Graz University of Technology: Cache Side-Channel Attacks and Mitigations
Software-based side-channel attacks can pose a severe security threat in practice. In this course, we focus on a particularly prominent case: caches and cache side-channel attacks and we will go beyond the basic Flush+Reload attack. You will work with different cache side channels and understand where timing differences in architectures originate. You will learn which mechanisms can mitigate specific side-channel techniques in practice.
Cache Side-Channel Attacks and Mitigations
About this courseSkip About this course
In this course, we build upon basic knowledge of software-based timing and cache attacks as well as the side-channel mindset. Same as in the prior courses, we do not just enumerate side-channel effects but we provide you with the experience of discovering side channels yourself in a group of students, living in a shared appartment. We dive deeper into the microarchitecture and get an in-depth understanding of virtual memory and caches in the course. We will learn about different cache side channels, such as Flush+Flush, Evict+Reload, and Prime+Probe. This requires some skills in reading and writing code, mainly C code. You will learn which attacks are relevant in the concrete native and virtualized environments you are working with, contributing to your risk assessment skills. In a set of small exercises, you will demonstrate that you understood the virtual memory, caches, and are able to find and exploit cache side channels in small software programs.
At a glance
- Institution: TUGrazX
- Subject: Computer Science
- Level: Intermediate
Knowledge and skills from the prerequisite course Side Channel Security S2: Introduction to Software Side Channels and Mitigations.
We expect basic programming skills on a similar level as in the prerequisite course. You may have obtained these as part of a university program such as computer science or a high school degree with a focus on computer science.
- Language: English
- Video Transcript: English
- Associated programs:
- Professional Certificate in Side Channel Security – Caches and Physical Attacks
- Associated skills: Virtual Memory, Risk Analysis, Microarchitecture
What you'll learnSkip What you'll learn
- Spot and exploit side channels in cache hierarchies of concrete systems
- Use different software-based cache side channels to extract secret information
- Understand the security risks posed by cache side channels and which cache side channels can be mitigated in practice
- Episode 1: Down the Rabbit Hole
The flatmates figure out how virtual addresses and caches work and they start realizing which timing differences might be hidden in there.
- Episode 2: Gone with the Flush
The flatmates discover the Flush+Flush and Evict+Reload attacks and learn a lot about how cache replacement works.
- Episode 3: Optimus Prime+Probe
The flatmates discover the Prime+Probe attack. They realize that it works in cases where Flush+Reload does not work and believe it is something completely new.
- Episode 4: Jonas and the Template of Doom
The flatmates realize that they can scan binaries for cache activity and automatically build cache side-channel attacks with that, forming the concept of Cache Template Attacks. In the end, upon Jonas' suggestion, they retrieve the Template of Doom; but they also attack AES for instance.
- Episode 5: Drama with Manuel
Manuel hurt his leg and cannot move. The timing differences he introduces in the flat activity inspire the discovery of DRAM Addressing (DRAMA) side channels.