Introduction to Software Side Channels and Mitigations
Offered By: Graz University of Technology via edX
Course Description
Overview
Same as the prerequisite course, we do not just enumerate side-channel effects and how to exploit them. We provide you with the experience of learning about side channels, in a group of students, living in a shared appartment. Together with them you will figure out that what software side channels are, why they are relevant for cybersecurity, in particular in our modern digital lifes, where all our secrets are stored on computers that can be subverted using side channels.
In this course, we get one step closer to hugely impactful attacks like Meltdown and Spectre, which internally use side channels. We will learn about different simple software-based side channels and how they can be exploited. We will cover the basics, requiring some programming skills. We again focus on the security or side-channel mindset, as a crucial take-away for you, that you will be able to apply on a day-to-day basis in your studies, your job, and your personal life. You will extend your view on side channels and be able to assess risks in technical contexts in detail. In a set of small exercises, you will demonstrate that you understood the basics, and are able to find and exploit side channels in small software programs.
Syllabus
- Episode 1: Raiders of the Lost Account
Manuel loses access to his online account. In a search to recover it, the flat mates discover how to get from small variations in the execution to a side-channel attack on the PIN entry.
- Episode 2: Memory
Claudio runs a course grading server. Our flat mates set out to find a flaw in it and discover a new means of attacking software, by flushing and reloading memory (the so-called Flush+Reload attack).
- Episode 3: Not on my Watch
Lukas and Andreas miss a deadline and use Flush+Reload to still get a signature on their assignments even though the deadline has passed.
- Episode 4: Justice Leak
Claudio's course grading server corrupts an assignment, leading to an unfair zero points for some flat mates. They try to get justice and their points back, by using Flush+Reload again.
- Episode 5: Flush+Reload: Endgame
With all these attacks, and specific mitigations against them, the flatmates discuss possible generic mitigations against Flush+Reload.
Taught by
Daniel Gruss
Tags
Related Courses
Security Principles(ISC)² via Coursera A Strategic Approach to Cybersecurity
University of Maryland, College Park via Coursera FinTech for Finance and Business Leaders
ACCA via edX Access Control Concepts
(ISC)² via Coursera Access Controls
(ISC)² via Coursera