Contact: andrew@cs.unc.edu
Class Meetings: Tuesday/Thursday 9:30-10:45AM, SN11
Office Hours Thursday 3:00-4:00PM, in FB340
Syllabus
The goal of this course is to prepare students for a world where hardware vulnerabilities can leak secrets to software-only attackers. Students will learn how to conduct and defend against state-of-the-art side-channel attacks on real hardware through a combination of lectures, reading cutting-edge research papers, and completing lab programming assignments. This course will practically demonstrate the pitfalls of widely adopted modern hardware design decisions, and will prepare students to design hardware and software resilient against such attacks.
Course Structure
Grades will be based upon the following:Class Participation (10%)
Students are expected to contribute to class discussions following paper presentations. Students should be able to ask insightful questions and demonstrate that they have read and understand the assigned readings. They will also be expected to come prepared with a short review of the paper, pinpointing the paper’s strengths and weaknesses.
Paper Presentations (15%)
Students will give conference style talks on assigned papers. They will prepare slides and a 20 minute presentation on the papers.
Lab Assignments (75%)
Students will complete programming-oriented lab assignments that are designed to guide them towards carrying out real-world attacks on hardware. There will be three in total, focused on providing students with an opportunity to put theory into practice.
Acknowledgements
This course is based upon MIT's 6.5950 course. Much thanks to Mengjia Yan and her course staff for their hard work on starting this!Schedule
Week 1
Thursday, January 18 — Lecture: Cache Side-Channels
Week 2
Tuesday, January 23 — Lecture: Cache Side-Channels cont.
Thursday, January 25 — Paper Discussion
- FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. USENIX Security 2014
Week 3
Tuesday, January 30 — Paper Discussion
- Theory and Practice of Finding Eviction Sets. Oakland 2019
Thursday, February 1 — Paper Discussion
- Last-Level Cache Side-Channel Attacks are Practical . Oakland 2015
Week 4
Tuesday, February 6 — Lecture: "Transient Execution Attacks
Thursday, February 8 — Paper Discussion
- Spectre Attacks: Exploiting Speculative Execution . Oakland 2019
Week 5
Tuesday, February 13
Well-being day. No Class.Thursday, February 15 — Paper Discussion
- RIDL: Rogue In-Flight Data Load . Oakland 2019
Week 6
Tuesday, February 20 — Lecture: Side-Channel Defenses
Thursday, February 22 — Paper Discussion
- Hardware-Software Contracts for Secure Speculation . Oakland 2021
Week 7
Tuesday, February 27 — Paper Discussion
Thursday, February 29 — Paper Discussion
Week 8
Tuesday, March 5 — Lecture: Hardware Security Modules
Thursday, March 7 — Paper Discussion
- A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping . USENIX Security 2018
Week 9
Tuesday, March 12
Spring Break. No Class.Thursday, March 14
Spring Break. No Class.Week 10
Tuesday, March 19
Thursday, March 21 — Lecture: Rowhammer
Week 11
Tuesday, March 26 — Paper Discussion
Thursday, March 28
Well-being Day. No Class.Week 12
Tuesday, April 2 — Paper Discussion
- ZENHAMMER: Rowhammer Attacks on AMD Zen-based Platforms . USENIX Security 2024
Thursday, April 4 — Lecture: Trusted Execution Environments
Week 13
Tuesday, April 9 — Paper Discussion
Thursday, April 11 — Paper Discussion
Week 14
Tuesday, April 16 — Lecture: Memory Safety
Thursday, April 18 — Paper Discussion
Week 15
Tuesday, April 23 — Lecture: Fuzzing
Thursday, April 25 — Paper Discussion
- SiliFuzz: Fuzzing CPUs by proxy . Google Tech Report 2021