A large number of software applications store and process valuable data. These applications are the target of a variety of attacks. One type of attacks are side-channel attacks. Side channels arise in system resources that are shared among mutually untrusting principals. Side-channel attacks are becoming increasingly sophisticated, while building efficient defenses is challenging. This course will give an overview of software-based side-channel attacks. We will study papers that describe side channels in resources, such as caches, memory, CPUs, GPUs, and network, and how attacks are designed to exploit the side channels. We will also study solutions to mitigate various side channels, which include techniques at the architecture, the OS, languages and compilers, and the application level.
Acknowledgements: UBC’s main Vancouver campus—including our classroom and other course spaces—is located on the traditional, ancestral and unceded territory of the Musqueam people. These lands have always been a place of learning for Musqueam youth, who were instructed in their culture, history, and tradition, and who in turn shared their knowledge with a new generation.
Instructor: Aastha Mehta ( <firstname>k<lastinitial> [AT] cs.ubc.ca )
Office hours: Wed, 10:30 - 11:30h PT and on demand
Teaching Assistant: Amir Sabzi ( <lastname> [AT] cs.ubc.ca )
Learning and teaching is challenging if you are not healthy, safe, and secure. If you face any challenges in CPSC 538M to your well-being, please bring them up with us! We will try to support you. (For accommodations, the minimum we guarantee is to note your concern for review at the end of the term, as we finalize course grades. More generally, we will try to be reasonable and flexible!) Also see UBC Senate's Policies and Resources to Support Student Success.
As of late August, 2021, it seems that we are still in the midst of the pandemic. Here is our situation:
Your personal health: If you’re sick, it’s important that you stay home – no matter what you think you may be sick with (e.g., cold, flu, other).
Registration: Note, the last date to add/drop out of the course is 20 Sep 2021.
Any background in security is welcome but not required. The course is intended for Masters and Ph.D. students in Computer Science, but enterprising Bachelors students who fulfill the above pre-requisites are welcome to participate.
This course is structured as a seminar. Every class, one student will present a paper, which will then be discussed in the class. Depending on the number of registered students, two students may be required to present a paper each in some classes. Before each class, all students are expected to read the paper, write a short critical review of the paper, and prepare a list of discussion points. Students should use the online Piazza class forum to seek answers on basic, clarification questions. The class discussion will focus on deeper questions. In addition, there is one assignment (first half of the term), and an exploratory project component.
Grading: Your course grade will be based on the following breakdown. The course staff reserves the right to change the scheme, but we do not anticipate using that right except in consultation with the class as a whole.
Paper reviews: Students must write a review for each paper, including (but not limited to) a summary of the problem addressed in the paper, the threat model and trust assumptions, the key ideas of the paper, the key techniques used, limitations of the paper, and potential ways to overcome the limitations.
Students must write the reviews in their own words. Any text or resources copied from another source must be appropriately cited, otherwise, it will be construed as plagiarism. Students must submit their paper reviews in PDF form via Piazza.
For the final grading on the paper reviews, we will consider top 80% of all the review scores. (The exact number of reviews to be considered will be determined after the final registration count.) The student presenting a paper need not write a review for the presented paper or submit discussion questions on Piazza.
Paper presentation: Each student must give a 45-min presentation on their paper. In case two papers are to be presented on a day, each presenter will be required to give a 30-min presentation. The class discussion will begin after all presentations, and the presenter(s) will be expected to lead the discussion.
Students are welcome to use powerpoint or a similar tool for presenting their slides. Each student must submit their presentation slides to the staff upto 30 min before the start of the class. For in-person presentation, the staff will provide a laptop, a power adapter, an HDMI connector for projection, and a presenter remote. The laptop will be set up for simultaneous online streaming and in-class projection.
The presentation will be graded based on content, clarity, delivery, and participation in the follow up discussion.
Class participation: Students can participate in discussions in class (in person or via the online chat) as well as on Piazza. If you are unable to attend a class on a given day, you can still get participation points by sharing discussion questions on Piazza before the class. Note that points will be given for quality of participation and not quantity.
