The course focuses on cache side channel attacks and how the micro architectural design of modern computers can be exploited by attackers to breach trust boundaries. The learning outcomes include understanding how the cache subsystem of modern x86 computers can be abused to access private data, recognizing the relevance and impact of cache side channel attacks in cloud computing environments, and learning about various demonstrated attacks such as key extraction and spying on user input. The course teaches about victim time, prime and probe, flush load, eject in time, shared memory, detecting side channels using performance counters, flush reload, detecting cache misses, and analyzing code for vulnerabilities. The teaching method involves a lecture format with a focus on practical examples and demonstrations. The intended audience includes cybersecurity professionals, computer science students, and anyone interested in understanding the security implications of CPU design in modern computers.
Cache Side Channel Attacks - CPU Design As A Security Problem
Hack In The Box Security Conference via YouTube
Overview
Syllabus
Intro
Cache Side Channel Attacks
Who am I
Scope
Why is this interesting
How the data cache works
Summary
How is memory stored
Example code
How it works
Cash attacks
Victim time
Prime and Probe
Flush Load
Eject In Time
Shared Memory
Side Channel Attacks
Detecting Side Channels
Performance Counters
Flush Reload
Detecting cache misses
Analyzing the original code
Is the form scan useless
Flush and flush
Detecting flush
Twostage detection
Problems
Mitigation
Questions
Taught by
Hack In The Box Security Conference
Related Courses
-
Cache Side-Channel Attacks and Mitigations
-
Side Channel Security – Caches and Physical Attacks
-
Introduction to Software Side Channels and Mitigations
-
Cache Side Channel Attack - Exploitability and Countermeasures
-
A Software Approach to Defeating Side Channels in Last-Level Caches
-
Side-Channel Attacks on Everyday Applications
