Side and Covert Channels: Attacks and Defenses
A tutorial at ISCA 2019 on Saturday June 22nd Phoenix, AZ, USA
A tutorial at ISCA 2019 on Saturday June 22nd Phoenix, AZ, USA
With the rise of cloud computing and internet services, microarchitectural side and covert channel attacks have emerged as a central threat to computer systems. These attacks are based on the idea that two programs can communicate with each other---intentionally or unintentionally---through side-effects that are observable through microarchitectural structures such as caches or execution units. With this capability, research has shown how attackers can exfiltrate sensitive data from cryptographic keys to outlines of images to all of application virtual memory (e.g., using Spectre/Meltdown attacks).
The goal of the tutorial is to bring together researchers from industry and academia that want to learn about the state-of-the-art in side channel attacks and (potentially) engage in related defensive/offensive research. The tutorial will include three main components:
A series of talks by the organizers covering from basic to advanced concepts in microarchitectural side/covert channel attacks and defenses.
The organizers will host a hands-on hacking session where participants get access to working covert channel code and be able to modify it & see the effects of those changes on channel bandwidth, etc. So please bring a laptop!
"Hello world" is a notorious challenge for researchers new to side and covert channels. The goal with the hacking session be for participants to leave the tutorial with working code that they can build from in their research. We have tested this code and will provide AWS instances for the participants to see some covert-channel action in person.
Intel Research will give a keynote to provide an Industry perspective in the Post-Spectre/Meltdown world.
The tutorial is targeted at Architects that want to learn about the state-of-the-art in side channel attacks and (potentially) engage in related defensive/offensive research. No prior background in security is needed. We will minimize required knowledge of Computer Architecture to the extent possible to appeal to the broader FCRC community.
The breadth-depth talks will cover a range of material, including but not limited to the following:
If the audience does not have a background in side/covert channel research, they should be able to attend only this module and walk away with a working knowledge of how basic side channel attacks work.
The audience will understand what assumptions and formal definitions underpin side channel attacks. We will also cover relevant architecture background that will be used in later modules.
The audience will gain a state-of-the-art understanding for the attacker’s toolkit, i.e., what he/she will exploit at the algorithm-level, what microarchitectural channels leak bits, and how signal post-processing techniques can amplify leakage.
The audience will understand from the basics to the state-of-the-art of speculative (transient) execution attacks, starting with Spectre/Meltdown/Foreshadow and generalizing to the different mechanisms needed to create an attack.
The audience will gain state-of-the-art understanding of data oblivious/constant time programming, the circuit programming abstraction and cryptographic blinding. This constitutes the toolkit developers and cryptographers use today to block side channels on commercially available machines.
The audience will learn about a sampling of hardware proposals out of the architecture community for blocking side channels. The focus will be on holistic techniques blocking broad classes of side channels with provable guarantees.
Thanks to: