Course Notes and Reading List
All content on this website, including the calendar, is subject to change.
Highlighted rows are days where paper summaries should be submitted. |
Table of contents
- Introduction
- Side Channels + Transient Execution Attacks
- Side Channel Defenses
- Physical Attacks
- Secure Hardware
- Rowhammer
- Memory Safety
- Miscellaneous
Introduction
Date | Readings | Notes |
---|---|---|
Mon Jan 31 | Optional: Introduction to Security for Computer Architecture | |
Wed Feb 2 | Optional: Wojtczuk et al. Attacking Intel TXT® via SINIT code execution hijacking. 2011 | |
Fri Feb 4 | Optional: Mindshare: Hardware Reversing with the TP-LINK TL-WR841N Router |
Side Channels + Transient Execution Attacks
Date | Readings | Notes |
---|---|---|
Mon Feb 7 | Optional: Genkin et al. Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels | |
Wed Feb 9 | Percival, Colin. Cache missing for fun and profit. (2005). Optional: Liu et al. Last-level cache side-channel attacks are practical. S&P, 2015. | |
Mon Feb 14 | Summary Required: Vicarte et al. Opening Pandora’s Box: A Systematic Study of New Ways Microarchitecture Can Leak Private Data | |
Wed Feb 16 | Kocher et al. Spectre attacks: Exploiting speculative execution. S&P. 2019. | |
Fri Feb 18 | ||
Wed Feb 23 | Summary Required: An Analysis of Speculative Type Confusion Vulnerabilities in the Wild, USENIX’21 |
Side Channel Defenses
Date | Readings | Notes |
---|---|---|
Mon Feb 28 | Summary Required: Narayan et al. Swivel: Hardening WebAssembly against Spectre Optional: Speculative Load Hardening, LLVM |
|
Wed Mar 2 | Tiwari et al. Complete information flow tracking from the gates up. ASPLOS. 2009. Guarnieri et al. Hardware-Software Contracts for Secure Speculation. arXiv preprint. 2020. | |
Mon Mar 7 | Summary Required: MIRAGE: Mitigating Conflict-Based Cache Attacks with a Practical Fully-Associative Design |
|
Physical Attacks
Date | Readings | Notes |
---|---|---|
Wed Mar 9 | Optional: I, For One, Welcome Our New Power Analysis Overlords (BlackHat 2018) | |
Mon Mar 14 | Summary Required: PLATYPUS: Software-based Power Side-Channel Attacks on x86; SP’21 Optional: Zhao et al. FPGA-based remote power side-channel attacks. S&P. 2018. |
|
Secure Hardware
Date | Readings | Notes |
---|---|---|
Wed Mar 16 | Costan et al. Intel SGX Explained. IACR. 2016. Focus on the following sections:
| |
Mon Mar 28 | ||
Wed Mar 30 | Summary Required: SRAM Has No Chill: Exploiting Power Domain Separation to Steal On-chip Secrets, ASPLOS’22 |
|
Rowhammer
Date | Readings | Notes |
---|---|---|
Mon Apr 4 | Summary Required: Pthammer: Cross-user-kernel-boundary rowhammer through implicit accesses Optional: Kwong et al. Rambleed: Reading bits in memory without accessing them. S&P. 2020. Optional: Islam et al. SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks. USENIX. 2019. |
|
Mon Apr 11 | Summary Required: Park et al. Graphene: Strong yet Lightweight Row Hammer Protection. MICRO. 2020. |
|
Memory Safety
Date | Readings | Notes |
---|---|---|
Wed Apr 13 | Szekeres et al. SoK: Eternal war in memory. S&P. 2013. Optional: Pointer Authentication on ARMv8.3 | |
Wed Apr 20 | Summary Required: Göktas et al. Speculative Probing: Hacking Blind in the Spectre Era |
|
Wed Apr 27 | Summary Required: Woodruff et al. The CHERI capability model: Revisiting RISC in an age of risk. ISCA. 2014. |
|
Miscellaneous
Date | Readings | Notes |
---|---|---|
Mon May 2 | Revizor: Testing Black-box CPUs against Speculation Contracts, ASPLOS’22 | |
Mon May 9 | Summary Required: Uncovering Hidden Instructions in ARMv8-A Implementations Optional: Breaking the x86 Instruction Set |
|