Side-Channel Attacks and Defenses

Hello there,

we, the Capture-the-Flag Team saarsec, consisting of students and lecturers from Saarland University, are giving a workshop to familiarize students with Capture-the-Flag competitions as well as attacking and defending against security vulnerabilities. CTFs are a great way to actually fiddle around with the practical details of mounting attacks and defenses that were theoretically discussed during your studies. This practical experience can not only be beneficial for your studies but also come in handy during later stages of your career. The workshop starts with a short introduction to Linux, followed by different topics such as File Inclusions, SQL Injections, and Command Injections. For each topic, we will discuss how we can find these vulnerabilities, exploit them on a large scale, and how we can fix them. Then, for each each topic, you'll spend more than 50% of the time in each slot on actual challenges. At the end, we will host a CTF for all workshop participants where they can use their newly acquired skills against each other.

FAQ:

Q: When and where?

A: April 10th and 11th, the format (virtual, onsite, or hybrid) will be announced later

Q: Requirements?

A: We do not require any certain skills as we will start with the basics. However, the knowledge from Cysec1 or Security is definitely an advantage.

Q: Sounds awesome! Where can I register or get more information?

A: https://workshop.saarsec.rocks

 

See you there,

saarsec

Hi, 

the re-exam is already next week (15.3.2022 10:00), so do not forget to register in LSF. The registration deadline ends tomorrow!

A few details regarding the exam:

• The exam takes place in person on March 15, 10:00 in E2 2, Günter-Hotz-Hörsaal.
• You need at least 26 points in the practical part to be admitted to the exam
• The university hygiene rules apply, so there is 3G for the exam
• No lecture notes or any other materials are allowed during an exam

Cheers,
Michael

Hi, 

the final points for the practicals are now online. The results are really good, congratulations to everyone! If you have >= 26 points, you are admitted to the exam (if you are registered). 

As a reminder for the exam tomorrow:

• Everyone must comply with the 3G rule (you need to be able to prove that if asked by the University's security service)
• A medical mouth-nose-protection mask (surgical mask or FFP2/KN95/N95) must be worn during the entire exam

Good luck,
Michael & Daniel

Hi, 

the exam is already next week (8.2.2022 10:00), so do not forget to register in LSF. The registration deadline ends tomorrow!

A few details regarding the exam:

• The exam takes place in person on February 8, 10:00 in room E9 1.
• You need at least 26 points in the practical part to be admitted to the exam
• The university hygiene rules apply, so there is 3G for the exam
• No lecture notes or any other materials are allowed during an exam
• The lecture-challenge system closes on 07.02.2022 23:59. Until then, you can collect bonus points for the exam. If you did not register with your student mail address, you have to write your username on the exam sheet to get the points!

Cheers,
Michael

Hello together,

we just released the third assignment. In contrast to the first two assignments, this last assignment will test whether you can defend against the attacks discussed in this course.

Also, you can now find the link for tomorrow's Zoom session in the Materials Section of the CMS.

 

Cheers,

Daniel

Hello together,

unfortunately, we figured out that the binary for challenge 3 made the challenge for some systems harder to solve than originally intended. This led to some exploits working locally (on your systems) but not on our server. We apologize for that.

Hence, we pushed a patched binary [1] for challenge 3 to the upstream repository and we recommend that you should develop your attacks against this new binary [1]. As we do not want to negatively impact students that already have working solutions against our original binary [2] we will test your exploits against both binaries and you will pass the test if your exploit works against one of them.

 

Cheers,

Daniel

 

[1]: md5sum of new binary: abb3facf71e8ba4897febe6818ed4df2
[2]: md5sum of old binary: ee4e586d4fa4d9ed66f7b8c0e6a0da93

Hello,

we just released the second assignment "The Fault in Our Keys". As always, if there are any questions ask them via the Forum or Mattermost preferably and in case your question would spoil solutions via mail or Mattermost PM.

Next Monday, 4pm (c.t.), we will have our second tutorial. The tutorial will be a chance for you to ask last-minute questions about the first assignment and we will discuss concepts that will help you solve the second assignment.

 

Cheers,

Daniel

Hi,

Due to the new COVID-related regulations regarding access to CISPA and the general worsening of the entire situation, our next lectures will, unfortunately, be online-only via YouTube.

The slot of the lecture stays the same, starting every Tuesday at 10:15. You will always find the link to the current stream in the Materials section of the CMS. As before, all lectures are recorded and stay on YouTube. 

We hope to be able to return to physical lectures soon as the COVID situation improves.

See you (online) tomorrow,
Michael

Hello all,

thanks for the participation and the interaction during the tutorial!
We have uploaded the slides and the solution to the histogram exercise to the Materials section of the CMS.

During the tutorial, I was asked whether there is an AMD equivalent for Intel Turbo Boost and it seems there is one called AMD Turbo Core. Fortunately, it seems like we can disable that in a similar manner (at least it worked on the AMD where I just tested this):
To disable AMD Turbo Core:

echo "0" | sudo tee /sys/devices/system/cpu/cpufreq/boost

To enable it again:
echo "1" | sudo tee /sys/devices/system/cpu/cpufreq/boost

As always: Be careful when using these commands as they directly affect the behavior of your processor and we recommend using all these things only when debugging microarchitectural experiments.

 

Cheers,

Daniel

Hello together,

next Thursday, November 11th at 11:59am, we will hold our first tutorial session in the CISPA lecture hall.
We will go through a few tips and tricks when developing code for microarchitectural attacks.

This will also be an opportunity to ask project-related questions in person and clarify everything that is unclear. However, if you are unable to join, remember that you can also always ask questions via Mattermost and the forum or via email and Mattermost PMs (the latter two in case your question contains code or specific questions regarding your solution).

See you there :)

Hello and welcome everyone registered to this course!

The first lecture starts tomorrow at 10 am (c.t., so 10:15) in the CISPA lecture hall. I'm really looking forward to in-person teaching again, and hope to see many of you in the lecture hall. Note that the regulations of the university apply, i.e., 3G rule, contract tracing with the Staysio app, and the requirement to wear a mask. There will also be a live stream of the lecture on YouTube. The link to the stream can be found on the Materials page. The stream is unlisted, so please don't share it outside of this lecture.  

Cheers,
Michael