News
Seminar ReportWritten on 14.03.23 by Jan Reineke This is a gentle reminder that the seminar report is due on March 24. Note that this only applies to students taking the course as a seminar (not a proseminar). |
First Presentation Session TodayWritten on 12.01.23 by Jan Reineke Dear all, We will have our first presentation session today from 16:00 to 18:30. The session will take place in Room 401 in Building E1 3. Best regards, Jan Reineke |
Reminder: Presentation Draft DeadlineWritten on 05.12.22 by Shrey Sharma The deadlines for rough draft discussion are fast approaching. Note that these are hard deadlines and can not be postponed. The complete schedule is available in the timetable section of the CMS. Please reach out to the advisor for your assigned paper and schedule an appointment before the deadline. |
Course RegistrationWritten on 23.11.22 by Jan Reineke You can now register for the course in the LSF. Registration is open until December 9. |
Submit Paper and Date PreferencesWritten on 07.11.22 by Jan Reineke Do not forget to submit your preferences for papers and date until Wednesday night using the links in the introductory slides! |
Microarchitectural Security via Hardware-Software Contracts
Description
Spectre, Meltdown, and other microarchitectural attacks have been in the limelight in recent years. These attacks exploit subtle timing and behavioral differences of processors that are caused by microarchitectural optimizations such as caches and speculative execution to gain access to secret information.
The vulnerabilities exploited by microarchitectural attacks are not captured by today's hardware-software contracts, i.e. instruction-set architectures (ISAs). Traditionally, ISAs only capture the "functional" behavior of a system and thus have a blind spot when it comes to side channels. Recently, there has been a push to augment conventional ISAs with a formal specification of information leakage, resulting in more general hardware-software contracts. Such contracts enable writing secure code, e.g. implementing cryptographic algorithms, in a rigorous manner.
In this seminar, we are going to study
- novel hardware-software contracts that capture microarchitectural vulnerabilities,
- verification of hardware-software contracts,
- fuzz testing of hardware-software contracts,
- techniques to automatically synthesize hardware-software contracts from hardware models, and
- techniques to analyze security properties of software on top of contracts.
Each participant will give a presentation of an assigned paper, followed by a group discussion. All students are expected to read each paper carefully and to actively participate in the discussions. Each student will write a summary of the paper they have presented, including a general overview of the topic and reflecting the group discussion.
This is a combined proseminar and seminar with a total of 12 seats.
Requirements
Basic knowledge of computer architecture (e.g. due to Systemarchitektur) is required.
Knowledge of security and formal methods is a plus.
Format
- Each student is assigned one of the three groups of papers:
- each student is designated as the presenter of one of the papers from his/her group (the presentation should be about 25 minutes long)
- each student needs to read all papers from his/her group and submit a one-page summary + 3 questions about each paper (excluding the paper he/she is presenting)
- The presenter of paper needs to deliver a talk draft to his/her advisor at least 24 days (hard deadline) prior to his/her scheduled talk. In the week before the talk, the presenter should also deliver a practice talk to his/her advisor.
- Summaries+questions have to be delivered 24 hours prior to the respective session.
- For the seminar students (and thus not the proseminar students), a seminar report (should summarize the paper and discuss it in the context of the other work studied in the seminar) is required in addition, to be delivered at the end of the term, 24.3.2023).
Grading Scheme
Seminar | Proseminar | ||||
Presentation | Rough presentation draft | 35% | 7% | 50% | 10% |
Full set of slides | 7% | 10% | |||
Actual presentation of paper | 21% | 30% | |||
Summaries of other papers + questions | 20% | 30% | |||
Participation during sessions | 15% | 20% | |||
Seminar Report (Seminar students only) | 30% |
Calendar
Four sessions of 2h30 each are planned:
- 1st session: Thursday, 12.01.2023, 16:00-18:30
- 2nd session: Thursday, 19.01.2023, 16:00-18:30
- 3rd session: Thursday, 26.01.2023, 16:00-18:30
- 4th session: Thursday, 02.02.2023, 16:00-18:30
- Seminar report delivery (only for Seminar students): 24.03.2023