Course Schedule, Reading List, and Slides

Fall 2025

---

Course Schedule

Please find the paper-discussion sign-up sheet on Canvas, under the “Home” tab

(L) = Lecture given by the instructor
(D) = Paper discussion led by student presenters

	Date	Theme	Topic	Readings	Slides
Week 1	Aug 25	Bootstrap	(L) Course Logistics	Please fill this anonymous course-preparation survey after the first class and before Aug 28 (Thu)	Slides
	Aug 27		(L) Topic Overview and Project Ideas	-	Slides
Week 2	Sep 1	Labor Day
	Sep 3	uArch Side Channels	(L) Cache-Based Side Channels (w/ Demo!)	Pre-lecture: Flush+Reload: A High Resolution, Low Noise, L3 Cache Side-Channel Attack (USENIX Sec '14, Sections 1-3) Post-lecture (Choose one to review): Last-Level Cache Side-Channel Attacks are Practical (SP '15) Theory and Practice of Finding Eviction Sets (SP '19)	Slides PoC
Week 3	Sep 8		(L) Side Channels in Public Clouds (w/ Demo!)	Pre-lecture: Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds (CCS '09, Sections 1-3, 6) Post-lecture: Everywhere All at Once: Co-Location Attacks on Public Cloud FaaS (ASPLOS '24)	Slides
	Sep 10		(L) Partitioning, Randomization, and Detection	Pre-lecture: CATalyst: Defeating Last-Level Cache Side Channel Attacks in Cloud Computing (HPCA '16, Sections 1-3) No post-lecture reading, please focus on your term project proposal (Optional) A Game of Cache Attacks and Defense by Moinuddin Qureshi at MAD tutorial (ISCA '22)	Slides
Week 4	Sep 15		(L) Data-Oblivious Computation	Pre-lecture: Guidelines for Mitigating Timing Side Channels Against Cryptographic Implementations by Intel (Optional) Other Resources: Oblivious RAM by Elaine Shi Cryptocoding (a list of "coding rules") for implementing cryptographic operations by Jean-Philippe Aumasson	Slides PoC
	Sep 17	Speculation	(L) Transient-Execution Attacks (w/ Demo!)	Pre-lecture: Conference presentation of Spectre Attacks (Optional) Other Resources: Spectre Attacks: Exploiting Speculative Execution Meltdown: Reading Kernel Memory from User Space A Systematic Evaluation of Transient Execution Attacks and Defenses	Slides PoC
Week 5	Sep 22		(D) Advanced Spectre Attacks	Papers to discuss (Choose one to review): An Analysis of Speculative Type Confusion Vulnerabilities in the Wild (USENIX Sec '21) Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks (USENIX Sec '22) (Optional) Other Resources: Retpoline: a software construct for preventing branch-target-injection RETBLEED: Arbitrary Speculative Code Execution with Return Instructions The AMD Branch (Mis)predictor: Just Set it and Forget it! (Part 1, Part 2)
	Sep 24		(D) Hardware Defenses	Papers to discuss (Choose one to review): Efficient Invisible Speculative Execution through Selective Delay and Value Prediction (ISCA '19) Speculative Taint Tracking (STT): A Comprehensive Protection for Speculatively Accessed Data (MICRO '19) (Optional) Other Resources: Speculative interference attacks: breaking invisible speculation schemes Speculative Data-Oblivious Execution: Mobilizing Safe Prediction For Safe and Efficient Speculative Execution
Week 6	Sep 29	Trusted Execution Environments (TEEs)	(L) TEE Overview and Attestation	(Optional) Other Resources: Intel SGX Explained	Slides
	Oct 1		(L) Memory Encryption and Integrity Protection	(Optional) Other Resources: Efficient Memory Integrity Verification and Encryption for Secure Processors Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly	Slides
Week 7	Oct 6		(L) TEE Designs	Pre-lecture: (Presentation) Keystone: An Open Framework for Architecting Trusted Execution Environments	Slides
	Oct 8		(D) Attacks on TEEs	Papers to discuss (Choose one to review): Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems (SP '15) MicroScope: Enabling Microarchitectural Replay Attacks (ISCA '19)
