OpenCourser brand icon
Sign in
We may earn an affiliate commission when you visit our partners.
Course image
Course image
edX logo

Cache Side-Channel Attacks and Mitigations

Daniel Gruss

In this course, we build upon basic knowledge of software-based timing and cache attacks as well as the side-channel mindset. Same as in the prior courses, we do not just enumerate side-channel effects but we provide you with the experience of discovering side channels yourself in a group of students, living in a shared appartment. We dive deeper into the microarchitecture and get an in-depth understanding of virtual memory and caches in the course. We will learn about different cache side channels, such as Flush+Flush, Evict+Reload, and Prime+Probe. This requires some skills in reading and writing code, mainly C code. You will learn which attacks are relevant in the concrete native and virtualized environments you are working with, contributing to your risk assessment skills. In a set of small exercises, you will demonstrate that you understood the virtual memory, caches, and are able to find and exploit cache side channels in small software programs.

Enroll now

What's inside

Learning objective

- spot and exploit side channels in cache hierarchies of concrete systems- use different software-based cache side channels to extract secret information- understand the security risks posed by cache side channels and which cache side channels can be mitigated in practice

Syllabus

- Episode 1: Down the Rabbit Hole
The flatmates figure out how virtual addresses and caches work and they start realizing which timing differences might be hidden in there.
Read more

Traffic lights

Read about what's good
what should give you pause
and possible dealbreakers
Taught by Daniel Gruss, who is innovative in his approach to security risks in computer science
Develops key skills for anyone working with virtual environments
Explores topics highly relevant to industry
Offers hands-on labs and interactive materials
Advises students to take other courses first as prerequisites
Requires learners to come in with extensive background knowledge first

Save this course

Create your own learning path. Save this course to your list so you can find it easily later.
Save

Reviews summary

In-depth cache side-channel exploitation

According to students, this course offers a deep dive into cache side-channel attacks and mitigations, building upon existing knowledge. Learners report appreciating the hands-on experience in discovering side channels and the in-depth understanding of microarchitecture, virtual memory, and caches. It covers specific techniques like Flush+Flush, Evict+Reload, and Prime+Probe attacks, making it highly relevant for risk assessment in concrete environments. Some learners might find the need for C code skills a prerequisite, and the narrative style a unique approach.
Uses a 'flatmates' storyline to explain complex concepts.
"The 'flatmates' narrative was a creative way to introduce the concepts, keeping it somewhat engaging."
"Initially, the story felt a bit unusual, but it did help in visualizing some abstract ideas."
"While unique, the narrative sometimes felt a bit contrived and didn't always enhance the learning."
Focuses on hands-on discovery and exploitation of side channels.
"The small exercises provided a great opportunity to find and exploit cache side channels myself."
"I found the practical demonstrations of Flush+Flush and Evict+Reload particularly illuminating."
"It's great to learn how to spot and exploit these vulnerabilities in real-world scenarios."
Provides an in-depth understanding of complex system internals.
"The course really dives deep into the microarchitecture and how caches function, which was essential for understanding the attacks."
"I appreciate the detailed explanation of virtual memory and its interaction with cache side channels."
"It's not just theory; the explanations on how specific attacks like Prime+Probe work are incredibly thorough."
Learners need prior proficiency in reading and writing C code.
"Be prepared to code in C; it's fundamental to understanding and completing the exercises."
"Coming in, I needed to brush up on my C skills, as the course heavily relies on it."
"If you're not comfortable with C, this course will be challenging from the start."
Builds on existing basic understanding of timing and cache attacks.
"Make sure you have basic knowledge of software-based timing and cache attacks before starting."
"This course is definitely not for beginners; it assumes you're already familiar with core side-channel concepts."
"I struggled initially because I underestimated the prerequisite knowledge mentioned."

