CPSC 538M: Security and Privacy in the Era of Side Channels

Winter Term 1, Sep 2022

Syllabus

Announcements

The assignment is up.

The project page is up.

Paper reviews are due by 17:00h on the day before the day of class discussion. Submit the reviews to the instructor's email id.

1. Overview

A large number of software applications store and process valuable data. These applications are the target of a variety of attacks. One type of attacks are side-channel attacks. Side channels arise in system resources that are shared among mutually untrusting principals. Side-channel attacks are becoming increasingly sophisticated, while building efficient defenses is challenging. This course will give an overview of software-based side-channel attacks. We will study papers that describe side channels in resources, such as caches, memory, CPUs, GPUs, and network, and how attacks are designed to exploit the side channels. We will also study solutions to mitigate various side channels, which include techniques at the architecture, the OS, languages and compilers, and the application level.

Acknowledgements: UBC’s main Vancouver campus—including our classroom and other course spaces—is located on the traditional, ancestral and unceded territory of the Musqueam people. These lands have always been a place of learning for Musqueam youth, who were instructed in their culture, history, and tradition, and who in turn shared their knowledge with a new generation.

2. Course Staff and Logistics

Instructor: Aastha Mehta ( <firstname>k<lastinitial> [AT] cs.ubc.ca )
Office hours: Wed, 10:30 - 11:30h PT and on demand

Teaching Assistant: Amir Sabzi ( <lastname> [AT] cs.ubc.ca )

Class information

3. Health, Safety, Wellbeing, and COVID-19

Learning and teaching is challenging if you are not healthy, safe, and secure. If you face any challenges in CPSC 538M to your well-being, please bring them up with us! We will try to support you. (For accommodations, the minimum we guarantee is to note your concern for review at the end of the term, as we finalize course grades. More generally, we will try to be reasonable and flexible!) Also see UBC Senate's Policies and Resources to Support Student Success.

As of late August, 2021, it seems that we are still in the midst of the pandemic. Here is our situation:

Therefore:

Your personal health: If you’re sick, it’s important that you stay home – no matter what you think you may be sick with (e.g., cold, flu, other). 

4. Registration and Prerequisites

Registration: Note, the last date to add/drop out of the course is 20 Sep 2021.

Prerequisites

Any background in security is welcome but not required. The course is intended for Masters and Ph.D. students in Computer Science, but enterprising Bachelors students who fulfill the above pre-requisites are welcome to participate.

5. Course structure and grading

This course is structured as a seminar. Every class, one student will present a paper, which will then be discussed in the class. Depending on the number of registered students, two students may be required to present a paper each in some classes. Before each class, all students are expected to read the paper, write a short critical review of the paper, and prepare a list of discussion points. Students should use the online Piazza class forum to seek answers on basic, clarification questions. The class discussion will focus on deeper questions. In addition, there is one assignment (first half of the term), and an exploratory project component.

Grading: Your course grade will be based on the following breakdown. The course staff reserves the right to change the scheme, but we do not anticipate using that right except in consultation with the class as a whole.

Paper reviews: Students must write a review for each paper, including (but not limited to) a summary of the problem addressed in the paper, the threat model and trust assumptions, the key ideas of the paper, the key techniques used, limitations of the paper, and potential ways to overcome the limitations.

Students must write the reviews in their own words. Any text or resources copied from another source must be appropriately cited, otherwise, it will be construed as plagiarism. Students must submit their paper reviews in PDF form via Piazza.

For the final grading on the paper reviews, we will consider top 80% of all the review scores. (The exact number of reviews to be considered will be determined after the final registration count.) The student presenting a paper need not write a review for the presented paper or submit discussion questions on Piazza.

Paper presentation: Each student must give a 45-min presentation on their paper. In case two papers are to be presented on a day, each presenter will be required to give a 30-min presentation. The class discussion will begin after all presentations, and the presenter(s) will be expected to lead the discussion.

Students are welcome to use powerpoint or a similar tool for presenting their slides. Each student must submit their presentation slides to the staff upto 30 min before the start of the class. For in-person presentation, the staff will provide a laptop, a power adapter, an HDMI connector for projection, and a presenter remote. The laptop will be set up for simultaneous online streaming and in-class projection.

The presentation will be graded based on content, clarity, delivery, and participation in the follow up discussion.

