Paper Readings
For each discussion session, the whole class will be divided into three groups, and each group will be assigned a different paper to read and analyze. Throughout the semester, each student will read 7 papers, present 1 paper, and learn the 21 papers as a class. These papers are selected from top security and computer architecture conferences, covering broad hardware security topics representing the state of the art.
Paper reading assignments are comprised of two parts:
-
Two Paper Questions (0.5 pts each): You will need to answer these questions with a few sentences (graded for correctness). Note that these paper questions are not designed to be a difficult assignment. We designed these questions for the purpose of guiding you to figure out the key takeaways of the papers and inspire you to analyze their pros and cons. We strongly recommend you read the questions beforehand before delving deep into the nitty-gritty details of the papers. We hope that reading the papers with these questions in mind can make your reading more productive.
-
Discussion Question(s) (1 pt): You will submit at least one discussion question about the paper and any other questions you have when reading the paper. We will compile a list of questions for the discussion session, and the instructor will also try to answer some of the questions if they will not be discussed in class. You don’t need to provide an answer to this question.
Grading and Deadline
Each paper reading assignment is due at 5:00 PM the day before the corresponding discussion session. Half credit will be awarded if the assignment is turned in before class begins. No credit will be awarded if the assignment is turned in after class begins. For example, the reading assignment for the first discussion session is due 5 PM on Feb 28 (see Calendar). You will get half credit if you turn in the assignment before 1pm on Mar 1. And no credit after 1pm.
We will drop your lowest paper reading assignment score (out of 7).
Paper summaries will be completed on Canvas.
Papers and Reading Questions
Side Channel Attacks (March 1)
Read after February 15
| Paper | Title | Questions |
| A (Slides) | LLC Attacks are Practical | 1. In Section III-C, the authors stated that “constructing an efficient PRIME+PROBE attack on the LLC is much harder than on the L1 caches” and listed 5 challenges. Briefly describe what methods the authors use to tackle each of these challenges. 2. Consider designing a new cache that uses a secret mapping function. Specifically, given an address, it uses an encryption algorithm (with a key unknown to the attacker) to decide the cache set index. Can you come up with an approach (inspired from this paper) to construct an eviction set on this cache? Briefly describe your approach. |
| B (Slides) | Port Contention | 1. Before this paper, there existed a tool called “Covert Shotgun” by Anders Fogh. Briefly describe what “Covert Shotgun” does. List the open questions of “Covert Shotgun” and the answers to these questions from this paper. 2. In Section IV-A, the authors claimed PortSmash has many advantages compared to existing cache-based attacks, in terms of detectability and spatial resolution. Can you think of any weaknesses of PortSmash when comparing it with cache-based attacks? |
| C (Slides) | HertzBleed | 1. The authors designed a series of experiments to reverse engineer the power-frequency-timing relationship in a processors. List the questions that the authors try to answer for each experiment so you can see how these questions lead the authors to their key findings. 2. Compare the HertzBleed attack and the cache-based attack discussed in the class, comment on whether it is more difficult to defend against HertzBleed or not. Why and why not?” |
Side Channel Analysis (March 6)
Read after February 22
| Paper | Title | Questions |
| A (Slides) | Pandora’s Box | 1. Use the microarchitectural leakage descriptors to understand the following microarchitecture optimization: cache compression. In conventional caches, the size of a physical entry in the data array generally matches the size of the cache line. In compressed caches, however, a single data entry can contain the data of multiple lines. Consider a compression algorithm that only compress a cache line if the line has at most one non-zero bit. Which entry in Table 1 should be marked as Unsafe for this mechanism? Estimate the potential leakage bandwidth. 2. Now that you have tried to use the microarchitecture leakage descriptors in the last question. Do you understand better their motivation of designing this descriptor and do you see any pros and cons of the descriptor? |
| B (Slides) | Speculative Interference Attacks | 1. Come up with another variation of speculative interference attack by exploiting cache bank conflicts. Assume the L1 cache is divided into two banks, and the 13th LSB is used to select which bank to access. Write down the pseudo-code which should be in a similar format as the ones in Figures 3-5, mark which instructions are interference target and which are interference gadgets, and provide a brief explanation on how the timing of the interference target becomes secret-dependent. 2. With the understanding of speculative interference attacks, do you see more clearly what security properties that invisible speculation schemes tried to achieve and why they failed to do that? |
| C (Slides) | Type Confusion Attacks | 1. If you are given a program (both its source code and assembly code), can you design a detection tool to determine whether it is vulnerable to speculative type confusion attack or not? Describe the code or execution patterns that your tool will look for. 2. In Section 1.1, the authors stated that speculative type confusion vulnerabilities can be divided into three subtypes. Compare and rank them in terms of how difficult to exploit each subtype. Explain your reasoning behind your ranking. |
Side Channel Defenses (March 8)
Read after February 28
| Paper | Title | Questions |
| A | GLIFT | 1. What problem occurs when directly using the gate-level information flow tracking mechanism to track implicit flows? How does the paper address this problem when handling conditional branches? 2. Think about when the authors designed the air-tight information flow tracking microprocessor, what scenarios do they target. Can you think of any key bottlenecks or pitfalls when people this machine? |
