Rutgers Classifieds>Rutgers Online Courses>Transient-Execution Attacks: Understanding Meltdown and Spectre

Transient-Execution Attacks: Understanding Meltdown and Spectre

About this Course

In this course, we build upon the knowledge we built up so far on cache side-channel attacks as well as the side-channel and security mindset. We will then go beyond software-based side-channel attacks and study transient-execution attacks. Transient execution is a mechanism present in modern processors, where the processor performs operations, often speculatively, that it later on has to undo. However, the side effects of these operations remain and leak data (not meta-data!) to the attacker. Similar to the prior courses, we provide you with the experience of discovering these attacks yourself in a group of students, living in a shared appartment. We again dive deeper into the microarchitecture and will now understand out-of-order pipelines and how their behavior introduces leakage. We will then use side channels to exfiltrate data and transmit it to an attacker-controlled application. We will learn about the most prominent of these attacks: Meltdown, Spectre, Foreshadow, and ZombieLoad. You will implement some of these attacks yourself, which requires skills in reading and writing C code. You will learn which attacks are relevant in the concrete native and virtualized environments you are working with, contributing to your risk assessment skills. In a set of small exercises, you will implement some of these attacks and show that you understood out-of-order execution pipelines, transient-execution attacks and potential mitigations against them.

Created by: Graz University of Technology

Level: Advanced


Related Online Courses

Building construction is one of the most waste producing sectors. In the European Union, construction alone accounts for approximately 30% of the raw material input. In addition, the different... more
Maintaining and updating software is an important activity for a Technical Support role. There are many types of software, and understanding software can be overpowering. This course introduces the... more
Information Security is everywhere: as the world becomes more and more digitized, so it becomes more and more hackable. Cyber attacks, data breaches, and even cyber warfare are all very real - so... more
This course introduces you to PyTorch, one of the most popular deep learning frameworks, revealing how it can be used in your company to automate and optimize processes through the development and... more
About the Database Series of Courses "Databases" was one of Stanford's three inaugural massive open online courses in the fall of 2011. It has been offered in synchronous and then in self-paced... more

CONTINUE SEARCH

FOLLOW COLLEGE PARENT CENTRAL