Week 8	Oct 13	Isolation & Memory Safety	(L) OS and VM Isolation	(Optional) Other Resources: Performance Evaluation of Intel EPT Hardware Assist A Comparison of Software and Hardware Techniques for x86 Virtualization My VM is Lighter (and Safer) than your Container Firecracker: Lightweight Virtualization for Serverless Applications Blending Containers and Virtual Machines: A Study of Firecracker and gVisor	Slides
	Oct 15		(L) Memory Safety	Pre-lecture: Running a Buffer Overflow Attack - Computerphile (Optional) Other Resources: SoK: Eternal War in Memory An Introduction to CHERI No-FAT: Architectural Support for Low Overhead Memory Safety Checks SPECCFI: Mitigating Spectre Attacks using CFI Informed Speculation	Slides
Week 9	Oct 20		(D) In-Process Isolation	Papers to discuss (Choose one to review): Donky: Domain Keys--Efficient In-Process Isolation for RISC-V and x86 (USENIX '20) Going beyond the Limits of SFI: Flexible and Secure Hardware-Assisted In-Process Isolation with HFI (ASPLOS '23)
	Oct 22		(D) Transient Execution + Memory Safety	Papers to discuss (Choose one to review): Speculative Probing: Hacking Blind in the Spectre Era (CCS '20) PACMAN: Attacking ARM Pointer Authentication with Speculative Execution (ISCA '22)
Week 10	Oct 27	RowHammer	(L) RowHammer	(Optional) Other Resources: The Story of Rowhammer Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors Graphene: Strong yet Lightweight RowHammer Protection ProTRR: Principled yet Optimal In-DRAM Target Row Refresh	Slides
	Oct 29	Inspiring Papers/Ideas	(D) Attacking AI Systems	Papers to discuss (Choose one to review): MoEcho: Exploiting Side-Channel Attacks to Compromise User Privacy in Mixture-of-Experts LLMs (CCS '25) I Know What You Asked: Prompt Leakage via KV-Cache Sharing in Multi-Tenant LLM Serving (NDSS '25)
Week 11	Nov 3		(D) Emerging TEE Designs	Papers to discuss (Choose one to review): Graviton: Trusted Execution Environments on GPUs (OSDI '18) Sequestered Encryption: A Hardware Technique for Comprehensive Data Privacy (SEED '22) (Optional) Other resources: Creating the First Confidential GPUs Security Verification of Low-Trust Architectures (CCS '23) Privacy-enhanced computation via sequestered encryption (US Patent)
	Nov 5		(D) uArch Weird Machines	Papers to discuss (Choose one to review): Computing with Time: Microarchitectural Weird Machines (ASPLOS '21) The Gates of Time: Improving Cache Attacks with Transient Execution (USENIX Sec '23)
Week 12	Nov 10		(L) Information-Flow Tracking in Hardware	Paper to discuss (Choose one to review): Complete Information Flow Tracking from the Gates Up (ASPLOS '09) Speculative Privacy Tracking (SPT): Leaking Information From Speculative Execution Without Compromising Privacy (MICRO '21)	Slides
	Nov 12		(D) Fun Side Channels	Papers to discuss (Choose one to review): Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86 (USENIX Sec '22) Pentimento: Data Remanence in Cloud FPGAs (ASPLOS '24) (Optional) Other Resources: DVFS Frequently Leaks Secrets: Hertzbleed Attacks Beyond SIKE, Cryptography, and CPU-Only Data Hot Pixels: Frequency, Power, and Temperature Attacks on GPUs and Arm SoCs Advice from DJB
Week 13	Nov 17		(D) Attacks on GPU	Paper to discuss: BarraCUDA: Edge GPUs do Leak DNN Weights (USENIX Sec '25) GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data Compression (SP '24) (Optional) Other resources: On Subnormal Floating Point and Abnormal Timing Pixnapping Attack
	Nov 19		(D) SW & HW Fuzzing	Papers to discuss (Choose one to review): SpecFuzz: Bringing Spectre-Type Vulnerabilities to the Surface (USENIX Sec '20) Cascade: CPU Fuzzing via Intricate Program Generation (USENIX Sec '24) (Optional) Videos on hardware fuzzing: The Discovery of Zenbleed ft. Tavis Ormandy by LiveOverflow Breaking the x86 Instruction Set by Christopher Domas at BlackHat '17
Week 14		Fall Break (Optional Reading: "Why We Sleep" by Matthew Walker)
Week 15	Dec 1	Summary	Reflect and Chat*	-	-
	Dec 3	Project	Final Presentation (1)	-	-
W16	Dec 8		Final Presentation (2)	-	-

* With free food!