Between Physical and Software: Fault Attacks, Side Channels, and Mitigations
Les destinataires peuvent scanner le code à l’aide d’un smartphone ou d’une tablette afin d’accéder au cours.
Télécharger
Graz University of Technology
Daniel Gruß
A propos de
Contenu
Contenu du cours
Side channels exist in the real world, but they also exist in computers and can be exploited directly from software. This is a substantial computer security problem today, that we need to learn about to be able to stop attacks. In this course, you will learn and practice basic software-based side channels and understand the thought process to utilize a side channel. You will then learn how to mitigate or avoid side channels in software.Objectifs du cours
After completing this course, you will:
- be able to spot side-channel leakage in simple programs
- be able to use software-based side channels to extract secret information
- be able to connect these security risks with methods to mitigate and close side channels in software
Connaissances antérieures
No formal prerequisites but it is expected that you already have started to build up your side-channel security mindset, for instance via the corresponding iMooX course.
Procédure du cours
There are 5 parts (episodes+exercises) in this course:
The flatmates realize there is some effect that can fault hardware from software.
This so-called Rowhammer effect can fully subvert a system, providing full kernel privileges to the attacker.
- Episode 2: Under Voltage
Daniel undervolts his laptop because that saves energy and produces less heat. As this sometimes causes crashes or data corruption the flatmates try to figure out how to exploit this behavior to leak secrets from trusted execution environments.
- Episode 3: Load Value Inception
The flatmates realize that they can inject values into Daniel's mind by saying names at the right moment in time, while Daniel is thinking about a name. They figure out that computer's are susceptible to a very similar attack and use it to turn Meltdown around, from a leakage primitive to a load value injection primitive.
- Episode 4: Power Leakers
Andreas investigates the power consumption on his computer and realizes that there is a substantial amount of leakage when monitoring the power consumption from software. It turns out that this leakage is as powerful as the physical side channel attacks they have mounted several months earlier.
- Episode 5: Hardware Leaks and Software Leaks
The graduation ceremony is ahead. The flatmates realize that there is a lot of leakage everywhere and the power consumption system interface is just one system interface while there are many more. They pick the page cache as a target and figure out that they can spy on user input through it. They believe this is new and disclose this to a vendor. After their graduation ceremony with the rector, the dean, and the Austrian president, a big surprise is waiting for them at home.
Certificat
For actively participating in the course you will receive an automatic certificate which includes your name, the course name as well as the completed lessons. We want to point out that this certificate merely confirms that you answered at least 75% of the self-assessment questions correctly.Licence
This work is licensed under CC BY 4.0Discussion
If you prefer a more instant means of communication compared to the iMooX forum, you can join our official community on Discord. Just visit https://discord.gg/rrbazVdAN9 and join SCS's Discord server!
Discussion Guidelines
Both Discord and the discussion forums are where you can express thoughts, develop ideas, and engage with classmates and instructors. Please review discussion postings before posting your own to avoid redundancy. When adding a forum post, mark it as a Question or a Discussion. Questions raise issues that need answers, whereas Discussions share ideas and start conversations. Do not post solutions or links to solutions to quiz questions or homework assignments anywhere. Give your message a meaningful title. Use common writing practices for online communication. Participation on Discord and in the discussion forums is voluntary, but we encourage participation to get to know everyone else taking the course. We, the instructors and TAs, will answer your questions on both platforms of course.
Academic Policy
The course follows the academic policy of TU Graz.
Formateur/formatrice
Daniel Gruß
Daniel Gruss (@lavados) is a University Professor at Graz University of Technology. He loves teaching and research of system-level topics, including side channels and transient execution attacks. He implemented the first remote fault attack running in a website, known as Rowhammer.js. His research team was one of the teams that found the Meltdown and Spectre bugs, published in early 2018. In 2023, he received an ERC Starting Grant to research the sustainability of security. He frequently speaks at top international venues.
Se connecter et s'inscrire Le cours débute le 3 novembre 2025. Actuellement: 0 Participants
Gratuit pour tous € 0.00
Partenaires
Graz University of Technology
Graz