---

About the Course

This course will discuss the intersection of security and hardware. This is an extremely broad topic, and we'll focus on a specific set of six sub-topics in detail during the class. The course will spend 3 classes (4-6 papers) on each topic:

• Caches (Attacks, and secure cache designs)
• Rowhammer
• Speculative Execution
• Trusted Execution
• Fault attacks
• Emerging microarchitectural threats
• Cyber-physical systems and IoT

Class will be in-person, and since is mostly discussion it will be critical to attend. We will adapt as needed, but class is not planned to be hybrid at this time.

There are four parts to the course: reading papers (~3 / week), generating questions based on these papers, presenting and guiding discussion of papers, and a major project.

During the course you will be required to lead/co-lead several paper discussions. This will entail synthesizing discussion topics from both the paper itself, and from questions and point supplied by your classmates.

Finally, there is a quarter-long project you'll propose and complete during the course. This project will need to have a security impact, with a hardware aspect being a critical component. This is super broad, and there is more detail below.

Prerequisites

The course will assume a familiarity with security concepts such as threat models, software-based exploitation, and defensive programming. It will also assume a basic understanding of computer architecture, such as caching, multi-core systems, and memory systems. A strong grounding in at-least one of these two sub-areas is strongly recommended.

Class materials

There is no textbook for the course. All course discussions will be based on readings of academic papers, community writings, etc. There will be supplimental readings supplied for most topics as well, these are optional.

Slides (at least from lecture days) will be posted to here.

Discussion Board

There will be an ed discussion board available for questions that come up during readings.

Summary and Discussion Questions

For each class, you will need to write up some thoughts and questions on the assigned papers. The goal is twofold: to make sure you have time to digest the papers before class, and to 'crowd-source' some interesting questions for class.
These questions are due at 8am PT the day of class. This is so your classmates can sort through them prior to class.
Submission will be via hotcrp

In-class Discussion Leadings

You will be required to lead several paper discussions throughout the course. Leading discussion has two parts:

• A short (10-15 minute) presentation summarizing the paper's contributions.
• Preparing a series of discussion questions and topics for the class, derived from the questions and topics submitted by the class.

Grading and Evaluation

• (30%) Leading at least N paper discussions (N TBD)
• (10%) Engaging in class discussions about papers
• (20%) Submitting per-class notes on readings, due Friday and 8am.
• (40%) Final Project, see notes below. Can be done solo or in pairs.

Date	Topic	Readings	Assignments
Week 1
03/28/2022	Course overview, whirlwind tour of hardware security.	Intel's guide to side-channels
03/30/2022	Caches - Day 1	CACHE MISSING FOR FUN AND PROFIT
Week 2
04/04/2022	Caches - Day 2	S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES CATalyst: Defeating Last-Level Cache Side Channel Attacks in Cloud Computing	Questions due 8am
04/06/2022	Caches - Day 3	Attack Directories, Not Caches: Side Channel Attacks in a Non-Inclusive World	Questions due 8am
Week 3
04/11/2022	Speculation - Day 1	Reading privileged memory with a side-channel OPTIONAL: DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors
04/13/2022	Speculation - Day 2	RIDL: Rogue In-flight Data Load OPTIONAL: A Systematic Evaluation of Transient Execution Attacks and Defenses OPTIONAL: Speculative Probing: Hacking Blind in the Spectre Era	Questions due 8am
Week 4
04/18/2022	Speculation - Day 3 (On Zoom)	Automatically Eliminating Speculative Leaks from Cryptographic Code with Blade OPTIONAL: Speculative Data-Oblivious Execution	Questions due 8am
04/20/2022	Rowhammer - Day 1 (On Zoom)	Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors OPTIONAL: Using Memory Errors to Attack a Virtual Machine	Project proposal due FRIDAY at 11:59pm PT
Week 5
04/25/2022	Rowhammer - Day 2	TRRespass: Exploiting the Many Sides of Target Row Refresh OPTIONAL: Drammer: Deterministic Rowhammer Attacks on Mobile Platforms	Questions due 8am
04/27/2022	Rowhammer - Day 3	Graphene: Strong yet Lightweight Row Hammer Protection	Questions due 8am
Week 6
05/02/2022	Trusted Execution - Day 1	Trusted Execution Environments: Properties, Applications, and Challenges Building Open Trusted Execution Environments OPTIONAL:Demystifying Arm TrustZone: A Comprehensive Survey
05/04/2022	Trusted Execution - Day 2	Komodo: Using verification to disentangle secure-enclave hardware from software OPTIONAL: Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX	Questions due 8am
Week 7
05/09/2022	Trusted Execution - Day 3	FORESHADOW: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution OPTIONAL: SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control	Questions due 8am
05/11/2022	Fault Attacks and Embedded Systems - Day 1	Fault Attacks on Secure Embedded Software: Threats, Design and Evaluation
Week 8
05/16/2022	Fault Attacks and Embedded Systems - Day 2	Glitching Demystified: Analyzing Control-flow-based Glitching Attacks and Defenses	Questions due 8am
05/18/2022	Fault Attacks and Embedded Systems - Day 3	One Glitch to Rule Them All: Fault Injection Attacks Against AMD’s Secure Encrypted Virtualization	Questions due 8am
Week 9
05/23/2022	Cancelled!
05/25/2022	Online: Emerging Threats in Microarchitecture - Day 1	Opening Pandora’s Box: A Systematic Study of New Ways Microarchitecture Can Leak Private Data
Week 10
05/30/2022	No Class: Holiday
06/01/2022	Online: Emerging Threats in Microarchitecture - Day 2	Safecracker: Leaking Secrets through Compressed Caches	Questions due 8am
Week 11
06/10/2022	Finals Week end		Final project due (11:59pm)

Project Details

Projects may take several different forms, but all are expected to be larger and ideally workshop-paper quality/quantity. I'll post some ideas to the class in the first week.

Broadly, some spaces you might consider are:

• Novel attacks/defenses
  • Have a neat idea for a way to break/fix software using hardware?
  • Think a defensive approach is incomplete?
• Replication studies
  • There are a thousand neat defenses that have various performance overheads, can we replicate these and evaluate them against each other more comprehensively?
  • Take attacks that are described, but not released, and build reusable demos for them.
• Engineering projects
  • Build on top of some existing project.
  • Add to or majorly improve some attack/RE tooling (libtea/mastik/RevANC/etc)
  • Add features or harden Keystone or similar projects

Project Proposal

You will need to write up a document detailing your project proposal and plans. This should be about 1 page with reasonable formatting (LaTeX, Word, google Docs, etc.) You should include:

• The goals of your project: what it is that you hope to accomplish.
• The methodology you will use: what are the tasks you will be performing?
• The evaluation criteria you will use for your project.
• Any software or hardware you will need access to.
• Citations to relevant work.