CS 6501: Hardware Security

Meeting Time/Location: Tu/Th 3:30pm-4:45pm @ Thornton E303
The goal of this course is to investigate modern architectures for security flaws, craft exploits on real machines, and explore novel security-aware architectures. The course is highly research-oriented and entails state-of-the-art literature survey and in-class brainstorming of ideas and experiments. By taking this course, students will:
  • become conversant with security issues that plague the modern semiconductor industry, and understand state-of-the-art defense mechanisms,
  • learn how to craft attacks that exploit security vulnerabilities in modern processors,
  • identify new security vulnerabilities and/or motivate new solutions to existing attacks,
  • gain experience working on a research project with active mentorship.

This course is highly exploratory and cross-disciplinary in nature. While our general theme will be hardware security, we will explore topics that span multiple disciplines of computer science, including but not limited to, machine learning (e.g., perceptron predictors, adversarial learning), programming languages (e.g., program analysis, dynamic code instrumentation), and software engineering (e.g., formal verification). In fact, prior offering of this course has produced two top-tier publications in the intersection of programming languages, computer networks, architecture, and security.

Other (frequently referenced) online resources:.


We will use Piazza as our class forum, and our primary mode of communication outside of class. All general inquiries must be made on Piazza. For group-specific questions or private questions, you can either email me or post a private question on Piazza.

    Ashish Venkat (email: <lastname>@virginia.edu)
    Office Hours: Th 2-3pm or by appointment.
Teaching Assistant:
    Xida Ren (email: xr5ry@virginia.edu)
    Office Hours: Tu 2:30-3:30pm or by appointment.


This is a research seminar course -- we will be exploring advanced topics in architecture and security. All graduate students are welcome to enroll. Third and Fourth year undergraduate students interested to enroll should meet a minimum prerequisite requirement of having taken the undergraduate computer architecture course CS 3330 or equivalent. Graduate students who focus on other complimentary CS disciplines are encouraged to enroll, but are expected to pick up relevant architecture background as we progress through the course. This course will satisfy breadth requirements under the "Computer Systems" and "Computer Security" category.

Useful resources to pick up architecture background:
  • Graduate Architecture Textbook: Hennessy and Patterson, "Computer Architecture: A Quantitative Approach"
  • Undergraduate Architecture Textbook: Patterson and Hennessy, "Computer Organization and Design: the Hardware/Software Interface"


The grading breakdown for this course is:

  • 15%: 3 Research Paper Presentations (between Sep 29 and Nov 24)
  • 5%: Brainstorming Evidence
  • 10%: Peer Review
  • 70%: Semester-long Research Project in groups of 2 students
If you are an undergraduate student, you are required to present 2 research papers, instead of 4. In addition, you are allowed to work in groups of 3-4 students for the course project. The grading breakdown for undergraduate students is as follows.
  • 5%: 1 Research Paper Presentation (between Sep 29 and Nov 24)
  • 15%: Brainstorming Evidence
  • 10%: Peer Review
  • 70%: Semester-long Research Project in groups of 3-4 students
We will NOT use an absolute grading scale for this course. Your final grades will be assigned based on your overall performance, relative to the class average.

Course Project

You will be choosing one of several research projects that I’ve identified. I will provide enough background for each of these projects (including an abstract and an initial reading list) and will meet with each group every week, to ensure that you’re on track. You are more than welcome to suggest your own topic for the project as long as you convince me of its novelty and relevance. More details will appear on Piazza for enrolled students.

There will be five milestones for the course project documenting related work, design mechanisms, and your experimental findings. Links to milestone requirements and grading criteria:

Guidelines and Policies:
  • All students in the group will receive the same grade. In addition, each individual member will be given a chance to evaluate other members of the group at every milestone of the project.
  • All milestone reports are to be turned in electronically on Gradescope, at 11:59pm Eastern Time.
  • Milestone reports are to be typeset in LaTeX using the ISCA 2020 template
  • Late reports are not encouraged, but will be accepted with a flat 10% (of the maximum score) penalty, until two days after the report is due. Reports submitted later than that will not be accepted.