Assignment(s): Assignments must be done in teams of two. All assignments will be done on Raspberry Pi boards, which will be provided to you by the staff. You are allowed to discuss the assignment with other teams via Piazza or other external communication methods. However, each team must implement the final solution and submit their report by themselves.
Project: The course project must be done in teams of 2-4. The project deliverables will include a research proposal, a final paper, and an oral presentation. At each stage of the process, we will provide detailed feedback and suggestions. See this page for some ideas.
See below for the paper schedule.
|Tue, 07/09||Imagine Day|
|Wed, 08/09||First day of regular classes|
|Thu, 09/09||Submit preferences for paper presentation slots|
|Announcement of assigned presentation slots|
|Mon, 20/09||Announcement of assignment|
|Course add/drop deadline|
|Thu, 30/09||National Day for Truth and Reconciliation (UBC closed)|
|Wed, 08/10||Assginment due|
|Mon, 11/10||Thanksgiving (UBC closed)|
|Fri, 15/10||Research proposal due|
|Nov first week (tentative)||Schedule feedback session on research plan|
|Wed–Fri, 10/11 – 12/11||Mid-term break|
|01/12 (tentative)||Project presentations|
|06/12 (tentative)||Project presentations|
|22/12 (tentative)||Final research paper due|
Here is a tentative schedule of papers to be covered in the class. Depending on the number of registered students, we may add or drop some papers.
Students must submit their top 3 preferences for paper presentation slots to the staff by 09 Sep 2021, 12:00h PT. The paper presentation slots will be notified on 09 Sep 2021, 17:00h PT. If a student needs to change their presentation slot later, they must find another registered student to swap their slot, and both students must confirm the swap with the instructor at least 7 days before the earlier presentation slot.
|13/09||Cache-timing attacks on AES (pdf)|
|15/09||Flush+Reload: A High Resolution, Low Noise, L3 Cache Side-Channel Attack (pdf)|
|20/09||Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches (pdf)
course add/drop deadline
|22/09||NetCAT: practical cache attacks from network (pdf)|
|27/09||Predictive Black-Box Mitigation of Timing Channels (pdf)|
|29/09||CATalyst: Defeating last-level cache side channel attacks in cloud computing (link)|
|04/10||Robust and efficient elimination of cache and timing side channels (pdf)|
|06/10||Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems (link)|
|13/10||Autarky: Closing controlled channel attacks with self-paging enclaves (pdf)
Additional links: SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control (link)
|18/10||Main reading: Meltdown: Reading Kernel Memory from User Space (pdf)
Additional links: https://transient.fail
|20/10||Spectre Attacks: Exploiting Speculative Execution (link)|
|25/10||An Analysis of Speculative Type Confusion Vulnerabilities in the Wild (pdf)
Additional links: Reproducing Spectre Attack with gem5 (link)
|27/10||Efficiently Mitigating Transient Execution Attacks using the Unmapped Speculation Contract (pdf)|
|01/11||Swivel: Hardening WebAssembly against Spectre (pdf)|
|03/11||New Models for Understanding and Reasoning about Speculative Execution Attacks (arxiv)|
|08/11||Rendered Insecure: GPU Side Channel Attacks are Practical (pdf)|
|15/11||Telekine: Secure Computing with Cloud GPUs (pdf)
Optional reading: Oblivious Coopetitive Analytics Using Hardware Enclaves (pdf)
|17/11||Side-channel leaks in web apps a reality today, a challenge tomorrow (pdf)|
|22/11||Beauty and the Burst: Remote Identification of Encrypted Video Streams (pdf)|
|24/11||Traffic morphing: an efficient defense against statistical traffic analysis (pdf)|
|29/11||Pacer: Comprehensive Network Side-Channel Mitigation in the Cloud (pdf)|
|06/12||Final project presentation|
Survey papers on side channels