| B | STT | 1. Carefully think about the security property that STT tries to achieve. Does the security goal of STT include preventing secret key leakage within a cryptographic program which adopts constant-time programming (i.e., no secret-dependent branchs and no secret-dependent memory accesses)? Explain why or why not. 2. The paper provides a two-dimension classification on implicit channels, a) whether it is an explicit branch or an implicit branch, and b) whether it is a prediction-based leakage or resolution-based leakage. Consider a hardware optimization called “memory dependency prediction” as follows. Consider the code “St x, [addr1], Ld [addr2], y”. During execution, when the addr1 is not resolved yet, but addr 2 is resolved, the processor makes a prediction on whether “addr1==addr2” based on the PC of the load instruction. If the prediction is true, the load will be delayed until the address of the store is resolved. Otherwise, the load will be issued speculatively. In the latter case, if the prediction turns out to be an incorrect one, the load will be squashed and re-executed. Think about this scheme, which boxes in Figure 4 it falls into, and briefly explain your answer. |
| C | Skewed-CEASER | 1. How does the new design, Skewed-CEASER, mitigate the two attacks presented in Section 3 and 4? 2. The paper presents a security analysis of Skewed-CEASER with some implicit assumptions about how the attack should be performed. Can you list these assumptions explicitly and comment on whether all the assumptions are reasonable or not? Is it possible that the analysis may become invalid if some of the assumptions are not satisfied? |
Physical Attacks (April 3)
Read after March 15
| Paper | Title | Questions |
| A | CLKSCREW | 1. Explain how the data in Figure 5 is used in the CLKSCREW attack. 2. When performing the two attacks, the authors spent a lot of effort to determine when to inject the faults, the parameter F_pdelay. What factors make this parameter so difficult to determine? |
| B | SRAM Coldboot | 1. We can carry out a successful Volt Boot attack and leak useful information only if the target SoCs satisfy a few requirements. Which requirements(s) do you think play the most important role? 2. Think about the security implications of this attack. Give an example of a security mechanism which falls apart when the Volt Boot attack is considered. |
| C | Light Commands | 1. Before conducting and evaluating the attacks, in Section 4 the authors first perform a detailed characterization of how sound converts to lasers and then received by microphones. Among these experiements, what are the key parameters that the authors try to figure out. 2. Does this paper inspire you to think about other variations of attacks that share similar flavors by mixing different types of signals? |
Rowhammer Defenses (April 5)
Read after March 22
| Paper | Title | Questions |
| A | Graphene | 1. How does Graphene manages to track precisely all DRAM rows that have been activated more times than a certain threshold with a much lower area cost than prior work? Briefly summarize the key technique in the paper. 2. As the technology trend exhibits, the threshold for triggering a bitflip in recent DRAMs is reduced from 50K to 1K. Calculate how the number of entries in the table should change accordingly. You can use the other parameters from the paper. Do you think Graphene is a scalable scheme? |
| B | Revisiting Residue Codes for Modern Memories | 1. Residue codes have been traditionally used for computation error correction. What prevents it from being used for storage error correction in memory? 2. The paper stated that comparing to Chipkill ECC, we can benefit from using the MUSE ECC in multiple contexts. Give one example of such a context and briefly describe why MUSE ECC works better. |
| C | REGA | 1. REGA needs to generate an extra row refresh in parallel with an existing row activation (Figure 6). What timing constraints do we have on the two operations (i.e., the refresh and the activation) to not violate the standard DRAM timings? What extra hardware do they need for this purpose? 2. Analyze how REGA scales with the threshold. Which types of overhead scale well and which do not scale that well? |
Memory Safety Mitigations (May 3)
Read after April 12
| Paper | Title | Questions |
| A | PACMem | 1. PACMem uses a birthmark to catch temporal memory safety violation. Describe how the birthmark is generated, how to perform the check, and how it handles PAC collision. 2. How can false positives and false negatives happen when using an address sanitizer? Why does PACMem perform better than prior work on false positives/false negatives? |
| B | HAKC | 1. HAKC uses a two-level compartmentalization policy with cliques and compartment. What is the difference(s) between cliques and compartment? How can such a two-level design address the problems due to the limited number of colors in ARM MTE? 2. Does there exist attacks that HAKC cannot protect against? Provide a high-level description of an example. |
| C | CHERI | 1. Compatibility is an important property for adopting hardware security features. How can CHERI allow legacy references and constrain them by the capability memory model? 2. Do you think it is feasible to use CHERI to support temporal memory safety or not? What challenges do you forsee for designing such a scheme? If you do not think there exists any challenge, provide a brief description of a tentative design. |
Hardware Bugs, Fuzzing, and Verification (May 10)
Read after April 19
| Paper | Title | Questions |
| A | Silifuzz | 1. What kind of failure problem does SiliFuzz try to detect? This type of failures are affected by multiple other factors, in addition to the instructions executed on the processors, and these factors make the testing take an extensive amount of time. What are these factors? 2. The paper uses a technique called “fuzzing by proxy”. What proxy do they use? What are the pros and cons of using that proxy for the problem targeted in this paper? |
| B | Revizor | 1. Revisor generates instruction sequences, then runs the sequences on a emulated contract machine and a real processor to see whether the real processor violates the emulated contract. When generating these instruction sequences, one of the challenges is the intractable search space. How did the authors address this challenge? 2. Which group of people could be the targeted users of Revizor? |
| C | SPECS | 1. One of the key challenges in the paper is to derive invariants from the erratas. The invariants, if not defined property, can introduce false detections and missing detections. Give two examples, one for false detection, and one for missing detection. You can describe examples from the paper or come up with high-level examples based on your understanding of the paper. 2. Is there anything that SPECS can be improved? No need to be comprehensive. Just briefly describe one aspect that you would like to see SPECS to be improved upon.” |