Skip to main content

TUGrazX: Between Physical and Sofware: Fault Attacks, Side Channels, and Mitigations

Fault attacks (sometimes also called active side-channel attacks ) are a very powerful means that goes beyond just leaking secrets from an application or device, to actively manipulating it. We will look at fault attacks that can be triggered from software, namely Rowhammer and Plundervolt. We will also learn that some transient-execution attacks have some similarities to fault attacks. You will implement some of these attacks yourself and learn how they are mitigated.

Between Physical and Sofware: Fault Attacks, Side Channels, and Mitigations
10 weeks
3–4 hours per week
Self-paced
Progress at your own speed
Free
Optional upgrade available

There is one session available:

After a course session ends, it will be archivedOpens in a new tab.
Starts Apr 25
Ends Jun 6
Enroll
Between Physical and Sofware: Fault Attacks, Side Channels, and Mitigations

About this course

Skip About this course

In this course, we build upon the knowledge we built up on cache side-channel attacks and transient-execution attacks, as well as the side-channel and security mindset. We again go beyond software-based side-channel attacks and now study software-based fault attacks. Fault attacks (sometimes also called active side-channel attacks ) are an incredibly powerful means to attack a system. Instead of just leaking secrets from an application or device, fault attacks actively manipulate the application or device to induce incorrect behavior which lets the attacker again leak secrets or fully take over control and subvert the application or device. We will look at fault attacks that can be triggered from software, namely Rowhammer and Plundervolt. We will then draw the connection between these attacks and transient-execution attacks that share some similarities. You will implement some of these attacks yourself and learn how they are mitigated.

At a glance

  • Institution: TUGrazX
  • Subject: Computer Science
  • Level: Advanced
  • Prerequisites:

    Knowledge and skills from the prerequisite courses Side Channel Security S3: Cache Side-Channel Attacks and Mitigations , Side Channel Security S4: Physical and Advanced Side-Channel Attacks , and Side Channel Security S5: Transient-Execution Attacks are strongly recommended.

    We expect C and C++ programming skills on a similar level as in the prerequisite course. You may have obtained these as part of a university program such as computer science or a high school degree with a focus on computer science.

What you'll learn

Skip What you'll learn

- Understand different methods to induce hardware faults from software on modern computers
- Understand how these faulting mechanisms can undermine a system's security
- Understand the security risks posed and how fault attacks can be mitigated

Syllabus

Skip Syllabus

- Episode 1: Sledge Hammer!

Attackers can fault hardware from software using Rowhammer.

- Episode 2: Under Voltage

Plundervolt similarly can induce faults.

- Episode 3: Load Value Inception

Injecting false values also works in the transient domain and without any physical fault.

- Episode 4: Power Leakers

Software exposes power consumption interfaces, enabling leakage.

- Episode 5: Hardware Leaks and Software Leaks

The page cache can be used for attacks similar to hardware caches.

Who can take this course?

Unfortunately, learners residing in one or more of the following countries or regions will not be able to register for this course: Iran, Cuba and the Crimea region of Ukraine. While edX has sought licenses from the U.S. Office of Foreign Assets Control (OFAC) to offer our courses to learners in these countries and regions, the licenses we have received are not broad enough to allow us to offer this course in all locations. edX truly regrets that U.S. sanctions prevent us from offering all of our courses to everyone, no matter where they live.

This course is part of Side Channel Security – Transient Execution and Fault Attacks Professional Certificate Program

Learn more 
Expert instruction
2 skill-building courses
Self-paced
Progress at your own speed
5 months
3 - 4 hours per week

Ways to take this course

Choose your path when you enroll.

Certificate

Free

Price

$129 USD

-

Access to course materials

Unlimited

Limited

Expires on Jul 4

World-class institutions and universities

edX support

Shareable certificate upon completion

Graded assignments and exams

Read our FAQsin a new tab about frequently asked questions on these tracks.

Interested in this course for your business or team?

Train your employees in the most in-demand topics, with edX For Business.
Purchase nowRequest information