Side and Covert Channels: Attacks and Defenses

A tutorial at ISCA 2019 on Saturday June 22nd Phoenix, AZ, USA

About The Tutorial:

With the rise of cloud computing and internet services, microarchitectural side and covert channel attacks have emerged as a central threat to computer systems. These attacks are based on the idea that two programs can communicate with each other---intentionally or unintentionally---through side-effects that are observable through microarchitectural structures such as caches or execution units. With this capability, research has shown how attackers can exfiltrate sensitive data from cryptographic keys to outlines of images to all of application virtual memory (e.g., using Spectre/Meltdown attacks).

The goal of the tutorial is to bring together researchers from industry and academia that want to learn about the state-of-the-art in side channel attacks and (potentially) engage in related defensive/offensive research. The tutorial will include three main components:

Theory: Breadth-Depth Talks and Discussion

A series of talks by the organizers covering from basic to advanced concepts in microarchitectural side/covert channel attacks and defenses.

Practice: Covert Channel "Hello World" Hands-on Hacking Session

The organizers will host a hands-on hacking session where participants get access to working covert channel code and be able to modify it & see the effects of those changes on channel bandwidth, etc. So please bring a laptop!

"Hello world" is a notorious challenge for researchers new to side and covert channels. The goal with the hacking session be for participants to leave the tutorial with working code that they can build from in their research. We have tested this code and will provide AWS instances for the participants to see some covert-channel action in person.

Industry Keynote

Intel Research will give a keynote to provide an Industry perspective in the Post-Spectre/Meltdown world.

Schedule and Slides:

  • 09:00-09:45 AM: Introduction to side/covert channels [ slides ]
  • 0945:-10:00 AM: Introduction to hacking session code base [ slides ]
  • 10:00-11:00 AM: Hands-on hacking session
  • 11:00-11:30 AM: Coffee break
  • 11:30-12:30 PM: Keynote by Frank McKeen (Intel) + Discussion [ slides ]
  • 12:30-02:00 PM: Lunch break
  • 02:00-03:00 PM: Formal definitions & framework (slides will be posted on 6/24)
  • 03:00-03:30 PM: Non-transient execution side/covert channels, Part 1 [ slides ]
  • 03:30-04:00 PM: Coffee break
  • 04:00-04:30 PM: Non-transient execution side/covert channels, Part 2 (see part 1)
  • 04:30-05:30 PM: Speculative (transient) execution attacks [ slides ]
  • 05:30 PM: Closing
  • Potpourri (time permitting)

Intended Audience & Prerequisite Knowledge:

The tutorial is targeted at Architects that want to learn about the state-of-the-art in side channel attacks and (potentially) engage in related defensive/offensive research. No prior background in security is needed. We will minimize required knowledge of Computer Architecture to the extent possible to appeal to the broader FCRC community.

Program Overview:

The breadth-depth talks will cover a range of material, including but not limited to the following:

Basics/Crash Course in microarchitectural side and covert channels

If the audience does not have a background in side/covert channel research, they should be able to attend only this module and walk away with a working knowledge of how basic side channel attacks work.

Assumptions and Formal Definitions

The audience will understand what assumptions and formal definitions underpin side channel attacks. We will also cover relevant architecture background that will be used in later modules.

Non-Speculative Side Channel Attacks

The audience will gain a state-of-the-art understanding for the attacker’s toolkit, i.e., what he/she will exploit at the algorithm-level, what microarchitectural channels leak bits, and how signal post-processing techniques can amplify leakage.

Speculative (Transient) Covert Channel Attacks

The audience will understand from the basics to the state-of-the-art of speculative (transient) execution attacks, starting with Spectre/Meltdown/Foreshadow and generalizing to the different mechanisms needed to create an attack.

Software-based Defenses

The audience will gain state-of-the-art understanding of data oblivious/constant time programming, the circuit programming abstraction and cryptographic blinding. This constitutes the toolkit developers and cryptographers use today to block side channels on commercially available machines.

Hardware-based Defenses

The audience will learn about a sampling of hardware proposals out of the architecture community for blocking side channels. The focus will be on holistic techniques blocking broad classes of side channels with provable guarantees.

Hacking Session material

Thanks to: