We may earn an affiliate commission when you visit our partners.
Course image
Daniel Gruss

In this course, we build upon the knowledge we built up on cache side-channel attacks and transient-execution attacks, as well as the side-channel and security mindset. We again go beyond software-based side-channel attacks and now study software-based fault attacks. Fault attacks (sometimes also called active side-channel attacks ) are an incredibly powerful means to attack a system. Instead of just leaking secrets from an application or device, fault attacks actively manipulate the application or device to induce incorrect behavior which lets the attacker again leak secrets or fully take over control and subvert the application or device. We will look at fault attacks that can be triggered from software, namely Rowhammer and Plundervolt. We will then draw the connection between these attacks and transient-execution attacks that share some similarities. You will implement some of these attacks yourself and learn how they are mitigated.

Read more

In this course, we build upon the knowledge we built up on cache side-channel attacks and transient-execution attacks, as well as the side-channel and security mindset. We again go beyond software-based side-channel attacks and now study software-based fault attacks. Fault attacks (sometimes also called active side-channel attacks ) are an incredibly powerful means to attack a system. Instead of just leaking secrets from an application or device, fault attacks actively manipulate the application or device to induce incorrect behavior which lets the attacker again leak secrets or fully take over control and subvert the application or device. We will look at fault attacks that can be triggered from software, namely Rowhammer and Plundervolt. We will then draw the connection between these attacks and transient-execution attacks that share some similarities. You will implement some of these attacks yourself and learn how they are mitigated.

What you'll learn

- Understand different methods to induce hardware faults from software on modern computers
- Understand how these faulting mechanisms can undermine a system's security
- Understand the security risks posed and how fault attacks can be mitigated

What's inside

Syllabus

- Episode 1: Sledge Hammer!
Attackers can fault hardware from software using Rowhammer.
- Episode 2: Under Voltage
Plundervolt similarly can induce faults.
Read more
- Episode 3: Load Value Inception
Injecting false values also works in the transient domain and without any physical fault.
- Episode 4: Power Leakers
Software exposes power consumption interfaces, enabling leakage.
- Episode 5: Hardware Leaks and Software Leaks
The page cache can be used for attacks similar to hardware caches.

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Enhances knowledge on software-based side-channel attacks and opens up new avenues for security research
Builds upon prior understanding of cache side-channel attacks and transient-execution attacks
Provides hands-on experience in implementing software-based fault attacks
Provides insights into different methods of inducing hardware faults from software, a valuable skill for security professionals
Delves into the connection between software-based fault attacks and transient-execution attacks
Taught by Daniel Gruss, a recognized expert in the field of side-channel attacks

Save this course

Save Between Physical and Sofware: Fault Attacks, Side Channels, and Mitigations to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Between Physical and Sofware: Fault Attacks, Side Channels, and Mitigations with these activities:
Refresher on Memory Management
Enhance your understanding of memory management concepts to better grasp fault attack mechanisms.
Browse courses on Memory Management
Show steps
  • Review lecture notes or textbooks on memory management.
  • Practice writing code that demonstrates memory management techniques.
Review Fault Attacks
Start this course with a solid foundation in different methods of inducing hardware faults from software.
Show steps
  • Read provided materials on cache side-channel attacks and transient-execution attacks.
  • Review existing materials and personal projects that demonstrate side-channel and security mindsets.
Hands-on Fault Attack Mitigation Techniques
Solidify your understanding of fault attack mitigation by following guided tutorials.
Browse courses on Hardware Security
Show steps
  • Locate and follow online tutorials on fault attack mitigation techniques.
  • Implement the mitigation techniques in a simulated or real-world environment.
  • Evaluate the effectiveness of the mitigation techniques (optional).
Show all three activities