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Cache Side-Channel Attacks and Mitigations with these activities:
Review Compilers: Principles, Techniques and Tools
Review key concepts and fundamentals from compilers.
View Compilers: Principles, Techniques, and Tools on Amazon
Show steps
  • Read the first 3 chapters of the book
  • Take notes on the main concepts discussed
Participate in discussion groups on cache side channels
Engage with peers to exchange knowledge and perspectives on cache side channels.
Show steps
  • Join a discussion group on cache side channels
  • Participate in discussions by asking questions and sharing insights
  • Summarize the key takeaways from the discussions
Solve practice problems on cache coherence
Practice applying the concepts of cache coherence to real-world scenarios.
Show steps
  • Solve 5 practice problems on cache coherence
  • Explain your solutions in detail
Five other activities
Expand to see all activities and additional details
Show all eight activities
Create a presentation on cache side-channel attacks
Deepen understanding of cache side-channel attacks by explaining them to others.
Browse courses on Cache Side-Channel Attacks
Show steps
  • Research different types of cache side-channel attacks
  • Create a presentation that explains the attacks and their implications
  • Present the presentation to a group of peers
Volunteer as a mentor to students learning about cache side channels
Share knowledge and expertise in cache side channels while supporting other students.
Show steps
  • Join a mentoring program or platform
  • Connect with students who need guidance in cache side channels
  • Provide support and guidance to the students
Follow tutorials on advanced cache side-channel attacks
Gain in-depth knowledge of advanced cache side-channel attacks and their countermeasures.
Browse courses on Cache Side-Channel Attacks
Show steps
  • Follow a tutorial on a specific advanced cache side-channel attack
  • Implement the attack in a simulated environment
  • Analyze the results and discuss the implications
Implement a cache side-channel attack mitigation technique in a real-world application
Gain practical experience in mitigating cache side-channel attacks.
Browse courses on Cache Side-Channel Attacks
Show steps
  • Identify a real-world application that is vulnerable to cache side-channel attacks
  • Research and select an appropriate mitigation technique
  • Implement the mitigation technique in the application
  • Evaluate the effectiveness of the mitigation technique
Contribute to an open-source cache side-channel attack detection tool
Gain hands-on experience in detecting cache side-channel attacks.
Browse courses on Cache Side-Channel Attacks
Show steps
  • Identify an open-source cache side-channel attack detection tool
  • Make a significant contribution to the tool by adding a new feature or improving an existing one
  • Document your changes and submit a pull request

