Side Channel Security Basics
Offered By: Graz University of Technology via edX
Course Description
Overview
Side channels are everywhere. They allow attackers to steal secret information that is protected and never directly exposed to the attacker. They are incredibly powerful and have disrupted the world in the last years, especially with attacks like Meltdown and Spectre that impacted most computers on the planet. You have also likely seen side channels and used them already yourself.
In this program, consisting of two courses, you will learn and practice the side-channel mindset , understand how to spot side channels in the real-world and how to use them in non-technical and semi-technical settings. The first course will provide you with the ability to spot side channels and the security problems they introduce in your job, research, studies, and in everyday life. In both courses, you will solve simple exercises using side channels in the real world and on computer systems to practically apply the acquired skills.
The first course requires no programming skills and has an entirely web-based exercise. In the second course, you will need basic programming skills (reading C code is required). We will provide you with all basics beyond that, including basics on operating systems, computer architecture, cryptography, and most importantly side-channel analysis. You will learn and practice how basic software-based side channels work and how you can mitigate them to protect yourself as well as the hardware and software you develop. We will provide you with Docker containers (and a tutorial on how to use them), to run the exercises on your own computer.
Daniel Gruss is a internationally renowned expert in side-channel research and has written many seminal works in this field and presented them at renowned international conferences, especially on transient-execution attacks that affected the entire industry and defenses that have been implemented in all operating systems.
Syllabus
Course 1: Side-Channel Security: Developing a Side-Channel Mindset
Side channels are everywhere. They are incredibly powerful and have disrupted the world in the last years, especially with attacks like Meltdown and Spectre that impacted most computers on the planet. You also have seen side channels and used them already yourself. In this course, you will learn and practice the side-channel mindset and how to spot side channels in the real-world and how to use them in non-technical and semi-technical settings.
Course 2: Introduction to Software Side Channels and Mitigations
Side channels exist in the real world, but they also exist in computers and can be exploited directly from software. This is a substantial computer security problem today, that we need to learn about to be able to stop attacks. In this course, you will learn and practice basic software-based side channels and understand the thought process to utilize a side channel. You will then learn how to mitigate or avoid side channels in software.
Courses
-
Same as the prerequisite course, we do not just enumerate side-channel effects and how to exploit them. We provide you with the experience of learning about side channels, in a group of students, living in a shared appartment. Together with them you will figure out that what software side channels are, why they are relevant for cybersecurity, in particular in our modern digital lifes, where all our secrets are stored on computers that can be subverted using side channels.
In this course, we get one step closer to hugely impactful attacks like Meltdown and Spectre, which internally use side channels. We will learn about different simple software-based side channels and how they can be exploited. We will cover the basics, requiring some programming skills. We again focus on the security or side-channel mindset, as a crucial take-away for you, that you will be able to apply on a day-to-day basis in your studies, your job, and your personal life. You will extend your view on side channels and be able to assess risks in technical contexts in detail. In a set of small exercises, you will demonstrate that you understood the basics, and are able to find and exploit side channels in small software programs.
-
Side channels have become increasingly important over the past two decades in our digital world. With attacks like Meltdown and Spectre, which internally use side channels, they have gained world-wide relevance, as most computers on the planet are affected, and also the corresponding publicity. But why are side channels relevant to me? Because they are relevant to everyone!
This course is not just a list of side-channel effects and how to exploit them. We provide you with the experience of learning about side channels, in a group of students, living in a shared appartment. Together with them you will figure out that what side channels are, why they are relevant for security, how they can inadvertantly influence us or leak our own most personal secrets to others.
In this first season, we will cover the basics, without requiring any technical skills. The security or side-channel mindset we teach is still highly valuable, as it allows to assess risks both in the real world and in technical contexts. In a set of small exercises, you will demonstrate that you understood the basics, and acquired the way of thinking needed to find and exploit side channels.
A set of small exercises for this course will be solved online with no need to download anything.
Taught by
Daniel Gruss
Tags
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network