Class participation: Students can participate in discussions in class (in person or via the online chat) as well as on Piazza. If you are unable to attend a class on a given day, you can still get participation points by sharing discussion questions on Piazza before the class. Note that points will be given for quality of participation and not quantity.

Assignment(s): Assignments must be done in teams of two. All assignments will be done on Raspberry Pi boards, which will be provided to you by the staff. You are allowed to discuss the assignment with other teams via Piazza or other external communication methods. However, each team must implement the final solution and submit their report by themselves.

Project: The course project must be done in teams of 2-4. The project deliverables will include a research proposal, a final paper, and an oral presentation. At each stage of the process, we will provide detailed feedback and suggestions. See this page for some ideas.

6. Important Dates

See below for the paper schedule.

Date Description
Tue, 07/09 Imagine Day
Wed, 08/09 First day of regular classes
Thu, 09/09 Submit preferences for paper presentation slots
Announcement of assigned presentation slots
Mon, 20/09 Announcement of assignment
Course add/drop deadline
Thu, 30/09 National Day for Truth and Reconciliation (UBC closed)
Wed, 08/10 Assginment due
Mon, 11/10 Thanksgiving (UBC closed)
Fri, 15/10 Research proposal due
Nov first week (tentative) Schedule feedback session on research plan
Wed–Fri, 10/11 – 12/11 Mid-term break
01/12 (tentative) Project presentations
06/12 (tentative) Project presentations
22/12 (tentative) Final research paper due

7. Reading schedule

Here is a tentative schedule of papers to be covered in the class. Depending on the number of registered students, we may add or drop some papers.

Students must submit their top 3 preferences for paper presentation slots to the staff by 09 Sep 2021, 12:00h PT. The paper presentation slots will be notified on 09 Sep 2021, 17:00h PT. If a student needs to change their presentation slot later, they must find another registered student to swap their slot, and both students must confirm the swap with the instructor at least 7 days before the earlier presentation slot.

Date Paper Presenter
08/09 Overview Aastha
13/09 Cache-timing attacks on AES (pdf) Nichole Boufford
15/09 Flush+Reload: A High Resolution, Low Noise, L3 Cache Side-Channel Attack (pdf) Sid Agarwal
20/09 Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches (pdf)
assignment out
course add/drop deadline
class discussion
22/09 NetCAT: practical cache attacks from network (pdf) class discussion
27/09 Predictive Black-Box Mitigation of Timing Channels (pdf) class discussion
29/09 CATalyst: Defeating last-level cache side channel attacks in cloud computing (link) Zainab Saeed Wattoo
04/10 Robust and efficient elimination of cache and timing side channels (pdf) Shiqi HE
06/10 Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems (link) class discussion
08/10 assignment due
11/10 Thanksgiving Holiday Thanksgiving Holiday
13/10 Autarky: Closing controlled channel attacks with self-paging enclaves (pdf)

Additional links: SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control (link)
class discussion
18/10 Main reading: Meltdown: Reading Kernel Memory from User Space (pdf)

Additional links: https://transient.fail
Pritam Dash
20/10 Spectre Attacks: Exploiting Speculative Execution (link) Elaine Yao
25/10 An Analysis of Speculative Type Confusion Vulnerabilities in the Wild (pdf)

Additional links: Reproducing Spectre Attack with gem5 (link)
class discussion
27/10 Efficiently Mitigating Transient Execution Attacks using the Unmapped Speculation Contract (pdf) Soo Yee Lim
01/11 Swivel: Hardening WebAssembly against Spectre (pdf) class discussion
03/11 New Models for Understanding and Reasoning about Speculative Execution Attacks (arxiv) class discussion
08/11 Rendered Insecure: GPU Side Channel Attacks are Practical (pdf) Puneet Mehrotra
10/11 mid-term break mid-term break
15/11 Telekine: Secure Computing with Cloud GPUs (pdf)

Optional reading: Oblivious Coopetitive Analytics Using Hardware Enclaves (pdf)
class discussion
17/11 Side-channel leaks in web apps a reality today, a challenge tomorrow (pdf) class discussion
22/11 Beauty and the Burst: Remote Identification of Encrypted Video Streams (pdf) class discussion
24/11 Traffic morphing: an efficient defense against statistical traffic analysis (pdf) class discussion
29/11 Pacer: Comprehensive Network Side-Channel Mitigation in the Cloud (pdf) Aastha
01/12 Course review Aastha
06/12 Final project presentation --

Additional reading

Survey papers on side channels