Career center

Learners who complete Cache Side-Channel Attacks and Mitigations will develop knowledge and skills that may be useful to these careers:
Vulnerability Researcher
Vulnerability Researchers identify and exploit vulnerabilities in software and hardware. They also work with vendors to develop and release patches for these vulnerabilities. This course provides you with the skills in cache side-channel attacks and mitigations that can help you to better understand and exploit these attacks. This course covers various cache side-channel attacks as well as techniques for mitigating these attacks.
See salaries and explore the career path for Vulnerability Researcher
Security Researcher
Security Researchers identify and exploit vulnerabilities in computer systems and networks. They also develop countermeasures to protect against these vulnerabilities. This course provides you with the skills in cache side-channel attacks and mitigations that can help you to better understand and exploit these attacks. This course covers various cache side-channel attacks as well as techniques for mitigating these attacks.
See salaries and explore the career path for Security Researcher
Information Security Analyst
Information Security Analysts plan and implement security measures to protect an organization's computer systems and networks. They also monitor and analyze security systems and respond to security incidents. This course provides you with the skills in cache side-channel attacks and mitigations that can help you to better understand and defend against these attacks. This course covers various cache side-channel attacks as well as techniques for mitigating these attacks. It also discusses how to spot and exploit side channels in cache hierarchies and how to use cache side-channel attacks to extract secret information.
See salaries and explore the career path for Information Security Analyst
Cybersecurity Architect
Cybersecurity Architects design and implement security architectures for organizations. They work with security engineers to ensure that these architectures are effective and meet the organization's security requirements. This course provides you with the skills in cache side-channel attacks and mitigations that can help you to better understand and design security architectures that are more resistant to these attacks. This course covers various cache side-channel attacks as well as techniques for mitigating these attacks.
See salaries and explore the career path for Cybersecurity Architect
Cryptographer
Cryptographers design and implement cryptographic algorithms and protocols to protect information from unauthorized access. They also work with security engineers to implement these algorithms and protocols in real-world systems. This course provides you with the skills in cache side-channel attacks and mitigations that can help you to better understand and design cryptographic algorithms and protocols that are more resistant to these attacks. This course covers various cache side-channel attacks as well as techniques for mitigating these attacks.
See salaries and explore the career path for Cryptographer
Cybersecurity Engineer
Cybersecurity Engineers design, implement, and maintain security systems to protect organizations from cyber attacks. They also monitor and analyze security systems and respond to security incidents. This course provides you with the skills in cache side-channel attacks and mitigations that can help you to better understand and defend against these attacks. This course covers various cache side-channel attacks as well as techniques for mitigating these attacks.
See salaries and explore the career path for Cybersecurity Engineer
Computer Forensics Analyst
Computer Forensics Analysts investigate computer systems and networks to collect and analyze evidence of cyber crimes. They also work with law enforcement to prosecute cyber criminals. This course provides you with the skills in cache side-channel attacks and mitigations that can help you to better understand and analyze cache side-channel attacks. This course also helps you to understand virtual memory and caches. It also covers side-channel effects but provides you with the experience of discovering side channels yourself in a group of students.
See salaries and explore the career path for Computer Forensics Analyst
Ethical Hacker
Ethical Hackers use their skills to identify and exploit vulnerabilities in computer systems and networks in order to help organizations improve their security. This course provides you with the skills in cache side-channel attacks and mitigations that can help you to better understand and exploit these attacks. This course covers various cache side-channel attacks as well as techniques for mitigating these attacks.
See salaries and explore the career path for Ethical Hacker
Penetration Tester
Penetration Testers use their skills to identify and exploit vulnerabilities in computer systems and networks in order to help organizations improve their security. This course provides you with the skills in cache side-channel attacks and mitigations that can help you to better understand and exploit these attacks. This course covers various cache side-channel attacks as well as techniques for mitigating these attacks.
See salaries and explore the career path for Penetration Tester
Chief Information Security Officer (CISO)
The CISO is responsible for the overall security of an organization's information systems and networks. They work with senior management to develop and implement security policies and procedures. This course provides you with the skills in cache side-channel attacks and mitigations that can help you to better understand and manage the security risks associated with these attacks. This course covers various cache side-channel attacks as well as techniques for mitigating these attacks.
See salaries and explore the career path for Chief Information Security Officer (CISO)
Malware Analyst
Malware Analysts analyze malware to understand how it works and how to detect and remove it. They also work with law enforcement to investigate and prosecute cyber crimes. This course provides you with the skills in cache side-channel attacks and mitigations that can help you to better understand and analyze malware. This course covers various cache side-channel attacks and how to exploit side channels in cache hierarchies.
See salaries and explore the career path for Malware Analyst
Privacy Engineer
Privacy Engineers design and implement systems and processes to protect user privacy. They also work with legal and compliance teams to ensure that organizations comply with privacy regulations. This course provides you with the skills in cache side-channel attacks and mitigations that can help you to better understand and design systems and processes that are more resistant to these attacks. This course covers various cache side-channel attacks as well as techniques for mitigating these attacks.
See salaries and explore the career path for Privacy Engineer
Security Consultant
Security Consultants help organizations to improve their security posture. They provide advice on security best practices and help organizations to implement security controls. This course provides you with the skills in cache side-channel attacks and mitigations that can help you to better understand and defend against these attacks. This course covers various cache side-channel attacks as well as techniques for mitigating these attacks.
See salaries and explore the career path for Security Consultant
Software Engineer
Software Engineers create and maintain software applications. They write code, design software architecture, and test and debug software systems. This course provides you with the skills in cache side-channel attacks and mitigations that can help you to write more robust and secure software. This course covers techniques that can be used to discover various cache side channels. It also discusses techniques that can be used to mitigate these side channels in practice.
See salaries and explore the career path for Software Engineer
Computer Hardware Engineer
Computer Hardware Engineers design, develop, and test computer hardware systems. They also work with software engineers to ensure that hardware and software work together properly. This course provides you with the skills in cache side-channel attacks and mitigations that can help you to better understand cache memory and how to design hardware that is more resistant to these attacks. This course covers microarchitecture, virtual memory, and caches. It also covers side-channel effects but provides you with the experience of discovering side channels yourself in a group of students.
See salaries and explore the career path for Computer Hardware Engineer

