We may earn an affiliate commission when you visit our partners.
Between Physical and Sofware
Fault Attacks, Side Channels, and Mitigations
Daniel Gruss
Daniel Gruss
In this course, we build upon the knowledge we built up on cache side-channel attacks and transient-execution attacks, as well as the side-channel and security mindset. We again go beyond software-based side-channel attacks and now study software-based fault attacks. Fault attacks (sometimes also called active side-channel attacks ) are an incredibly powerful means to attack a system. Instead of just leaking secrets from an application or device, fault attacks actively manipulate the application or device to induce incorrect behavior which lets the attacker again leak secrets or fully take over control and subvert the application or device. We will look at fault attacks that can be triggered from software, namely Rowhammer and Plundervolt. We will then draw the connection between these attacks and transient-execution attacks that share some similarities. You will implement some of these attacks yourself and learn how they are mitigated.
Read more
In this course, we build upon the knowledge we built up on cache side-channel attacks and transient-execution attacks, as well as the side-channel and security mindset. We again go beyond software-based side-channel attacks and now study software-based fault attacks. Fault attacks (sometimes also called active side-channel attacks ) are an incredibly powerful means to attack a system. Instead of just leaking secrets from an application or device, fault attacks actively manipulate the application or device to induce incorrect behavior which lets the attacker again leak secrets or fully take over control and subvert the application or device. We will look at fault attacks that can be triggered from software, namely Rowhammer and Plundervolt. We will then draw the connection between these attacks and transient-execution attacks that share some similarities. You will implement some of these attacks yourself and learn how they are mitigated.
Read more
In this course, we build upon the knowledge we built up on cache side-channel attacks and transient-execution attacks, as well as the side-channel and security mindset. We again go beyond software-based side-channel attacks and now study software-based fault attacks. Fault attacks (sometimes also called active side-channel attacks ) are an incredibly powerful means to attack a system. Instead of just leaking secrets from an application or device, fault attacks actively manipulate the application or device to induce incorrect behavior which lets the attacker again leak secrets or fully take over control and subvert the application or device. We will look at fault attacks that can be triggered from software, namely Rowhammer and Plundervolt. We will then draw the connection between these attacks and transient-execution attacks that share some similarities. You will implement some of these attacks yourself and learn how they are mitigated.
What you'll learn
- Understand different methods to induce hardware faults from software on modern computers
- Understand how these faulting mechanisms can undermine a system's security
- Understand the security risks posed and how fault attacks can be mitigated
Register for this course and see more details by visiting:
OpenCourser.com/course/v3vt4r/between
What's inside
Syllabus
- Episode 1: Sledge Hammer!
Attackers can fault hardware from software using Rowhammer.
- Episode 2: Under Voltage
Plundervolt similarly can induce faults.
Read more
Syllabus
- Episode 1: Sledge Hammer!
Attackers can fault hardware from software using Rowhammer.
- Episode 2: Under Voltage
Plundervolt similarly can induce faults.
Read more
- Episode 3: Load Value Inception
Injecting false values also works in the transient domain and without any physical fault.
- Episode 4: Power Leakers
Software exposes power consumption interfaces, enabling leakage.
- Episode 5: Hardware Leaks and Software Leaks
The page cache can be used for attacks similar to hardware caches.
Good to know
Good to know
Know what's good ,
what to watch for , and
possible dealbreakers
Enhances knowledge on software-based side-channel attacks and opens up new avenues for security research
Builds upon prior understanding of cache side-channel attacks and transient-execution attacks
Provides hands-on experience in implementing software-based fault attacks
Provides insights into different methods of inducing hardware faults from software, a valuable skill for security professionals
Delves into the connection between software-based fault attacks and transient-execution attacks
Taught by Daniel Gruss, a recognized expert in the field of side-channel attacks
Save this course
Save Between Physical and Sofware: Fault Attacks, Side Channels, and Mitigations to your list so you can find it easily later:
Save
Save
Activities
Coming soon
We're preparing activities for
Between Physical and Sofware: Fault Attacks, Side Channels, and Mitigations.
These are activities you can do either before, during, or after a course.
