Side-Channel Security: Understanding and Defending Against Side Channels and Fault Attacks

Understanding and Defending Against Side Channels and Fault Attacks

Side channels are subtle and powerful mechanisms that leak sensitive information through indirect means, such as timing, power usage, or memory access patterns. These channels have played a crucial role in some of the most impactful security vulnerabilities in recent years, including Meltdown and Spectre.

This comprehensive program, taught by internationally renowned expert Daniel Gruß, consists of six interconnected courses that provide a practical and in-depth exploration of side-channel and fault attacks. It is designed for students, researchers, and professionals who want to understand how such attacks work and how to defend against them in both software and hardware.

You will learn to:

• Spot and exploit real-world side channels in technical and non-technical settings.
• Understand and implement core side-channel techniques using caches, timing, and power analysis.
• Analyze transient-execution attacks like Meltdown, Spectre, and ZombieLoad, and understand their root causes in modern processor microarchitecture.
• Explore fault attacks such as Rowhammer and Plundervolt that allow data manipulation and full system compromise.
• Apply differential power analysis techniques in both physical and software-based contexts to extract cryptographic secrets.

The program progresses from foundational to advanced topics:

• Courses 1–2:
  (Side-Channel Security: Developing a Side Channel Mindset | Introduction to Software Side Channels and Mitigations):
  No programming skills required in the first course; basic technical background in the second. Focus on recognizing and applying side-channel concepts in real-world scenarios through web-based and hands-on exercises.
  
  
• Courses 3–4
  (Cache Side-Channel Attacks and Mitigations | Physical and Advanced Side-Channel Attacks):
  Cover software side channels using simple C-based exercises, with Docker-based lab setups. Learn about operating systems, computer architecture, cryptography, and mitigation strategies.
  
  
• Courses 5–6
  (Transient Execution Attacks Understanding Meltdown and Spectre | Between Physical and Software: Fault Attacks, Side Channels, and Mitigations):
  Dive into advanced attacks—transient execution, fault injection, and software-based DPA—requiring programming in C/C++/Python and deeper architectural insights.

All courses include practical exercises performed on your own computer or with provided measurement data from physical devices. You’ll be guided through the required technical background, from software and hardware basics to specialized topics like out-of-order execution and secure system design.

This program equips you with the skills and mindset to detect, understand, and mitigate side channels and fault attacks, preparing you to secure modern computing systems at all levels.