-Extraction Cache Attacks from Portable Code TBD
Oct 22, 2019 Practical Keystroke Timing Attacks in Sandboxed JavaScript TBD Meltdown + Spectre TBD
Oct 29, 2019 Foreshadow+Foreshadow-NG TBD RIDL and Fallout: MDS attacks TBD
Nov 5, 2019 Electromagnetic Eavesdropping Risks of Flat-Panel Displays TBD Keyboard Acoustic Emanations TBD
Nov 12, 2019 Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels TBD Introduction to differential power analysis TBD
Nov 19, 2019 Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks on PCs TBD Stealing Keys from PCs Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation TBD
Nov 26, 2019 Exploiting the DRAM Rowhammer bug to gain kernel privilege TBD Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript TBD
Dec 3, 2019 Drammer: Deterministic Rowhammer Attacks on Mobile Platforms TBD Flip Feng Shui: Hammering a Needle in the Software Stack TBD
Dec 10, 2019 Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU TBD Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks TBD