20 September 2019
Security Week
Welcome to our Third School on Security & Correctness 2019, held from 16.-20. September. It is hosted by the research center “Dependable Internet of Things“, located at Graz University of Technology. This school targets graduate students interested in security and correctness aspects of computing devices.
The main topics of the school are
- Runtime Security
- Side-Channels
- Security Verification
- Post-Quantum Cryptography
During the five-day school, participants will gain awareness of these security challenges in the context of IoT. Introductory classes are supplemented by advanced courses and practical lab sessions. Students are encouraged to present their current research topics in a special PhD Forum. During spare time participants are invited to enjoy the city of Graz and attend organized events.
- PhD Forum
A central goal of the school is to enable communication between presenters and the participants. Therefore we will have a so-called PhD forum on Monday and Tuesday. The basic idea of the forum is that PhD students and researchers can present their current research in a 5-minute talk. This will help them to get connected with other participants working on a similar topic. Furthermore, presenting at the PhD forum is a prerequisite for earning optional 2 ECTS.
We strongly encourage you to use this opportunity and would like to ask you to send us a title of your presentation to securityweek@iaik.tugraz.at no later than September 13th. We will then arrange the presentation slots accordingly.
- Runtime Security Lab
In this tutorial, you will learn about runtime security and what can go wrong if memory is accessed out of bounds, integers do overflow, etc.
Do you manage to read or modify protected memory? Can you manipulate the control flow to jump to a protected function? During a Capture-the-Flag competition, you will learn to attack vulnerable applications. If your attack is successful, the application will reveal a secret flag to you, for which you get points. Rumor has it that the best teams will be rewarded. Please bring your own laptop.
- Side-Channel Lab
During the side-channel labs, we offer two parallel sessions to choose from. First, physical side channels and faults, and second, microarchitectural side channels. Please bring your own laptop.
Physical Side-Channels
In this tutorial, you will learn how the physical properties of embedded devices can be used to break their security. First, we will measure the power consumption of a microcontroller performing encryptions and use that to extract the used secret key. Second, we will inject voltage spikes and clock glitches into the microcontroller and thus disturb its computations. The resulting faults can then be used to bypass security checks or extract secrets. All your experiments will be performed on a real device: you will receive a ChipWhisperer-Lite board, which lets you easily measure the power consumption and inject faults on an included target microcontroller.
- Microarchitectural Side-Channels
In contrast to runtime attacks, the CPU microarchitecture itself gives much more subtle ways to attack an application via side-channels. These side channels range from measuring execution time and detecting memory access patterns, over cache attacks (e.g., Flush+Reload) to Meltdown and Spectre attacks, leaking information across different processes and privilege boundaries. In this lab, you will experiment with various microarchitectural side channels.
Course leader
International experts
Target group
Graz Security Week brings together young researchers and experts from academia and industry in an annual event.
Credits info
2 EC
All participants will receive a certificate of attendance. There is also the option to obtain a certificate with 2 ECTS credits for students that
- give a lightning talk of their research during the PhD forum
- complete an online exam on Friday 2pm
Fee info
EUR 300: Early (until August 18, 2019)
The registration fees are as follows (registration fee includes coffee, lunch, dinner and social event – excluding accommodation)
In order to be considered for the reduced registration fee, please provide us with a valid student-ID via email (office@iaik.tugraz.at). After this requirement has been verified, the ID card copy will be deleted.
EUR 350: Late (from August 19, 2019)
The registration fees are as follows (registration fee includes coffee, lunch, dinner and social event – excluding accommodation)
In order to be considered for the reduced registration fee, please provide us with a valid student-ID via email (office@iaik.tugraz.at). After this requirement has been verified, the ID card copy will be deleted.