S
Story
MIT 6.5950 Secure Hardware Design – An open-source course on hardware attacks
If you're looking for a quick overview, Satnam Singh who worked at Google on Silver Oak / OpenTitan, gave an interesting 50m talk related to his work: https://youtube.com/watch?v=ujmgPCIWuU4 / mirror: https://ghostarchive.org/varchive/ujmgPCIWuU4 [summary: https://g.co/gemini/share/07c6439e8a78 / mirror: https://archive.vn/51k4y]

OpenTitan (RISC-V based tamper-resistant open specification RoT/TPM/SE) themselves have a neat write-up on designing against hardware attacks: https://opentitan.org/book/doc/security/implementation_guide... / mirror: https://archive.vn/UqAVo

  • klop1
  • ·
  • 14 hours ago
  • ·
  • [ - ]
I actually did these a while ago. Courses taught me a lot and have recommended it to friends since. Very grateful for the course team for making everything public :)
Hey! I was curious how did you get access to the lectures? You said that the material is public, can you please help me locate the lecture vidoes?
I have the same question, I'd love to watch the presentations in my own time, but I don't want to sign up for something that will have strict deadlines, as my schedule doesn't allow that.

Does anyone know which kind of the two above this course is? I couldn't find that info.

  • oytis
  • ·
  • 10 hours ago
  • ·
  • [ - ]
Somewhat unrelated, but - is it just me or do other people notice too, that whenever a major university publishes course materials online, the instructors there are normally very young? It wasn't like that a while ago, e.g. when Coursera started, or it is not like that if you look at older MIT videos.

Does it reflect university teachers getting younger? Or younger teachers tend to give more effort to putting everything online? Or did my perception change with age?

Younger teachers get "out there" for the same class of reasons software developers today want to be more "out there" - website,twitter,etc - compared to the relatively quieter personal websites of the last generation.
  • ·
  • 11 hours ago
  • ·
  • [ - ]
Reminds me of hardware security at VUSEC Amsterdam :)

Good times!

Does this include Spectre?
  • jprx
  • ·
  • 15 hours ago
  • ·
  • [ - ]
Yes!

Our labs include building your own real spectre attack against the kernel, bypassing ASLR and building ROP chains with various side channels, finding and exploiting backdoors in a RISC-V CPU by building a hardware fuzzer, and more.

(source: I designed the Spectre lab plus a few others)

All our labs are fully open source for anyone to try: https://github.com/MATCHA-MIT/SHD-StarterCode

If you give them a try, please do let us know what you think! We genuinely want these activities to be fun and approachable (we designed them like a big CTF) and welcome feedback from the community.

Any plans to make lecture videos available as well?
Do you support arm64e?
It starts with necessary background into cache side channels and covers transient execution attacks like Spectre.
  • oicu
  • ·
  • 17 hours ago
  • ·
  • [ - ]
[dead]