Side-Channel Security (SS 2026)
Table of Content
Content
Software is embedded in many devices and systems that we use and rely upon every day. Software controls mobile phones, cars, home appliances as well as all kinds of machines and sensors in industrial settings. In today’s ubiquitous computing environment, software is everywhere and the value of the assets that are stored and processed by the software increases continuously. Attacker can thus attack both the software and the device directly. This course provides an overview of attack techniques and countermeasures. The discussed attacks include cache attacks and other recent software-based attack techniques. It also includes attacks that exploit physical properties of a device, such as the timing or the power consumption that is caused by the executed software. The course discusses state-of-the-art countermeasures against all these attacks. An important aspect of this course is to provide hands-on-experience to students. This is why several exercises are part of this course. In these exercises, example software and countermeasures are implemented and then attacked and evaluated.Rules and Course Information
In this course, you will have to complete 2 exercises in groups of two students. Each group will get a GIT repository for working on and submitting exercises.
Each exercise goes into a different directory (Exercise 1:
ex1, Exercise 2: ex2).
You submit your work by tagging the according version in your GIT repository. The tags are ex1-1 and ex1-2 for assignment 1 and ex2 for assignment 2.
Your submission has to be complete (contain anything that you want to be considered for grading).
You have to present your exercise after the submission. Grading will be based on the exercise interview.
Exercise 1: Software Security
Team Registration: https://cloud.tugraz.at/index.php/apps/forms/s/ndJmdniJAaFgxSoBjDQYaoSbUpstream: https://gitlab.tugraz.at/scs/s26/upstream/
Assignment: Exercise 1, (In OpenDyslexic)
Deadlines
| Exercise | Date |
|---|---|
| ex1-1 | 26.03.2026 |
| ex1-2 | 01.05.2026 |
Grading
There are 2 exercise sheets. You can get up to 15 points per exercise sheet—summing up to 30 points. Your mark will be:
-
≥ 27 points (90%) → 1
-
≥ 24 points (80%) → 2
-
≥ 21 points (70%) → 3
-
≥ 18 points (60%) → 4
Support
Discord
- click on the emoji for SCS
For questions regarding the practicals, contact:
-
Exercise 1: sudheendra.neela@tugraz.at or roland.czerny@tugraz.at
-
Exercise 2: rishub.nagpal@tugraz.at
Material
| Date | Who | Lecture 10:00–12:00 | Location |
|---|---|---|---|
| 12.03.2026 | DG,SN,RC | Introduction & Page Cache Attacks | CCGEG002 |
| 19.03.2026 | DG,RC | CPU Caches & Cache Attacks (Handout) | CCGEG002 |
| 26.03.2026 | DG | Transient Execution | CCGEG002 |
| 02.04.2026 | Easter | ||
| 09.04.2026 | Easter | ||
| 16.04.2026 | RC, CF | Prime+Probe, Rowhammer | CCGEG002 |
| 23.04.2026 | SN, SF, SG | TEEs, Networks | CCGEG002 |
| 30.04.2026 | SN, RC | Mitigations | CCGEG002 |
| 04.05.2026-08.05.2026 | Interviews ex1 | TBA | |
| 07.05.2026 | RN | TBA | CCGEG002 |
| 14.05.2026 | Holiday - Christi Himmelfahrt | ||
| 21.05.2026 | RN | TBA | CCGEG002 |
| 28.05.2026 | RN | TBA | CCGEG002 |
| 04.06.2026 | Holiday - Frohnleichnam | ||
| 11.06.2026 | RN | TBA | CCGEG002 |
| 18.06.2026 | RN | TBA | CCGEG002 |
| 25.06.2026 | RN | TBA | CCGEG002 |
Administrative Information
Previous Knowledge
Basics of information security that are covered, e.g., in the bachelor course "Information Security". Familiarity with programming in C and C++.Prerequisites Curriculum
See position in the curriculumObjective
After completing this course, students have an overview of attacks on embedded software as well as on corresponding countermeasures. They are able to assess the risks for assests in embedded software and to implement appropriate countermeasures.Language
EnglishTeaching Method
How to get a grade
Programming Exercises, Oral Exercise Interviews (possibly virtual), and Written or Oral Exam (possibly virtual)Registration
https://online.tugraz.at/tug_online/ee/rest/pages/slc.tm.cp/course-registration/525936