Career center
Learners who complete Between Physical and Sofware: Fault Attacks, Side Channels, and Mitigations will develop knowledge and skills
that may be useful to these careers:
Network Security Manager
Network Security Manager
Network Security Managers plan and implement security measures to protect their organizations' computer networks from unauthorized access, use, disclosure, disruption, modification, or destruction. This course may be useful for Network Security Managers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help managers understand how these attacks can be used to compromise their organizations' computer networks and how to develop and implement security measures to prevent these attacks.
Security Architect
Security Architect
Security Architects design and implement security architectures to protect computer systems and networks from unauthorized access, use, disclosure, disruption, modification, or destruction. This course may be useful for Security Architects who want to learn about software-based fault attacks, side channels, and mitigations. The course will help architects understand how these attacks can be used to compromise computer systems and networks and how to design security architectures to prevent these attacks.
Chief Information Security Officer (CISO)
Chief Information Security Officer (CISO)
Chief Information Security Officers (CISOs) are responsible for developing and implementing security strategies and policies for their organizations. This course may be useful for CISOs who want to learn about software-based fault attacks, side channels, and mitigations. The course will help CISOs understand how these attacks can be used to compromise their organizations' computer systems and networks and how to develop and implement security strategies and policies to prevent these attacks.
Cybersecurity Manager
Cybersecurity Manager
Cybersecurity Managers plan and implement cybersecurity programs for their organizations. This course may be useful for Cybersecurity Managers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help managers understand how these attacks can be used to compromise their organizations' computer systems and networks and how to develop and implement cybersecurity programs to prevent these attacks.
Software Security Engineer
Software Security Engineer
Software Security Engineers design, develop, and maintain software applications that are resistant to security vulnerabilities. This course may be useful for Software Security Engineers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help engineers understand how these attacks can be used to compromise software applications and how to design software that is resistant to these attacks.
Security Operations Manager
Security Operations Manager
Security Operations Managers plan and implement security operations programs for their organizations. This course may be useful for Security Operations Managers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help managers understand how these attacks can be used to compromise their organizations' computer systems and networks and how to develop and implement security operations programs to prevent these attacks.
Vulnerability Researcher
Vulnerability Researcher
Vulnerability Researchers identify and analyze security vulnerabilities in computer systems and networks. This course may be useful for Vulnerability Researchers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help researchers understand how these attacks can be used to compromise computer systems and networks and how to develop tools and techniques to identify and analyze these vulnerabilities.
Penetration Tester
Penetration Tester
Penetration Testers assess the security of computer systems and networks by simulating attacks from external and internal sources. This course may be useful for Penetration Testers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help testers understand how these attacks can be used to compromise computer systems and networks and how to develop penetration tests to detect these attacks.
Information Security Manager
Information Security Manager
Information Security Managers plan and implement security measures to protect their organizations' information assets from unauthorized access, use, disclosure, disruption, modification, or destruction. This course may be useful for Information Security Managers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help managers understand how these attacks can be used to compromise their organizations' information assets and how to develop and implement security measures to prevent these attacks.
Systems Administrator
Systems Administrator
Systems Administrators install, configure, and maintain computer systems and networks. This course may be useful for Systems Administrators who want to learn about software-based fault attacks, side channels, and mitigations. The course will help administrators understand how these attacks can be used to compromise computer systems and networks and how to configure and maintain systems to prevent these attacks.
Network Security Engineer
Network Security Engineer
Network Security Engineers design, implement, and maintain security measures to protect computer networks from unauthorized access, use, disclosure, disruption, modification, or destruction. This course may be useful for Network Security Engineers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help engineers understand how these attacks can be used to compromise computer networks and how to design security measures to prevent these attacks.
Information Security Analyst
Information Security Analyst
Information Security Analysts plan and implement security measures to protect information systems and networks from unauthorized access, use, disclosure, disruption, modification, or destruction. This course may be useful for Information Security Analysts who want to learn about software-based fault attacks, side channels, and mitigations. The course will help analysts understand how these attacks can be used to compromise information systems and how to develop security measures to prevent these attacks.
Computer Security Analyst
Computer Security Analyst
Computer Security Analysts plan and implement security measures to protect computer systems and networks from unauthorized access, use, disclosure, disruption, modification, or destruction. This course may be useful for Computer Security Analysts who want to learn about software-based fault attacks, side channels, and mitigations. The course will help analysts understand how these attacks can be used to compromise computer systems and how to develop security measures to prevent these attacks.
