Side-channel analysis (SCA) is an offensive security technique that targets not the formal description of a security-critical system, but the implementation of it. Examples of side channels include—but are not limited to—latency measurements, power consumption, electro-magnetic radiation, and acoustic emanations. This is a young but very active field within applied computer security. Modern processors are equipped with numerous features to improve the average performance of software, including—but not limited to—low-latency execution pipelines, various caches, prediction, speculative execution, and multi-layered parallelism. These mechanisms can often be used as side channels to attack implementations of security-critical systems by using leakage to recover critical data or state that should remain secret. This course provides an overview of these modern SCA concepts, explains how to establish and construct these channels, demonstrates how to apply SCA techniques, and furthermore basic methods to prevent them.

The Free and Open-Source Software (FOSS) movement promotes the principles of software freedom, collaboration, and innovation, allowing users to access, modify, and share software without restrictions. FOSS is good for software security because it promotes transparency, allowing anyone to review the source code for vulnerabilities and ensuring that security flaws are more likely to be discovered and fixed quickly: "given enough eyeballs, all bugs are shallow" –Eric S. Raymond (Linus's law) In this course, we use OpenSSL—one of the most security-critical FOSS projects of our time—as a case study on the evolution of an FOSS project in response to vulnerabilities reported by security researchers. We study, discuss, and present their discovery, potential exploitation, mitigation, and disclosure. We also learn how to effectively contribute to FOSS projects.

This course explores current topics in computing security. It is intended as a place holder course for faculty to experiment new course offerings in Computing Security undergraduate program. Course specific details change with respect to each specific focal area proposed by faculty.

Side-channel analysis (SCA) is an offensive security technique that targets not the formal description of a security-critical system, but the implementation of it. Examples of side channels include—but are not limited to—latency measurements, power consumption, electro-magnetic radiation, and acoustic emanations. This is a young but very active field within applied computer security. Modern processors are equipped with numerous features to improve the average performance of software, including—but not limited to—low-latency execution pipelines, various caches, prediction, speculative execution, and multi-layered parallelism. These mechanisms can often be used as side channels to attack implementations of security-critical systems by using leakage to recover critical data or state that should remain secret. This course provides an overview of these modern SCA concepts, explains how to establish and construct these channels, demonstrates how to apply SCA techniques, and furthermore basic methods to prevent them. Students will also be exposed to current literature covering research in side-channel analysis. Students will program in C and need a strong understanding of the design of modern computer architectures.

The Free and Open-Source Software (FOSS) movement promotes the principles of software freedom, collaboration, and innovation, allowing users to access, modify, and share software without restrictions. FOSS is good for software security because it promotes transparency, allowing anyone to review the source code for vulnerabilities and ensuring that security flaws are more likely to be discovered and fixed quickly: "given enough eyeballs, all bugs are shallow" –Eric S. Raymond (Linus's law) In this course, we use OpenSSL—one of the most security-critical FOSS projects of our time—as a case study on the evolution of an FOSS project in response to vulnerabilities reported by security researchers. We study, discuss, and present their discovery, potential exploitation, mitigation, and disclosure. We also learn how to effectively contribute to FOSS projects and we will explore vulnerability lifecycles of past open source software vulnerabilities.

This course offers an opportunity to learn about a specific seminar topic in more depth. The course description will be replaced by the specific instance of the seminar, as it is proposed by faculty.