Transient-Execution Attacks: Understanding Meltdown and Spectre

About

In this course, we build upon the knowledge we built up so far on cache side-channel attacks as well as the side-channel and security mindset. We will then go beyond software-based side-channel attacks and study transient-execution attacks. Transient execution is a mechanism present in modern processors, where the processor performs operations, often speculatively, that it later on has to undo. However, the side effects of these operations remain and leak data (not meta-data!) to the attacker. Similar to the prior courses, we provide you with the experience of discovering these attacks yourself in a group of students, living in a shared appartment. We again dive deeper into the microarchitecture and will now understand out-of-order pipelines and how their behavior introduces leakage. We will then use side channels to exfiltrate data and transmit it to an attacker-controlled application. We will learn about the most prominent of these attacks: Meltdown, Spectre, Foreshadow, and ZombieLoad. You will implement some of these attacks yourself, which requires skills in reading and writing C code. You will learn which attacks are relevant in the concrete native and virtualized environments you are working with, contributing to your risk assessment skills. In a set of small exercises, you will implement some of these attacks and show that you understood out-of-order execution pipelines, transient-execution attacks and potential mitigations against them.

What you will learn

- Understand the difference between side-channel attacks and transient-execution attacks
- Build up the ability to recognize which software may be exposed to transient-execution vulnerabilities
- Understand the immense security risks posed by transient-execution attacks and how these attacks can be mitigated

Syllabus

- Episode 1: Haunted by Spectre

Speculative behaviors can leak secrets from other programs.

- Episode 2: Daniel has a Meltdown

Computers sometimes leak secrets before realizing they shouldn't.

- Episode 3: Trust Issues

We investigate trusted execution environments for isolation.

- Episode 4: Foreshadow

We investigate transient-execution attacks on trusted execution environments.

- Episode 5: Noise is just someone else's data

Remaining noise turns out to still be data leakage.

Auto Summary

Discover the intricacies of transient-execution attacks with the specialized course "Transient-Execution Attacks: Understanding Meltdown and Spectre," offered by edX. This expert-level course delves deep into the realm of IT and Computer Science, focusing on advanced security threats that go beyond traditional software-based side-channel attacks. Throughout the course, learners will explore prominent attacks such as Meltdown, Spectre, Foreshadow, and ZombieLoad. Participants will gain hands-on experience by implementing these attacks and learning effective mitigation strategies. Ideal for professionals seeking to enhance their cybersecurity expertise, the course is available through professional and starter subscription options. Join now to master the skills needed to protect against these sophisticated threats and safeguard sensitive data.