Career center

Learners who complete Between Physical and Sofware: Fault Attacks, Side Channels, and Mitigations will develop knowledge and skills that may be useful to these careers:
Network Security Manager
Network Security Managers plan and implement security measures to protect their organizations' computer networks from unauthorized access, use, disclosure, disruption, modification, or destruction. This course may be useful for Network Security Managers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help managers understand how these attacks can be used to compromise their organizations' computer networks and how to develop and implement security measures to prevent these attacks.
Security Architect
Security Architects design and implement security architectures to protect computer systems and networks from unauthorized access, use, disclosure, disruption, modification, or destruction. This course may be useful for Security Architects who want to learn about software-based fault attacks, side channels, and mitigations. The course will help architects understand how these attacks can be used to compromise computer systems and networks and how to design security architectures to prevent these attacks.
Chief Information Security Officer (CISO)
Chief Information Security Officers (CISOs) are responsible for developing and implementing security strategies and policies for their organizations. This course may be useful for CISOs who want to learn about software-based fault attacks, side channels, and mitigations. The course will help CISOs understand how these attacks can be used to compromise their organizations' computer systems and networks and how to develop and implement security strategies and policies to prevent these attacks.
Cybersecurity Manager
Cybersecurity Managers plan and implement cybersecurity programs for their organizations. This course may be useful for Cybersecurity Managers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help managers understand how these attacks can be used to compromise their organizations' computer systems and networks and how to develop and implement cybersecurity programs to prevent these attacks.
Software Security Engineer
Software Security Engineers design, develop, and maintain software applications that are resistant to security vulnerabilities. This course may be useful for Software Security Engineers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help engineers understand how these attacks can be used to compromise software applications and how to design software that is resistant to these attacks.
Security Operations Manager
Security Operations Managers plan and implement security operations programs for their organizations. This course may be useful for Security Operations Managers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help managers understand how these attacks can be used to compromise their organizations' computer systems and networks and how to develop and implement security operations programs to prevent these attacks.
Vulnerability Researcher
Vulnerability Researchers identify and analyze security vulnerabilities in computer systems and networks. This course may be useful for Vulnerability Researchers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help researchers understand how these attacks can be used to compromise computer systems and networks and how to develop tools and techniques to identify and analyze these vulnerabilities.
Penetration Tester
Penetration Testers assess the security of computer systems and networks by simulating attacks from external and internal sources. This course may be useful for Penetration Testers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help testers understand how these attacks can be used to compromise computer systems and networks and how to develop penetration tests to detect these attacks.
Information Security Manager
Information Security Managers plan and implement security measures to protect their organizations' information assets from unauthorized access, use, disclosure, disruption, modification, or destruction. This course may be useful for Information Security Managers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help managers understand how these attacks can be used to compromise their organizations' information assets and how to develop and implement security measures to prevent these attacks.
Systems Administrator
Systems Administrators install, configure, and maintain computer systems and networks. This course may be useful for Systems Administrators who want to learn about software-based fault attacks, side channels, and mitigations. The course will help administrators understand how these attacks can be used to compromise computer systems and networks and how to configure and maintain systems to prevent these attacks.
Network Security Engineer
Network Security Engineers design, implement, and maintain security measures to protect computer networks from unauthorized access, use, disclosure, disruption, modification, or destruction. This course may be useful for Network Security Engineers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help engineers understand how these attacks can be used to compromise computer networks and how to design security measures to prevent these attacks.
Information Security Analyst
Information Security Analysts plan and implement security measures to protect information systems and networks from unauthorized access, use, disclosure, disruption, modification, or destruction. This course may be useful for Information Security Analysts who want to learn about software-based fault attacks, side channels, and mitigations. The course will help analysts understand how these attacks can be used to compromise information systems and how to develop security measures to prevent these attacks.
Computer Security Analyst
Computer Security Analysts plan and implement security measures to protect computer systems and networks from unauthorized access, use, disclosure, disruption, modification, or destruction. This course may be useful for Computer Security Analysts who want to learn about software-based fault attacks, side channels, and mitigations. The course will help analysts understand how these attacks can be used to compromise computer systems and how to develop security measures to prevent these attacks.
Computer Hardware Engineer
Computer Hardware Engineers design, develop, and test computer hardware components, including processors, memory, and storage devices. This course may be useful for Computer Hardware Engineers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help engineers understand how these attacks can be used to compromise computer systems and how to design hardware that is resistant to these attacks.
Computer Software Engineer
Computer Software Engineers design, develop, and maintain software applications. This course may be useful for Computer Software Engineers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help engineers understand how these attacks can be used to compromise software applications and how to design software that is resistant to these attacks.

Reading list

We've selected eight books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Between Physical and Sofware: Fault Attacks, Side Channels, and Mitigations.
Provides up-to-date information on modern processor design, which is helpful for understanding the latest developments in fault attack techniques.
Covers some of the history of side-channel and fault attacks, and provides additional depth on the attacks covered in the course.
"Additional reading" on topics related to software security. Doesn't focus on fault attacks specifically.
Provides background on the fundamentals of computer architecture, which is necessary for understanding the implementation details of the attacks covered in the course.
"Additional reading" on topics related to incident response and computer forensics. Doesn't focus on fault attacks specifically.

Share

Help others find this course page by sharing it with your friends and followers:

Similar courses

Here are nine courses similar to Between Physical and Sofware: Fault Attacks, Side Channels, and Mitigations.
Transient-Execution Attacks: Understanding Meltdown and...
Most relevant
Physical and Advanced Side-Channel Attacks
Most relevant
Cache Side-Channel Attacks and Mitigations
Most relevant
Introduction to Software Side Channels and Mitigations
Most relevant
Side-Channel Security: Developing a Side-Channel Mindset
Most relevant
Securing Software, Data and End Points
Most relevant
Systems and Application Security
Most relevant
The Complete Mobile Ethical Hacking Course
Azure IoT Hub for Developers: Getting Started
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser