Über
Inhalt
Kursinhalt
Seitenkanäle existieren in der realen Welt, aber auch in Computern und können direkt über Software ausgenutzt werden. Dies ist heutzutage ein erhebliches Problem für die Computersicherheit, über das wir Bescheid wissen müssen, um Angriffe abwehren zu können. In diesem Kurs lernen und üben Sie grundlegende softwarebasierte Seitenkanäle und verstehen den Denkprozess hinter der Nutzung eines Seitenkanals. Anschließend lernen Sie, wie Sie Seitenkanäle in Software abschwächen oder vermeiden können.
Lernziele
Nach Abschluss dieses Kurses können Sie:
- den Unterschied zwischen Seitenkanalangriffen und Transient-Execution-Angriffen erkennen, welche Software für Transient-Execution-Schwachstellen anfällig ist
- die immensen Sicherheitsrisiken von Transient-Execution-Angriffen verstehen
- wissen, wie diese Angriffe gemindert werden können
Vorkenntnisse
No formal prerequisites, but it is expected that you already have started to build up your side-channel security mindset, for instance via the corresponding iMooX course.
Kursablauf
There are 5 parts (episodes+exercises) in this course:
The flatmates figure out that speculative behaviors influence the timing of humans and of computers. They realize that they can use this to leak secrets from another program.
- Episode 2: Daniel has a Meltdown
The flatmates discover that Daniel when brought into a situation where he would a leak a secret sometimes takes too long before he realizes it. They figure out that they can do the same on computers, with severe impact on the system's security.
- Episode 3: Trust Issues
The flatmates try to leak a name from Manuel, but Manuel doesn't want to tell them. They realize that the isolation in their flat is not very good. They start investigating whether this problem also exists in computers and look for better isolation mechanisms.
- Episode 4: Foreshadow
The flatmates realize that the better isolation mechanisms they found, might not be as strong as they thought and that transient-execution attacks might still be possible. With this they continue leaking the name.
- Episode 5: Noise is just someone else's data
After the leakage is gone and the transient-execution leakage seems resolved, the flatmates realize that there is still noise. But then they remember that noise is just someone else's data. They analyze the noise and come up with techniques to extract secrets from it. Ultimately, they figure out the name Manuel did not want to tell them so far.
Zertifikat
Für die aktive Teilnahme am Kurs erfolgt bei Abschluss die Ausstellung einer automatisierten Teilnahmebestätigung, welche Ihren Namen, den Kursnamen und die abgeschlossenen Lektionen beinhaltet. Es wird darauf hingewiesen, dass es sich nur um eine Bestätigung handelt, die aussagt, dass Sie zumindest 75% der gestellten Selbstüberprüfungsfragen richtig beantwortet haben.Lizenz
Dieses Werk ist lizenziert unter CC BY 4.0Discussion
If you prefer a more instant means of communication compared to the iMooX forum, you can join our official community on Discord. Just visit https://discord.gg/rrbazVdAN9 and join SCS's Discord server!
Discussion Guidelines
Both Discord and the discussion forums are where you can express thoughts, develop ideas, and engage with classmates and instructors. Please review discussion postings before posting your own to avoid redundancy. When adding a forum post, mark it as a Question or a Discussion. Questions raise issues that need answers, whereas Discussions share ideas and start conversations. Do not post solutions or links to solutions to quiz questions or homework assignments anywhere. Give your message a meaningful title. Use common writing practices for online communication. Participation on Discord and in the discussion forums is voluntary, but we encourage participation to get to know everyone else taking the course. We, the instructors and TAs, will answer your questions on both platforms of course.
Academic Policy
The course follows the academic policy of TU Graz.
Kursleitung
Daniel Gruß
Daniel Gruss (@lavados) is a University Professor at Graz University of Technology. He loves teaching and research of system-level topics, including side channels and transient execution attacks. He implemented the first remote fault attack running in a website, known as Rowhammer.js. His research team was one of the teams that found the Meltdown and Spectre bugs, published in early 2018. In 2023, he received an ERC Starting Grant to research the sustainability of security. He frequently speaks at top international venues.
Anmelden & Einschreiben Der Kurs startet am 3. November 2025. Aktuell: 0 Teilnehmer:innen
Kostenlos für alle € 0.00
Partner:innen
Technische Universität Graz
Graz