-
In this course, we build upon basic knowledge of software-based timing and cache attacks as well as the side-channel mindset. Same as in the prior courses, we do not just enumerate side-channel effects but we provide you with the experience of discovering side channels yourself in a group of students, living in a shared appartment. We dive deeper into the microarchitecture and get an in-depth understanding of virtual memory and caches in the course. We will learn about different cache side channels, such as Flush+Flush, Evict+Reload, and Prime+Probe. This requires some skills in reading and writing code, mainly C code. You will learn which attacks are relevant in the concrete native and virtualized environments you are working with, contributing to your risk assessment skills. In a set of small exercises, you will demonstrate that you understood the virtual memory, caches, and are able to find and exploit cache side channels in small software programs.
-
- Episode 1: Down the Rabbit Hole
The flatmates figure out how virtual addresses and caches work and they start realizing which timing differences might be hidden in there.
- Episode 2: Gone with the Flush
The flatmates discover the Flush+Flush and Evict+Reload attacks and learn a lot about how cache replacement works.
- Episode 3: Optimus Prime+Probe
The flatmates discover the Prime+Probe attack. They realize that it works in cases where Flush+Reload does not work and believe it is something completely new.
- Episode 4: Jonas and the Template of Doom
The flatmates realize that they can scan binaries for cache activity and automatically build cache side-channel attacks with that, forming the concept of Cache Template Attacks. In the end, upon Jonas' suggestion, they retrieve the Template of Doom; but they also attack AES for instance.
- Episode 5: Drama with Manuel
Manuel hurt his leg and cannot move. The timing differences he introduces in the flat activity inspire the discovery of DRAM Addressing (DRAMA) side channels.
