Course description
Cache Side-Channel Attacks and Mitigations
In this course, we build upon basic knowledge of software-based timing and cache attacks as well as the side-channel mindset. Same as in the prior courses, we do not just enumerate side-channel effects but we provide you with the experience of discovering side channels yourself in a group of students, living in a shared appartment. We dive deeper into the microarchitecture and get an in-depth understanding of virtual memory and caches in the course. We will learn about different cache side channels, such as Flush+Flush, Evict+Reload, and Prime+Probe. This requires some skills in reading and writing code, mainly C code. You will learn which attacks are relevant in the concrete native and virtualized environments you are working with, contributing to your risk assessment skills. In a set of small exercises, you will demonstrate that you understood the virtual memory, caches, and are able to find and exploit cache side channels in small software programs.
Upcoming start dates
Suitability - Who should attend?
Prerequisites:
Knowledge and skills from the prerequisite course Side Channel Security S2: Introduction to Software Side Channels and Mitigations.
We expect basic programming skills on a similar level as in the prerequisite course. You may have obtained these as part of a university program such as computer science or a high school degree with a focus on computer science.
Outcome / Qualification etc.
What you'll learn
- Spot and exploit side channels in cache hierarchies of concrete systems
- Use different software-based cache side channels to extract secret information
- Understand the security risks posed by cache side channels and which cache side channels can be mitigated in practice
Training Course Content
Episode 1: Down the Rabbit Hole
The flatmates figure out how virtual addresses and caches work and they start realizing which timing differences might be hidden in there.
Episode 2: Gone with the Flush
The flatmates discover the Flush+Flush and Evict+Reload attacks and learn a lot about how cache replacement works.
Episode 3: Optimus Prime+Probe
The flatmates discover the Prime+Probe attack. They realize that it works in cases where Flush+Reload does not work and believe it is something completely new.
Episode 4: Jonas and the Template of Doom
The flatmates realize that they can scan binaries for cache activity and automatically build cache side-channel attacks with that, forming the concept of Cache Template Attacks. In the end, upon Jonas' suggestion, they retrieve the Template of Doom; but they also attack AES for instance.
Episode 5: Drama with Manuel
Manuel hurt his leg and cannot move. The timing differences he introduces in the flat activity inspire the discovery of DRAM Addressing (DRAMA) side channels.
Course delivery details
This course is offered through Graz University of Technology, a partner institute of Trinity College.
3-4 hours per week
Expenses
- Verified Track -$149
- Audit Track - Free