EECS 588: Computer and Network Security
Syllabus
The security of a system is only as
good as its weakest
link. Even if a system's software is perfectly secure, the complex
interactions
between the system's hardware and the physical world have not been
properly
understood. Side-channel attacks exploit unintentional,
abstraction-defying
leakage from physical devices (such as the device's power consumption,
electromagnetic radiation or execution timing variations) to recover
otherwise-unavailable secret information.
In this class, we shall review recent
papers in the area of
side channel attacks and their mitigations. Specific topics include
(but not
limited to):
- Physical side channel attacks such as power and electromagnetic analysis.
- Microarchitectural attacks such as cache attacks and Rowhammer.
- peculative execution attacks: Spectre, Meltdown and Foreshadow.
- Side channel mitigations and countermeasures.
Class requirements:
- 45min - 1 hour presentation
- Final project (maybe substituted by presenting two papers if enrollment
- Active participation in paper discussion
Class prerequisites:
Prior experience in low level
programing (C / C++ /
assembly) is required. Familiarly with basic signal processing (for
physical
attacks) as well as basic operating system principles (for
microarchitectural
attacks) will be helpful. The class might also include some basic
cryptographic
background which is required for understanding attacks on cryptographic
systems.
List of papers
Week |
Paper1
|
Speaker
|
Paper2
|
Speaker
|
Sep 3, 2019
|
Introduction to side channels
|
Daniel Genkin
|
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
|
Diego Rojas |
Sep 10, 2019
|
Remote Timing Attacks Are Practical
|
Ryan Feng |
On Subnormal Floating Point and Abnormal Timing
|
Ben Cyr |
Sep 17, 2019
|
On the effectiveness of mitigations against floating-point timing channels
|
Anthony Pan |
CACHE MISSING FOR FUN AND PROFIT |
Tarunesh Verma |
Sep 24, 2019
|
No class |
|
No class |
|
Oct 1, 2019
|
Cache attacks and countermeasures: the case of AES
|
Chris Hu |
FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack
|
Eric Hao |
Oct 8, 2019
|
Last-Level Cache Side-Channel Attacks are Practical
|
Yungang Wang |
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
|
Cristina Noujaim |
Oct 15, 2019
|
The Spy in the Sandbox - Practical Cache Attacks in Javascript and their Implications
|
Renuka Kumar |
Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches
|
Peter Paquet |
Oct 22 2019
|
ARMageddon: Cache Attacks on Mobile Devices
|
Joseph Buiteweg |
Drive-By Key-Extraction Cache Attacks from Portable Code
|
Jacob Hage |
Oct 29, 2019
|
Practical Keystroke Timing Attacks in Sandboxed JavaScript
|
Apurva Virkud |
Meltdown + Spectre
|
Daniel Genkin
|
Nov 5, 2019
|
Foreshadow+Foreshadow-NG
|
Daniel Genkin
|
RIDL and Fallout: MDS attacks
|
Marina Minkin |
Nov 12, 2019
|
No Class
|
|
No Class
|
|
Nov 19, 2019
|
Electromagnetic Eavesdropping Risks of Flat-Panel Displays
|
Yan Long |
Keyboard Acoustic Emanations
|
Katelyn Wolfenberger |
Nov 26, 2019 |
Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels
|
Youssef Tobah |
Thanksgiving
|
|
Dec 3, 2019 |
Introduction to differential power analysis
|
John Wu |
Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks on PCs
|
Can Carlak |
Dec 10, 2019
|
Stealing Keys from PCs Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation
|
Jiachen Sun |
|
|