Side and Covert Channels: Attacks and Defenses
A tutorial at ASPLOS 2020 on Tuesday March 17th Lausanne, Switzerland
About The Tutorial:
With the rise of cloud computing and internet services, microarchitectural side and covert channel attacks have emerged as a central threat to computer systems. These attacks are based on the idea that two programs can communicate with each other---intentionally or unintentionally---through side-effects that are observable through microarchitectural structures such as caches or execution units. With this capability, research has shown how attackers can exfiltrate sensitive data from cryptographic keys to outlines of images to all of application virtual memory (e.g., using Spectre/Meltdown attacks).
The goal of the tutorial is to bring together researchers from industry and academia that want to learn about the state-of-the-art in side channel attacks and (potentially) engage in related defensive/offensive research. The tutorial will include three main components:
Theory: Breadth-Depth Talks and Discussion
A series of talks by the organizers covering from basic to advanced concepts in microarchitectural side/covert channel attacks and defenses.
Practice: Covert Channel "Hello World" Hands-on Hacking Session and Capture the Flag
The organizers will host a hands-on hacking session where participants get access to working covert channel code and be able to modify it & see the effects of those changes on channel bandwidth, etc. The tutorial will also feature a capture the flag session that will commence at tutorial end and run for the subsequent week (with prizes going to the winners!). So please bring a laptop!
"Hello world" is a notorious challenge for researchers new to side and covert channels. The goal with the hacking session be for participants to leave the tutorial with working code that they can build from in their research. We have tested this code and will provide AWS instances for the participants to see some covert-channel action in person.
Intel Research will give a keynote to provide an Industry perspective in the Post-Spectre/Meltdown world.
Schedule and Slides (tentative):
- 08:00-08:45 AM: Introduction to side/covert channels
- 0845:-9:00 AM: Introduction to hacking session code base
- 9:00-10:00 AM: Hands-on hacking session
- 10:00-10:30 AM: Coffee break
- 10:30-12:30 PM: Keynote by Intel + Discussion
- 12:30-02:00 PM: Lunch break
- 02:00-03:00 PM: Formal definitions & framework
- 03:00-04:00 PM: Non-transient execution side/covert channels
- 04:00-04:30 PM: Coffee break
- 04:30-05:30 PM: Speculative (transient) execution attacks
- 05:30 PM: Closing
- Potpourri (time permitting)
Intended Audience & Prerequisite Knowledge:
The tutorial is targeted at people with backgrounds in Architecture/Systems/Compilers/PL that want to learn about the state-of-the-art in side channel attacks and (potentially) engage in related defensive/offensive research. No prior background in security is needed (beginners welcome) but we will cover advanced topics & try to spark discussion throughout the day (so, experts also welcome).
The breadth-depth talks will cover a range of material, including but not limited to the following:
Basics/Crash Course in microarchitectural side and covert channels
If the audience does not have a background in side/covert channel research, they should be able to attend only this module and walk away with a working knowledge of how basic side channel attacks work.
Assumptions and Formal Definitions
The audience will understand what assumptions and formal definitions underpin side channel attacks. We will also cover relevant architecture background that will be used in later modules.
Non-Speculative Side Channel Attacks
The audience will gain a state-of-the-art understanding for the attacker’s toolkit, i.e., what he/she will exploit at the algorithm-level, what microarchitectural channels leak bits, and how signal post-processing techniques can amplify leakage.
Speculative (Transient) Covert Channel Attacks
The audience will understand from the basics to the state-of-the-art of speculative (transient) execution attacks, starting with Spectre/Meltdown/Foreshadow and generalizing to the different mechanisms needed to create an attack.
The audience will gain state-of-the-art understanding of data oblivious/constant time programming, the circuit programming abstraction and cryptographic blinding. This constitutes the toolkit developers and cryptographers use today to block side channels on commercially available machines.
The audience will learn about a sampling of hardware proposals out of the architecture community for blocking side channels. The focus will be on holistic techniques blocking broad classes of side channels with provable guarantees.
Hacking Session material
- To be posted
- Chris Fletcher (UIUC; http://cwfletcher.net/)
- Mohit Tiwari (UT Austin; https://users.ece.utexas.edu/~tiwari/)
- Mengjia Yan (UIUC/MIT; http://myan8.web.engr.illinois.edu/)
- Moin Qureshi (Georgia Tech; https://moin.ece.gatech.edu/)
- Mohamad El Hajj (UIUC; https://github.com/moehajj)
- Shijia Wei (UT Austin; https://0x161e-swei.github.io/)
- Yasser Shalabi (UIUC; https://github.com/yshalabi)