Announcements

  • Welcome to EE260 F18!

    Logistics

    Course Staff

    Instructor:

    Class hours

    Lectures: 3:40 to 5:00 Life Science 2418

    Should you take this class?

    This class is a breadth survey focusing on the role of computer architecture as well as hardware in the security of computing systems. Most of the cybersecurity community focuses on security as a software problem with attacks targeting software, and defenses trying to fix that software. In this course, our focus is more on what attacks are exposed by the lower levels of the system (Architecture, hardware, low-level firmware) and conversely, what these layers of the system can do to secure systems (not expose vulnerabilities, but also provide mechanisms and tools to secure software and the system overall).

    The topic of the course is broad, but at the same time, I think it is fine if you don't know much about computer architecture, operating systems, security, hardware, etc... I don't expect any one student to have all that background. I will provide background where necessary, although you may not understand everything in detail, you should still learn a lot about every topic.

    The class is run as a seminar, and therefore, there are no exams. The required work includes having to read papers (roughly two per week), occasionally writing a summary (roughly one every 2 weeks), presenting papers (at least once, but possibly twice, depending on enrollment), and writing a mini-survey about a topic of your choice (roughly 5 pages). To get a good grade, you should do your reading, attend classes, and participate in discussions. Hopefully, the lack of exams and direct assessment, will help diffuse concerns about having sufficient background.

  • Date Class Calendar Slides (if any) Reading
    Sep. 29, Thu Introduction: Course Overview and Organization lec1.pdf (1)How to read a research paper (Mitzenmacher) (b) (Keshav), (2) How to write a great research paper (video)
    Oct 2., Tue Attack Overview lec2.pptx Recommended (no required reading): Buffer Overflows, Cowan et al 2003, Eternal war in memory (2013), Integer overflow attacks (2002), Format string vullnerabilities,Reflections on trusting trust
    Oct 4, Thu Attack overview (cont'd) News of the day:the big hack,Tiny chips to steal IP in Chinese made products
    Oct 9, Tue Code Reuse Attacks I: Attacks lec3.pptx Required (submit summary on iLearn) Return-oriented programming without returns, Recommended: Geometry of innocent flesh on the bone (ROP), Deep Randomization defenses, Just in time ROP, Shuffler
    Oct 11, Thu Code Reuse Attacks II: Defenses lec4.pptx Required: Signature based defenses, Recommended: Control Flow Integrity defenses, ROP is still dangerous (usenix 14)
    Oct. 16, Tue Architecture Side Channel Attacks and defenses Required: jump over aslr (attack); Recommended: LLC attack, Cache redesign (defense), NoMo cache (defense), Cache games (attack)
    Oct. 18, Thu Side Channel Attacks (cont'd)
    Oct. 23, Tue Analog side channels Required (summary on iLearn): Attacking masked AES, Intro to DPA, Software mitigation
    Oct. 25, Thu Physically unclonable functions PUF intro, PUFs myth?, SRAM PUF
    Oct. 30 Tue Fault Injection Required (summary on ilearn):Sorcerer's apprentice guide, Recommended: Bellcore attack, DirectTV/black sunday, DirectTV hacks, Google Project zero rowhammer exploitFlip Feng Shui, One bit flips, one cloud flopsRow hammer paper, Rowhammer.js, Clkscrew
    Nov 1, Thu Isolation and Confinement Recommended (posted late -- sorry): Hyperwall Recommended: SGX,TrustZone
    Nov. 6, Tue Isolation (II) Haven Sanctum; Manjunath presents get off my cloud, Recommended: Haven, Cloud visor, Open SGX, Flicker, Inktag
    Nov. 8, Thu. Access Control Models Get off of my cloud!
    Nov. 13, Tue Information Flow Tracking; Memory bounds checking Taintdroid; Required Raksha (Summary on iLearn), Recommended: Hardbound,SIFT,DISE
    Nov. 15, Thu. Secure I/O and Firmware Fingerprinting ECUs for vehicles, USBFilter; Recommended: Securing DMA, Viper, DMA Malware, Hard drive backdoor, Embedded Firmware Security, USB Filter
    Nov. 20, Tue Hardware Trojans 3D circuits for protection, Pratheek presents hardware trojans, Sheriff presents aging defense paper;Recommended: survey, silencing hardware backdoors
    Nov. 22, Thu. No class -- happy Thanksgiving!
    Nov. 27, Tue Malware and Intrusion Detection Adversarial machine learning. Required (summary on iLearn): Snort FPGA, Recommended: RHMD
    Nov. 29, Thu Embedded/IoT Medical device defense paper, Embedded Firmware Security, Security of IoT, FlowFence
    Dec. 4, Tue Security for Emerging Systems Automotive security,Automotive attack surface, Medical device security survey, Non-invasive security for medical devices
    Dec. 6, Thu Security for Emerging Systems