Part 1: Introduction |
||||
|---|---|---|---|---|
| Date | Topic | Speaker | Reading | Notes |
| 9/2 (Wed) | Introduction | Mengjia |
pdf split-pdf |
|
| 9/7 (Mon) | Labor Day — No Class | |||
| 9/9 (Wed) | Secure Processors in Industry | Mengjia |
Costan et al. Intel SGX Explained. IACR. 2016. The entire paper provides good information, but our discussion will focus on the following sections:
|
pdf split-pdf |
| 9/14 (Mon) | SGX | Mengjia |
pdf split-pdf |
|
Part 2: Micro-architectural Side Channel |
||||
| Date | Topic | Speaker | Reading | Notes |
| 9/16 (Wed) | Micro-architectural Side Channel | Mengjia |
Kiriansky et al. DAWG: A defense against cache timing attacks in speculative execution processors. MICRO. 2018. Optional: Qian et al. A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. Journal of Cryptographic Engineering (2018). |
pdf split-pdf |
| 9/21 (Mon) | Traditional Side Channels | Mengjia | Percival, Colin. Cache missing for fun and profit. (2005). Optional: Yarom et al. FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. USENIX Security. 2014. Liu et al. Last-level cache side-channel attacks are practical. S&P, 2015. |
pdf split-pdf Lab Assigned |
| 9/23 (Wed) | Transient Execution Attacks | Mengjia | Kocher et al. Spectre attacks: Exploiting speculative execution. S&P. 2019. Optional: Canella et al. A systematic evaluation of transient execution attacks and defenses. USENIX Security. 2019. |
pdf split-pdf |
| 9/28 (Mon) | Hardware to Enforce Non-interference | Mengjia | Tiwari et al. Complete information flow tracking from the gates up. ASPLOS. 2009. Optional: Ferraiuolo et al. HyperFlow: A processor architecture for nonmalleable, timing-safe information flow security. CCS. 2018. |
pdf split-pdf |
| 9/30 (Wed) | Transient Execution Defenses | Lindsey | Yu et al. Speculative Taint Tracking (STT) A Comprehensive Protection for Speculatively Accessed Data. MICRO. 2019. Optional: Guarnieri et al. Hardware-Software Contracts for Secure Speculation. arXiv preprint. 2020. |
pdf |
| 10/5 (Mon) | Oblivious programming | Mengjia | Cauligi et al. FaCT: a DSL for timing-sensitive computation. PLDI. 2019. Optional: Cauligi et al. Constant-Time Foundations for the New Spectre Era. PLDI. 2020. |
pdf |
| 10/7 (Wed) | Randomization | Peter |
Bourgeat et al. CaSA: End-to-end Quantitative Security Analysis of Randomly Mapped Caches. MICRO. 2020. Optional: Moinuddin K. Qureshi. New Attacks and Defense for Encrypted-Address Cache. ISCA. 2019 |
pdf Proposal Due on 10/9 (Fri) |
Part 3: Enclaves |
||||
| Date | Topic | Speaker | Reading | Notes |
| 10/12(Mon) → 10/13(Tue) | Enclave Side Channel | Mengjia |
Skarlatos et al. MicroScope: enabling microarchitectural replay attacks. ISCA. 2019. Optional: Wang et al. Leaky cauldron on the dark land: Understanding memory side-channel hazards in SGX. CCS. 2017. |
pdf |
| 10/14 (Wed) | Hardware enclave design | Damian |
Bourgeat et al. MI6: Secure enclaves in a speculative out-of-order processor. MICRO. 2019. Optional: Lebedev et al. Sanctorum: A lightweight security monitor for secure enclaves.DATE. 2019. |
pdf Lab Due |
| 10/19 (Mon) | Enclave Programmability | Vighnesh | Lind et al. Glamdring: Automatic application partitioning for intel SGX. USENIX ATC. 2017. Optional: Park et al. Nested Enclave: Supporting Fine-grained Hierarchical Isolation with SGX. ISCA. 2020. |
