Ir al contenido principal

TUGrazX: Introduction to Software Side Channels and Mitigations

Side channels exist in the real world, but they also exist in computers and can be exploited directly from software. This is a substantial computer security problem today, that we need to learn about to be able to stop attacks. In this course, you will learn and practice basic software-based side channels and understand the thought process to utilize a side channel. You will then learn how to mitigate or avoid side channels in software.

Introduction to Software Side Channels and Mitigations
10 semanas
2–3 horas por semana
A tu ritmo
Avanza a tu ritmo
Gratis
Verificación opcional disponible

Hay una sesión disponible:

Una vez finalizada la sesión del curso, será archivadoAbre en una pestaña nueva.
Comienza el 18 abr
Termina el 6 jun
Inscríbete
Introduction to Software Side Channels and Mitigations

Sobre este curso

Omitir Sobre este curso

Same as the prerequisite course, we do not just enumerate side-channel effects and how to exploit them. We provide you with the experience of learning about side channels, in a group of students, living in a shared appartment. Together with them you will figure out that what software side channels are, why they are relevant for cybersecurity, in particular in our modern digital lifes, where all our secrets are stored on computers that can be subverted using side channels.

In this course, we get one step closer to hugely impactful attacks like Meltdown and Spectre, which internally use side channels. We will learn about different simple software-based side channels and how they can be exploited. We will cover the basics, requiring some programming skills. We again focus on the security or side-channel mindset, as a crucial take-away for you, that you will be able to apply on a day-to-day basis in your studies, your job, and your personal life. You will extend your view on side channels and be able to assess risks in technical contexts in detail. In a set of small exercises, you will demonstrate that you understood the basics, and are able to find and exploit side channels in small software programs.

Curso creado con el apoyo de

Daniel Gruss

De un vistazo

  • Institution TUGrazX
  • Subject Informática
  • Level Introductory
  • Prerequisites

    Knowledge and skills from the prerequisite course Side Channel Security S1: Side Channel and Computer Security Mindset.

    We expect basic programming skills that you may have obtained as part of a university program such as computer science or a high school degree with a focus on computer science.

  • Language English
  • Video Transcript English
  • Associated programs
  • Associated skillsComputer Security, Spectre Circuit Simulator, Cyber Security

Lo que aprenderás

Omitir Lo que aprenderás

- Spot and exploit side-channel leakage in simple software programs
- Use different software-based side channels to extract secret information
- Connect these security risks with methods to mitigate and close side channels

Plan de estudios

Omitir Plan de estudios

- Episode 1: Raiders of the Lost Account

Manuel loses access to his online account. In a search to recover it, the flat mates discover how to get from small variations in the execution to a side-channel attack on the PIN entry.

- Episode 2: Memory

Claudio runs a course grading server. Our flat mates set out to find a flaw in it and discover a new means of attacking software, by flushing and reloading memory (the so-called Flush+Reload attack).

- Episode 3: Not on my Watch

Lukas and Andreas miss a deadline and use Flush+Reload to still get a signature on their assignments even though the deadline has passed.

- Episode 4: Justice Leak

Claudio's course grading server corrupts an assignment, leading to an unfair zero points for some flat mates. They try to get justice and their points back, by using Flush+Reload again.

- Episode 5: Flush+Reload: Endgame

With all these attacks, and specific mitigations against them, the flatmates discuss possible generic mitigations against Flush+Reload.

¿Quién puede hacer este curso?

Lamentablemente, las personas residentes en uno o más de los siguientes países o regiones no podrán registrarse para este curso: Irán, Cuba y la región de Crimea en Ucrania. Si bien edX consiguió licencias de la Oficina de Control de Activos Extranjeros de los EE. UU. (U.S. Office of Foreign Assets Control, OFAC) para ofrecer nuestros cursos a personas en estos países y regiones, las licencias que hemos recibido no son lo suficientemente amplias como para permitirnos dictar este curso en todas las ubicaciones. edX lamenta profundamente que las sanciones estadounidenses impidan que ofrezcamos todos nuestros cursos a cualquier persona, sin importar dónde viva.

Este curso es parte del programa Side Channel Security Basics Professional Certificate

Más información 
Instrucción por expertos
2 cursos de capacitación
A tu ritmo
Avanza a tu ritmo
5 meses
2 - 3 horas semanales

Formas de realizar este curso

Elige tu camino al inscribirte.

Verified Track

Audit Track

Costo

129 US$

Free

Acceso a los materiales del curso

Ilimitado

Limitado

Caduca el 27 jun

World class institutions and universities

Asistencia de edX

Certificado para compartir al finalizar

Tareas con calificación y exámenes

Visita la sección de Preguntas frecuentesen una pestaña nueva con preguntas frecuentes sobre estas modalidades.

¿Te interesa este curso para tu negocio o equipo?

Capacita a tus empleados en los temas más solicitados con edX para Negocios.
ComprarSolicitar información