Contact: andrew@cs.unc.edu
Class Meetings: Tuesday/Thursday 12:30-1:45PM, SN115
Office Hours TBA, in FB340
Syllabus
The goal of this course is to prepare students for a world where hardware vulnerabilities can leak secrets to software-only attackers. Students will learn how to conduct and defend against state-of-the-art side-channel attacks on real hardware through a combination of lectures, reading cutting-edge research papers, and completing lab programming assignments. This course will practically demonstrate the pitfalls of widely adopted modern hardware design decisions, and will prepare students to design hardware and software resilient against such attacks.
Course Structure
Grades will be based upon the following:Class Participation (10%)
Students are expected to contribute to class discussions following paper presentations. Students should be able to ask insightful questions and demonstrate that they have read and understand the assigned readings. They will also be expected to come prepared with a short review of the paper, pinpointing the paper’s strengths and weaknesses.
Paper Presentations (15%)
Students will give conference style talks on assigned papers. They will prepare slides and a 20 minute presentation on the papers.
Paper Reviews (15%)
Students will submit mini-reviews on assigned papers that pinpoint the paper’s strengths and weaknesses. These will be submitted to Canvas.
Lab Assignments (60%)
Students will complete programming-oriented lab assignments that are designed to guide them towards carrying out real-world attacks on hardware. There will be three in total, focused on providing students with an opportunity to put theory into practice.
Acknowledgements
This course is based upon MIT's 6.5950 course. Much thanks to Mengjia Yan and her course staff for their hard work on starting this!Schedule
Week 1
Thursday, January 9 — Lecture: Introduction/Cache Side-Channels
Week 2
Tuesday, January 14 — Lecture: Side-Channel Research
Thursday, January 16 — Lecture: Cache Side-Channels deepdive
Week 3
Tuesday, January 21 — Paper Discussion
- Last-Level Cache Side-Channel Attacks are Practical . Oakland 2015
Thursday, January 23 — Paper Discussion
Week 4
Tuesday, January 28 — Paper Discussion
- Theory and Practice of Finding Eviction Sets. Oakland 2019
Thursday, January 30 — Lecture: Transient Execution Attacks
Week 5
Tuesday, February 4 — Paper Discussion
- Spectre Attacks: Exploiting Speculative Execution . Oakland 2019
Thursday, February 6 — Paper Discussion
- RIDL: Rogue In-Flight Data Load . Oakland 2019
Week 6
Tuesday, February 11 — Lecture: Side-Channel Defenses
Thursday, February 13 — Lecture: Side-Channel Mitigations cont.
Week 7
Tuesday, February 18 — Paper Discussion
Thursday, February 20 — Paper Discussion
Week 8
Tuesday, February 25 — Lecture: Hardware Security Modules
Thursday, February 27 — Paper Discussion
- A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping . USENIX Security 2018
Week 9
Tuesday, March 4 — Lecture: Rowhammer
Thursday, March 6 — Paper Discussion
Week 10
Tuesday, March 11
Spring Break. No Class.Thursday, March 13
Spring Break. No Class.Week 11
Tuesday, March 18 — Lecture: Rowhammer Mitigations+Reliability Solutions
Thursday, March 20
Week 12
Tuesday, March 25 — Paper Discussion
Thursday, March 27 — Lecture: Trusted Execution Environments
Week 13
Tuesday, April 1 — Paper Discussion
Thursday, April 3 — Paper Discussion
Week 14
Tuesday, April 8 — Lecture: Memory Safety
Thursday, April 10 — Paper Discussion
Week 15
Tuesday, April 15 — Lecture: Fuzzing
Thursday, April 17
Well-being Day. No Class.Week 16
Tuesday, April 22 — Paper Discussion
- SiliFuzz: Fuzzing CPUs by proxy . Google Tech Report 2021