Microarchitectural Attacks and Defenses (MAD)
A tutorial at ISCA 2023 on Sunday June 18th Orlando
The MAD (microarchitecture attacks and defenses) tutorial will happen again this year, co-located with ISCA'23 in Orlando.
About The Tutorial
With the rise of cloud computing and internet services, microarchitectural attacks (i.e., microarchitectural side/covert channels, Spectre/Meltdown, Rowhammer) have emerged as a central threat to computer systems. These attacks exploit microarchitectural details to undermine program integrity/confidentiality and have enabled a menagerie of interesting (but unwanted!) capabilities---ranging from opening communication channels between otherwise isolated processes, leaking attacker-selected bits of a program's secret data, achieving privilege escalation in memory-safe code and more.
The goal of the tutorial is to bring together researchers from industry and academia that want to learn about the state-of-the-art in both microarchitectural attack and defense research. The tutorial will include two main components:
Theory: Breadth-Depth Talks and Discussion
A series of talks by the organizers covering from basic to advanced concepts in microarchitectural attacks and defenses. We will also have keynote speakers give a talk on the future of microarchitectural security and major open challenges.
Practice: Hands-on Hacking Session and Capture the Flag
The organizers will host a hands-on hacking session where participants get access to working covert channel code/Spectre and be able to modify it & see the effects of those changes on channel bandwidth, etc. The tutorial will also feature a capture-the-flag session that will commence at tutorial end and run for the subsequent week (with prizes going to the winners!). So please bring a laptop!
Intended Audience & Prerequisite Knowledge
The tutorial is targeted at people with backgrounds in Architecture/Systems/Compilers/PL that want to learn about the state-of-the-art in microarchitectural attacks and (potentially) engage in related defensive/offensive research. No prior background in security is needed (beginners welcome) but we will cover advanced topics & try to spark discussion throughout the day (so, experts also welcome).
Tutorial Schedule (as of June 13)
09:00 - 09:15 AM: Workshop Opening
09:15 - 09:30 AM: Introduction to hacking session code base
09:30 - 11:00 AM: Hands-on hacking session (bring your laptop)
11:00 - 11:20 AM: Coffee break
11:20 - 12:30 PM: Keynote by Daniel Genkin (Georgia Tech) "Side Channel Attacks: Lessons Learned or Troubles Ahead?"
Lunch Time (12:30-02:00 PM)
02:00 - 02:45 PM: Christopher Fletcher (UIUC) "Non-speculative Perspectives for a Speculative World"
02:45 - 03:30 PM: Moinuddin Qureshi (Georgia Tech) "Rowhammer: The Basics, the Bad, and the Ugly"
03:30 - 04:00 PM: Coffee break
04:00 - 04:30 PM: Dmitry Evtyushkin (College of William and Mary) "Using Automation for Discovering Microarchitectural Attacks"
04:30 - 05:00 PM: Mengjia Yan (MIT) "Security-oriented Microarchitectural Modeling"
05:00 PM: Closing
Materials from MAD'22
Keynotes and Technical Talk Slides
Keynote #1 Blockchain and Trusted Execution Environment (Mic Bowman, Intel)
What We Have Overlooked When Studying Microarchitectural Side Channels, Mengjia Yan (MIT)
Beyond Leakage: Microarchitectural Weird Machines, Dmitry Evtyushkin (College of William and Mary)
A Game of Cache Attacks and Defense, Moinuddin Qureshi (Georgia Tech)
Rowhammer Attacks and Defense, Moinuddin Qureshi (Georgia Tech)
Hacking Session Material
Organizers
Mengjia Yan (MIT; http://people.csail.mit.edu/mengcijia/)
Chris Fletcher (UIUC; http://cwfletcher.net/)
Moin Qureshi (Georgia Tech; https://moin.ece.gatech.edu/)
Dmitry Evtyushkin (William & Mary; https://www.cs.wm.edu/~dmitry/)