pdf |
Part 4: Opensource Hardware and Verification |
||||
| Date | Topic | Speaker | Reading | Notes |
| 10/21 (Wed) | Opensource TEE | Miles |
Lee et al. Keystone: An open framework for architecting trusted execution environments. EuroSys. 2020. Optional: Johnson et al. Titan: enabling a transparent silicon root of trust for Cloud. Hot Chips. 2018. |
|
| 10/26 (Mon) | ISA | Brandon |
Yu et al. Data Oblivious ISA Extensions for Side Channel-Resistant and High Performance Computing. NDSS. 2019. Optional: Zagieboylo et al. Using information flow to design an ISA that controls timing channels. CSF, 2019. |
|
| 10/28 (Wed) | Attack Synthesis | Thomas |
Trippel et al. CheckMate: Automated Synthesis ofHardware Exploits and Security Litmus Tests MICRO. 2018. Optional: Zhang et al. End-to-end automated exploit generation for validating the security of processor designs. MICRO. 2018. |
|
| 11/2 (Mon) | Verification for Side Channel Vulnerability | Jack |
Athalye et al. Notary: a device for secure transaction approval. SOSP. 2019. Optional: Guarnieri et al. Spectector: Principled Detection of Speculative Information Flows SP. 2020. |
|
Part 5: Physical Attacks |
||||
| Date | Topic | Speaker | Reading | Notes |
| 11/4 (Wed) | Power Side Channel | Maitreyi |
Zhao et al. FPGA-based remote power side-channel attacks. S&P. 2018.
Optional:
Fei et al. A Statistics-based Fundamental Model for Side-channel Attack Analysis. IACR. 2014. |
|
| 11/9 (Mon) | Rowhammer | Jongchan |
Mutlu et al. RowHammer: A retrospective. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (2019). Optional: Kim et al. Revisiting RowHammer: An Experimental Analysis of Modern DRAM Devices and Mitigation Techniques. ISCA. 2020. |
|
| 11/11 (Wed) | Veterans Day — No Class | Submit midterm project presentation slides instead of weekly report by Sunday (11/15). | ||
| 11/16 (Mon) | Modern Rowhammer | Erik |
Kwong et al. Rambleed: Reading bits in memory without accessing them. S&P. 2020. Optional: Islam et al. SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks." USENIX. 2019. |
|
| 11/18 (Wed) | Rowhammer Defense | Miles |
Park et al. Graphene: Strong yet Lightweight Row Hammer Protection. MICRO. 2020. Optional: Cojocar et al. Exploiting correcting codes: On the effectiveness of ECC memory against Rowhammer attacks. S&P. 2019. |
Mid-term Report Due on Friday (11/20) |
| 11/23 (Mon) | Thanksgiving — No Class | |||
| 11/25 (Wed) | Thanksgiving — No Class | No weekly report due this week | ||
Part 6: Memory Safety |
||||
| Date | Topic | Speaker | Reading | Notes |
| 11/30 (Mon) | Memory Safety | Mengjia |
Szekeres et al. SoK: Eternal war in memory. S&P. 2013. Optional: Oleksenko et al. Intel MPX Explained: A Cross-layer Analysis of the Intel MPX System Stack. SIGMETRICS. 2018. |
|
| 12/2 (Wed) | Randomization Techniques | Miles | Gallagher et al. Morpheus: a vulnerability-tolerant secure architecture based on ensembles of moving target defenses with churn. ASPLOS. 2019. | |
| 12/7 (Mon) | Cheri-Based Architecture | Richard | Woodruff et al. The CHERI capability model: Revisiting RISC in an age of risk. ISCA. 2014. Optional: Xia et al. Cherivoke: Characterising pointer revocation using cheri capabilities for temporal memory safety. MICRO. 2019. |
|
| 12/9 (Wed) | Final Project Presentations | |||