Computer Hardware Engineer
Computer Hardware Engineer
Computer Hardware Engineers design, develop, and test computer hardware components, including processors, memory, and storage devices. This course may be useful for Computer Hardware Engineers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help engineers understand how these attacks can be used to compromise computer systems and how to design hardware that is resistant to these attacks.
Computer Software Engineer
Computer Software Engineer
Computer Software Engineers design, develop, and maintain software applications. This course may be useful for Computer Software Engineers who want to learn about software-based fault attacks, side channels, and mitigations. The course will help engineers understand how these attacks can be used to compromise software applications and how to design software that is resistant to these attacks.
For more career information including salaries, visit:
OpenCourser.com/course/v3vt4r/between
Reading list
We've selected eight books
that we think will supplement your
learning. Use these to
develop background knowledge, enrich your coursework, and gain a
deeper understanding of the topics covered in
Between Physical and Sofware: Fault Attacks, Side Channels, and Mitigations.
Provides up-to-date information on modern processor design, which is helpful for understanding the latest developments in fault attack techniques.
Covers some of the history of side-channel and fault attacks, and provides additional depth on the attacks covered in the course.
"Additional reading" on topics related to software security. Doesn't focus on fault attacks specifically.
"Additional reading" on topics related to cryptography. Doesn't focus on fault attacks specifically.
Save
Provides background knowledge on embedded systems, which is helpful for understanding how fault attacks can be applied to them.
Provides background on the fundamentals of computer architecture, which is necessary for understanding the implementation details of the attacks covered in the course.
"Additional reading" on topics related to hardware hacking. Doesn't focus on fault attacks specifically.
"Additional reading" on topics related to incident response and computer forensics. Doesn't focus on fault attacks specifically.
For more information about how these books relate to this course, visit:
OpenCourser.com/course/v3vt4r/between
Share
Similar courses
Here are nine courses similar to
Between Physical and Sofware: Fault Attacks, Side Channels, and Mitigations.
Transient-Execution Attacks: Understanding Meltdown and Spectre
OpenCourser.com/course/leie1c/transient
Transient-Execution Attacks: Understanding Meltdown and...
Most relevant
Physical and Advanced Side-Channel Attacks
OpenCourser.com/course/cczvcz/physical
Physical and Advanced Side-Channel Attacks
Most relevant
Cache Side-Channel Attacks and Mitigations
OpenCourser.com/course/94mrov/cache
Cache Side-Channel Attacks and Mitigations
Most relevant
Introduction to Software Side Channels and Mitigations
OpenCourser.com/course/kz6jlg/introduction
Introduction to Software Side Channels and Mitigations
Most relevant
Side-Channel Security: Developing a Side-Channel Mindset
OpenCourser.com/course/uwcjld/side
Side-Channel Security: Developing a Side-Channel Mindset
Most relevant
Securing Software, Data and End Points
OpenCourser.com/course/4kb7l0/securing
Securing Software, Data and End Points
Most relevant
Systems and Application Security
OpenCourser.com/course/hgt4fv/systems
Systems and Application Security
Most relevant
The Complete Mobile Ethical Hacking Course
OpenCourser.com/course/r43xtj/the
The Complete Mobile Ethical Hacking Course
Azure IoT Hub for Developers: Getting Started
OpenCourser.com/course/ruwz5n/azure
Azure IoT Hub for Developers: Getting Started
Effort
3 to 4 hours per week for 10 weeks
Level
Introductory
Via
edX
Institution
Graz University of Technology
Instructor
Daniel Gruss
Language
English
Transcript
English
Good to know
Enhances knowledge on software-based side-channel attacks and opens up new avenues for security research
Builds upon prior understanding of cache side-channel attacks and transient-execution attacks
Provides hands-on experience in implementing software-based fault attacks
Provides insights into different methods of inducing hardware faults from software, a valuable skill for security professionals
Delves into the connection between software-based fault attacks and transient-execution attacks
Taught by Daniel Gruss, a recognized expert in the field of side-channel attacks
Our mission
OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.
Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.
Find this site helpful? Tell a friend about us.
Affiliate disclosure
We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.
Your purchases help us maintain our catalog and keep our servers humming without ads.
Thank you for supporting OpenCourser.
© 2016 - 2024 OpenCourser