Between Physical and Sofware: Fault Attacks, Side Channels, and Mitigations

In this course, we build upon the knowledge we built up on cache side-channel attacks and transient-execution attacks, as well as the side-channel and security mindset. We again go beyond software-based side-channel attacks and now study software-based fault attacks. Fault attacks (sometimes also called active side-channel attacks ) are an incredibly powerful means to attack a system. Instead of just leaking secrets from an application or device, fault attacks actively manipulate the application or device to induce incorrect behavior which lets the attacker again leak secrets or fully take over control and subvert the application or device. We will look at fault attacks that can be triggered from software, namely Rowhammer and Plundervolt. We will then draw the connection between these attacks and transient-execution attacks that share some similarities. You will implement some of these attacks yourself and learn how they are mitigated.

- Episode 1: Sledge Hammer!

Attackers can fault hardware from software using Rowhammer.

- Episode 2: Under Voltage

Plundervolt similarly can induce faults.

- Episode 3: Load Value Inception

Injecting false values also works in the transient domain and without any physical fault.

- Episode 4: Power Leakers

Software exposes power consumption interfaces, enabling leakage.

- Episode 5: Hardware Leaks and Software Leaks

The page cache can be used for attacks similar to hardware caches.