Side Channel Security – Transient Execution and Fault Attacks

In this program, you will learn about more advanced attacks in the space of side-channel security: transient-execution attacks and fault attacks. In the first course. we will focus on transient execution (and speculative execution) and how it can introduce data (not meta-data!) leakage. We will use side channels to exfiltrate data and transmit it to an attacker-controlled application. We will learn about the most prominent of transient-execution attacks: Meltdown, Spectre, Foreshadow, and ZombieLoad. These attacks are so powerful that they can leak arbitrary secret data, including cryptographic keys, all without physical access. In a set of small exercises, you will implement some of these attacks. You will understand the connection between these attacks and side-channel attacks. You will gain deep understanding of the microarchitecture of modern processors, out-of-order execution pipelines, transient-execution attacks and potential mitigations against them.

In the second course, we will then focus more on fault attacks, in particular Rowhammer and Plundervolt. These attacks go beyond leaking information but instead we will manipulate data. These fault injection mechanisms are triggered purely from software and allows us to manipulate control flow, secret keys, and system security mechanisms, to fully subvert systems and bring them under our control. You will understand how these attacks can be mounted, and how they can be mitigated to allow you to develop hardware and software resilient to transient-execution and fault attacks. As an advanced topic in this block, we will also mount software-based differential power analysis attacks (DPA), following a similar methodology as for the physical side-channel attacks, leaking cryptographic keys. Again we will disucss what the countermeasures against these attacks are.

In both courses, you will practically apply the acquired skills in simple exercises based on measurements you perform on your own computer or measurements we obtained from physical devices, that we provide to you. Both courses require programming skills (C, C++, Python). We will provide you with the knowledge required beyond these, including basics on operating systems, computer architecture, and hardware design.

Daniel Gruss is an internationally renowned expert in side-channel research and has written many seminal works in this field and presented them at renowned international conferences, especially on transient-execution attacks that affected the entire industry and defenses that have been implemented in all operating systems.

Courses under this program:
Course 1: Transient-Execution Attacks: Understanding Meltdown and Spectre

Beyond software-based side-channel attacks there is a new class of attacks called transient-execution attacks. These attacks go beyond leaking meta-data and directly retrieve secret data but they use side channels as an data exfiltration mechanism to transmit the secret data to an attacker-controlled application. We will look at the most prominent of these attacks: Meltdown, Spectre, Foreshadow, and ZombieLoad. You will implement some of these attacks yourself and learn how to mitigate them.

Course 2: Between Physical and Sofware: Fault Attacks, Side Channels, and Mitigations

Fault attacks (sometimes also called active side-channel attacks ) are a very powerful means that goes beyond just leaking secrets from an application or device, to actively manipulating it. We will look at fault attacks that can be triggered from software, namely Rowhammer and Plundervolt. We will also learn that some transient-execution attacks have some similarities to fault attacks. You will implement some of these attacks yourself and learn how they are mitigated.