Cache Side-Channel Attacks and Mitigations
Course start: 3. studenoga 2025
Cache Side-Channel Attacks and Mitigations
Daniel Gruß
This course is part of a MOOC series: Side-Channel Security: Understanding and Defending Against Side Channels and Fault Attacks
Scientific classification:
Course start: 3. studenoga 2025
Cache Side-Channel Attacks and Mitigations
Daniel Gruß
This course is part of a MOOC series: Side-Channel Security: Understanding and Defending Against Side Channels and Fault Attacks
-
Scope: 5 units
-
Effort: 2 hours/week
-
Current participants: 9
-
Licence: CC BY 4.0
-
Course start: 3. studenoga 2025
-
Course end: -
-
Current status: Upcoming course
-
Available languages:
Course details
Course content
Side channels exist in the real world, but they also exist in computers and can be exploited directly from software. This is a substantial computer security problem today, that we need to learn about to be able to stop attacks. In this course, you will learn and practice basic software-based side channels and understand the thought process to utilize a side channel. You will then learn how to mitigate or avoid side channels in software.
Learning goals
After completing this course, you will:
- be able to spot side-channel leakage in simple programmes
- be able to use software-based side channels to extract secret information
- be able to connect these security risks with methods to mitigate and close side channels in software
Prerequisites
No formal prerequisites, but it is expected that you already have started to build up your side-channel security mindset, for instance via the corresponding iMooX course.
Course schedule
There are 5 parts (episodes+exercises) in this course:
- Episode 1: Down the Rabbit Hole
The flatmates figure out how virtual addresses and caches work, and they start realizing which timing differences might be hidden in there.
- Episode 2: Gone with the Flush
The flatmates discover the Flush+Flush and Evict+Reload attacks and learn a lot about how cache replacement works.
- Episode 3: Optimus Prime+Probe
The flatmates discover the Prime+Probe attack. They realize that it works in cases where Flush+Reload does not work and believe it is something completely new.
- Episode 4: Jonas and the Template of Doom
The flatmates realize that they can scan binaries for cache activity and automatically build cache side-channel attacks with that, forming the concept of Cache Template Attacks. In the end, upon Jonas' suggestion, they retrieve the Template of Doom; but they also attack AES for instance.
- Episode 5: Drama with Manuel
Manuel hurt his leg and cannot move. The timing differences he introduces in the flat activity inspire the discovery of DRAM Addressing (DRAMA) side channels.
Certificate
For actively participating in the course you will receive an automatic certificate which includes your name, the course name as well as the completed lessons. We want to point out that this certificate merely confirms that you answered at least 75% of the self-assessment questions correctly.
Licence
This work is licensed under Creative Commons - 4.0 International (CC BY 4.0)
Additional content
Discussion
If you prefer a more instant means of communication compared to the iMooX forum you can join our official community on Discord. Just visit https://discord.gg/rrbazVdAN9 and join SCS's Discord server!
Discussion Guidelines
Both Discord and the discussion forums are where you can express thoughts, develop ideas, and engage with classmates and instructors. Please review discussion postings before posting your own to avoid redundancy. When adding a forum post, mark it as a Question or a Discussion. Questions raise issues that need answers, whereas Discussions share ideas and start conversations. Do not post solutions or links to solutions to quiz questions or homework assignments anywhere. Give your message a meaningful title. Use common writing practices for online communication. Participation on Discord and in the discussion forums is voluntary, but we encourage participation to get to know everyone else taking the course. We, the instructors and TAs, will answer your questions on both platforms of course.
Academic Policy
The course follows the academic policy of TU Graz.
Course Instructor
Daniel Gruß
Daniel Gruß (@lavados) is a University Professor at Graz University of Technology. He loves teaching and research of system-level topics, including side channels and transient execution attacks. He implemented the first remote fault attack running in a website, known as Rowhammer.js. His research team was one of the teams that found the Meltdown and Spectre bugs, published in early 2018. In 2023, he received an ERC Starting Grant to research the sustainability of security. He frequently speaks at top international venues.
Partners
