Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Course Project

Student can optionally substitute labs 4-6 with an open-ended course project on hardware security. The project can be related to your current research (subject to instructor approval).

If you choose to do a course project, you will first need to send an email to Mengjia and schedule a short meeting to discuss what project you would like to pursue. To allow for sufficient time to discuss/agree on the project, this meeting should be held before the start of spring break.

After we converge on the project, you are ready to start the 2-month project. There are several deliverables you will need to provide, as follows.

Project Proposal (April 5, 20%)

A 2 page (single-spaced) description of the project you aim to complete, including a brief discussion on the background, motivation, related work, goal, and expected outcome. The expected outcome should form the bulk of your proposal (at least half a page) and should present concrete details about your plan and final deliverable, including the tools and platforms you plan to use. References should be included, and are not included towards your page count.

Weekly Reports (Weekly on Fridays, 10%)

A short paragraph (3-5 sentences) describing what you accomplished in the past week and the current state of your project. Please also note if you have run into any difficulties or need help. Due every week apart from the weeks when the mid-term report and the final report are due: April 14, April 21, May 5, and May 12.

Mid-term Report (April 28, 15%)

A report (no set page limit) describing your project’s progress, outlining:

  1. A high-level summary of your project.
  2. Current progress and preliminary results.
  3. Your plan for the remaining 2.5 weeks.
  4. (Optional) A discussion of the technical challenges, how you’re addressing these challenges, and any other things you’ve learned so far from the project.

Final Report (May 15, 35%)

A report (no set page limit) with the following sections:

  1. Introduction
  2. Background
  3. Overview, Approaches, Challenges, Technical Details
  4. Evaulation and Results
  5. Potential Future Work
    • Any goals that you planned to achieve but could not complete (Note that you will not lose points for this).
    • If you finished all your goals, describe how you would extend the project given more time.
    • Your estimation of the challenges and difficulties in achieving these goals.
  6. Conclusion
  7. Appendix: Lessons learned, any other subsequent discussion.

Final Presentation (May 15, 20%)

A 15 minute presentation, presented to the class on May 15, using the following format:

  1. Background
  2. Project Overview
  3. Results (demo optional), it is important to explain the experiment setup and the results clearly.
  4. Challenges and Lessons Learned
  5. Questions

Past Projects

Below are some good examples of projects from Fall 2020 you can use as inspiration for your project.


Jack Cook

Side channels attacks are an elementary type of attack that can be exploited on basically any modern computer system. They rely on the fact that computers are required to share resources in order to be practical and economically viable. This shared resource can be anything from cache contention, to power usage, to network latency.

For this project, I originally took advantage of the cache contention side channel. I collected traces in the form of cache contention over time, known as a “memorygram,” and opened new tabs in my browser while these traces were being collected. After training a model on a large collection of memorygrams, I was able to predict new tabs that people opened in their browsers. When distinguishing between 10 websites, we were able to reach 97% accuracy, and when distinguishing between 100 websites, we reached 75% accuracy. This work demonstrates why side channel attacks are practical to exploit from JavaScript, and how we can defend against them.

Read the paper

Read the keynote

FPGA Power Side Channels

Brandon John

FPGAs have started appearing in datacenters such as AWS, allowing users to rent time on FPGAs to help with their heavy compute tasks. These FPGAs vary, with one variant being built as an SoC (System on Chip) with a processor and FPGA fabric in one package. There can also be scenarios where users can rent a portion of an FPGA, and another user uses another portion of said FPGA. In this scenario presumably the two users would have all signals isolated from each other, but would share voltage supply rails and other ambient conditions. Both of these scenarios share one key detail: the FPGA logic is supplied by a voltage rail that can be dependent on the activity of its neighbors. This shared rail allows for a power side-channel attack to covertly extract data.

Read the paper

Watch the keynote