Transient Execution Attacks Understanding Meltdown and Spectre
Graz University of Technology
Daniel Gruß
Informacje o
Treść
Treść kursu
Side channels exist in the real world, but they also exist in computers and can be exploited directly from software. This is a substantial computer security problem today, that we need to learn about to be able to stop attacks. In this course, you will learn and practice basic software-based side channels and understand the thought process to utilize a side channel. You will then learn how to mitigate or avoid side channels in software.
Cele kursu
After completing this course, you will:
- understand the difference between side-channel attacks and transient-execution attacks
- be able to recognize which software may be exposed to transient-execution vulnerabilities
- understand the immense security risks posed by transient-execution attacks and how these attacks can be mitigated
Wymagana wiedza wstępna
No formal prerequisites, but it is expected that you already have started to build up your side-channel security mindset, for instance via the corresponding iMooX course.
Procedura kursu
There are 5 parts (episodes+exercises) in this course:
The flatmates figure out that speculative behaviors influence the timing of humans and of computers. They realize that they can use this to leak secrets from another program.
- Episode 2: Daniel has a Meltdown
The flatmates discover that Daniel when brought into a situation where he would a leak a secret sometimes takes too long before he realizes it. They figure out that they can do the same on computers, with severe impact on the system's security.
- Episode 3: Trust Issues
The flatmates try to leak a name from Manuel, but Manuel doesn't want to tell them. They realize that the isolation in their flat is not very good. They start investigating whether this problem also exists in computers and look for better isolation mechanisms.
- Episode 4: Foreshadow
The flatmates realize that the better isolation mechanisms they found, might not be as strong as they thought and that transient-execution attacks might still be possible. With this they continue leaking the name.
- Episode 5: Noise is just someone else's data
After the leakage is gone and the transient-execution leakage seems resolved, the flatmates realize that there is still noise. But then they remember that noise is just someone else's data. They analyze the noise and come up with techniques to extract secrets from it. Ultimately, they figure out the name Manuel did not want to tell them so far.
Certyfikat
For actively participating in the course you will receive an automatic certificate which includes your name, the course name as well as the completed lessons. We want to point out that this certificate merely confirms that you answered at least 75% of the self-assessment questions correctly.Licencja
This work is licensed under CC BY 4.0Discussion
If you prefer a more instant means of communication compared to the iMooX forum, you can join our official community on Discord. Just visit https://discord.gg/rrbazVdAN9 and join SCS's Discord server!
Discussion Guidelines
Both Discord and the discussion forums are where you can express thoughts, develop ideas, and engage with classmates and instructors. Please review discussion postings before posting your own to avoid redundancy. When adding a forum post, mark it as a Question or a Discussion. Questions raise issues that need answers, whereas Discussions share ideas and start conversations. Do not post solutions or links to solutions to quiz questions or homework assignments anywhere. Give your message a meaningful title. Use common writing practices for online communication. Participation on Discord and in the discussion forums is voluntary, but we encourage participation to get to know everyone else taking the course. We, the instructors and TAs, will answer your questions on both platforms of course.
Academic Policy
The course follows the academic policy of TU Graz.
Osoba prowadząca kurs
Daniel Gruß
Daniel Gruss (@lavados) is a University Professor at Graz University of Technology. He loves teaching and research of system-level topics, including side channels and transient execution attacks. He implemented the first remote fault attack running in a website, known as Rowhammer.js. His research team was one of the teams that found the Meltdown and Spectre bugs, published in early 2018. In 2023, he received an ERC Starting Grant to research the sustainability of security. He frequently speaks at top international venues.
Zaloguj się i zapisz Kurs rozpoczyna się w dniu 3 listopada 2025. Obecnie: 0 Uczestnicy
Bezpłatny dla wszystkich € 0.00
Partnerzy
Graz University of Technology
Graz