Reading list

We've selected nine books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Cache Side-Channel Attacks and Mitigations.
Cover image
The Web Application Hacker's Handbook
Save
Practical guide to web application security testing, with a focus on identifying and exploiting security vulnerabilities. It covers a wide range of topics, including web application security basics, common web application vulnerabilities, and advanced security testing techniques.
The Web Application Hacker's Handbook: Finding and...
Paperback
$$
The Web Application Hacker's Handbook: Discovering...
Paperback
$$$
The Web Application Hacker's Handbook: Finding and...
Kindle Edition
$$
Cover image
AppSensor Guide
Save
Collection of practical recipes for securing web applications. It covers a wide range of topics, including web application security basics, common web application vulnerabilities, and advanced security testing techniques.
AppSensor Guide
Paperback
$$
Cover image
Computer Organization and Design RISC-V Edition
Save
Provides a comprehensive overview of computer architecture, with a focus on quantitative analysis. It covers a wide range of topics, including computer organization, instruction set architecture, and performance evaluation.
Computer Organization and Design RISC-V Edition
Paperback
Check
Computer Organization and Design RISC-V Edition
Kindle Edition
Check
Cover image
Computer Organization and Design MIPS Edition
Save
Provides a comprehensive overview of computer organization and design, with a focus on the hardware/software interface. It covers a wide range of topics, including computer architecture, instruction set architecture, and operating systems.
Computer Organization and Design MIPS Edition: The...
Paperback
$$$
Computer Organization and Design MIPS Edition: The...
Paperback
$$$$
Computer Organization and Design MIPS Edition: The...
Kindle Edition
$$$
Computer Organization and Design MIPS Edition: The...
Kindle Edition
$$$
Cover image
Operating System Concepts
Save
Provides a comprehensive overview of operating system concepts, with a focus on the underlying principles of operating systems. It covers a wide range of topics, including process management, memory management, and file systems.
Operating System Concepts
Paperback
Check
Operating System Concepts
Kindle Edition
Check
Cover image
Computer Security
Save
Provides a comprehensive overview of computer security, with a focus on the principles and practices of secure computing. It covers a wide range of topics, including cryptography, network security, and system security.
Computer Security
Paperback
Check
Computer Security
Kindle Edition
Check
Cover image
Applied Cryptography
Save
Provides a comprehensive overview of applied cryptography, with a focus on the protocols, algorithms, and source code in C. It covers a wide range of topics, including symmetric-key cryptography, public-key cryptography, and hash functions.
Applied Cryptography: Protocols, Algorithms and...
Hardcover
$$$
Applied Cryptography: Protocols, Algorithms, and...
Hardcover
$$$$
Applied Cryptography: Protocols, Algorithms, and...
Paperback
$$
Applied Cryptography: Protocols, Algorithms, and...
Paperback
$$$$
Applied Cryptography: Protocols, Algorithms and...
Kindle Edition
$$
Cover image
Effective C, 2nd Edition
Save
Provides a comprehensive overview of secure coding standards, with a focus on the CERT C Secure Coding Standard. It covers a wide range of topics, including secure coding principles, common coding vulnerabilities, and secure coding techniques.
Effective C, 2nd Edition
Paperback
Check
Effective C, 2nd Edition
Kindle Edition
Check
Cover image
Reversing
Save
Provides a comprehensive overview of reverse engineering, with a focus on the practical aspects of reversing software. It covers a wide range of topics, including reverse engineering basics, common reverse engineering techniques, and advanced reverse engineering techniques.
Reversing: Secrets of Reverse Engineering
Paperback
$$
Reversing: Secrets of Reverse Engineering
Kindle Edition
$$

Share

Help others find this course page by sharing it with your friends and followers:
Facebook
LinkedIn
Reddit
X
Link
Email

Similar courses

Similar courses are unavailable at this time. Please try again later.
Course image
Effort
3 to 4 hours per week for 10 weeks
Level
Intermediate
Via
edX
Institution
Graz University of Technology
Instructor
Daniel Gruss
Language
English
Transcript
English
Traffic lights
Read about what's good
what should give you pause
and possible dealbreakers
Taught by Daniel Gruss, who is innovative in his approach to security risks in computer science
Develops key skills for anyone working with virtual environments
Explores topics highly relevant to industry
Offers hands-on labs and interactive materials
Advises students to take other courses first as prerequisites
Requires learners to come in with extensive background knowledge first
Share this
Share to help others discover this course.
Facebook LinkedIn X Reddit Link Email
Begin learning today
Enroll now to gain full access to Cache Side-Channel Attacks and Mitigations.
Enroll now
Save for later
Add this course to your list. Find it anytime.
Save
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2025 OpenCourser