Paper Discussion

In each discussion session, we will discuss 5 papers around a same topic. The discussion of each paper will be led by 2 students (who take the graduate version of the course, i.e., 6.5950). Throughout the semester, each student will only lead the discussion once. The papers to be discussed are selected from top security and computer architecture conferences, covering broad hardware security topics representing the state of the art.

For the presenters, please check Piazza posts for knowing when you will present which paper. As you prepare for the presentation, make sure to refer to our detailed paper reading guidance for how to read a hardware security paper, what is required for the presentation, and how your presentation will be graded.

For the audience, we encourage you to pick a paper to read before each discussion session and ask questions during the Q&A of that paper, as well as other papers. Based on the quality of the questions, we will give bonus points toward your final grades. Audience and presenters will also be invited to vote how much you like each paper (e.g., should it get a “Best Paper Award”?). It would be fun and we are curious about your opinions on them!

Papers

Recent Microarchitecture Attacks (March 4)

• Hertzbleed: Turning Power Side-Channel Attacks into Remote Timing Attacks on x86
• Last-Level Cache Side-Channel Attacks are Practical
• Port Contention for Fun and Profit
• Opening Pandora’s Box: A Systematic Study of New Ways Microarchitecture Can Leak Private Data
• An Analysis of Speculative Type Confusion Vulnerabilities in the Wild

More Physical Attacks (April 8)

• Flip Feng Shui: Hammering a Needle in the Software Stack
• CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management
• SRAM Has No Chill: Exploiting Power Domain Separation to Steal On-Chip Secrets
• One Glitch to Rule Them All: Fault Injection Attacks Against AMD’s Secure Encrypted Virtualization
• Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks

Hardware Support for Software Safety (April 29)

• PACMem: Enforcing Spatial and Temporal Memory Safety via ARM Pointer Authentication
• Preventing Kernel Hacks with HAKC
• The CHERI capability model: Revisiting RISC in an age of risk
• Speculative Probing: Hacking Blind in the Spectre Era
• CHEx86: Context-Sensitive Enforcement of Memory Safety via Microcode-Enabled Capabilities

Fuzzing and Formal Verification (May 6)

• SiliFuzz: Fuzzing CPUs by Proxy
• Cascade: CPU Fuzzing via Intricate Program Generation
• SpecDoctor: Differential Fuzz Testing to Find Transient Execution Vulnerabilities
• SPECS: A Lightweight Runtime Mechanism for Protecting Software from Security-Critical Processor Bugs
• Revizor: Testing Black-Box CPUs against Speculation Contracts
• HyPFuzz: Formal-Assisted Processor Fuzzing