Date Topic Discussion Lead(s)
Aug 25 Introduction, Motivation, and Course Logistics Venkat
Aug 27 Brief Review of Modern Processors-1
Chapters 1 from Processor Microarchitecture: An Implementation Perspective
Chapters 2.3, 2.2, and 2.1 from Intel® 64 and IA-32 Architectures Optimization Reference Manual in that order.
Sep 1 Brief Review of Modern Processors-2
Chapters 2 from Processor Microarchitecture: An Implementation Perspective
Chapters 2.6 from Intel® 64 and IA-32 Architectures Optimization Reference Manual.
Sep 3 Fundamentals of Computer Security-1
Reading: Chapters 2.1-2.3
Section 1 from The Protection of Information in Computer Systems, IEEE 1975
Sep 8 Fundamentals of Computer Security-2
Section 2 from The Protection of Information in Computer Systems, IEEE 1975
SoK: Eternal War in Memory, S&P 2013
Sep 10 Memory Safety and Capability-Based Addressing
SoK: Sanitizing for Security, S&P 2019
The CHERI capability model: Revisiting RISC in an age of risk, ISCA 2014
CHEx86: Context-Sensitive Enforcement of Memory Safety via Microcode-Enabled Capabilities, ISCA 2020
Sep 15 Side and Covert Channels-1
Reading: Chapter 8
A Note on the Confinement Problem, CACM 1973
Sep 17 Side and Covert Channels-2
New cache designs for thwarting software cache-based side channel attacks, ISCA 2007
BranchScope: A New Side-Channel Attack on Directional Branch Predictor, ASPLOS 2018
Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR, MICRO 2016
Sep 22 Transient Execution Attacks
Reading: Chapters 3.2-3.3
Spectre Attacks: Exploiting Speculative Execution, S&P 2019
The Evolution of Transient-Execution Attacks, GLVLSI 2020
Sep 24 Transient Execution Attack Mitigations
Evolution of Defenses against Transient-Execution Attacks, GLVLSI 2020
InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy, MICRO 2018
Context-Sensitive Fencing: Securing Speculative Execution via Microcode Customization, ASPLOS 2019
CleanupSpec: An "Undo" Approach to Safe Speculation, MICRO 2019
Sep 29 Information-Flow Tracking-1
Secure Program Execution via Dynamic Information Flow Tracking, ASPLOS 2004
Speculative Taint Tracking (STT): A Comprehensive Protection for Speculatively Accessed Data, MICRO 2019
Oct 1 Information-Flow Tracking-2
A Hardware Design Language for Timing-Sensitive Information-Flow Security, ASPLOS 2015
Oct 6 Rowhammer Attacks and Defenses + Processing-In-Cache
Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors, ISCA 2014
ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks, OSDI 2018
Neural Cache: Bit-Serial In-Cache Acceleration of Deep Neural Networks, ISCA 2018
Oct 8 Model Inversion and Membership Inference + Processing-In-Memory
Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures, CCS 2015
Membership Inference Attacks Against Machine Learning Models, S&P 2017
PRIME: A Novel Processing-in-Memory Architecture for Neural Network Computation in ReRAM-Based Main Memory, ISCA 2016
Oct 13 Rowhammer on Neural Nets + Hardware Backdoors + Pointer Provenance
Terminal Brain Damage: Exposing the Graceless Degradation in Deep Neural Networks Under Hardware Fault Attacks, USENIX Security 2019
Hardware Backdoors in x86 CPUs, Black Hat 2018
CheriABI: Enforcing Valid Pointer Provenance and Minimizing Pointer Privilege in the POSIX C Run-time Environment, ASPLOS 2019
Oct 15 Data-Oriented Programming + Data-Oblivious Execution + Bit Trojans
Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks, S&P 2016
Data Oblivious ISA Extensions for Side Channel-Resistant and High Performance Computing, NDSS 2019
TBT: Targeted Neural Network Attack with Bit Trojan , CVPR 2020
Oct 20 Exploiting Voltage and Frequency Scaling
CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management, USENIX Security 2017
Plundervolt: Software-based Fault Injection Attacks against Intel SGX, S&P 2020
V0LTpwn: Attacking x86 Processor Integrity from Software, USENIX Security 2020
Oct 22 Model Extraction Attacks
Stealing Machine Learning Models via Prediction APIs, USENIX Security 2016
Stealing Hyperparameters in Machine Learning, S&P 2018
Stealing Neural Networks via Timing Side Channels, arXiv 2018
Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures, S&P 2020
Oct 27 No Class (Intel FoMR PI Meeting) -
Oct 29 Memory Isolation + Memory Bus Snooping Attacks + Branch Predictor Hardening
SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation, S&P 2020
An Off-Chip Attack on Hardware Enclaves via the Memory Bus, USENIX Security 2020
BRB: Mitigating Branch Predictor Side-Channels, HPCA 2019
Nov 3 Trusted Execution Environments-1: Intel SGX
Sections 5.1-5.4 from Intel SGX Explained
Software Grand Exposure: SGX Cache Attacks Are Practical, WOOT 2017
Telling Your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution, USENIX Security 2017
Nov 5 FPGA/GPU Security
FPGA-Based Remote Power Side-Channel Attacks, S&P 2018
C3APSULe: Cross-FPGA Covert-Channel Attacks through Power Supply Unit Leakage, S&P 2020
Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU, S&P 2018
Nov 10 More IFC + Replay Attacks + RAMBleed
A Progress-Sensitive Flow-Sensitive Inlined Information-Flow Control Monitor (extended version), Computers and Security 2017
MicroScope: Enabling Microarchitectural Replay Attacks, ISCA 2019
RAMBleed: Reading Bits in Memory Without Accessing Them, S&P 2020
Nov 12 Technical Evaluation: Methods and Best Practices
Chapters 2, 3, and 5 from Computer Architecture Performance Evaluation Methods
Benchmarking Crimes: An Emerging Threat in Systems Security, arXiV 2018
Nov 17 Security of Compressed Caches + Controlled-Channel Attacks + JIT Leaks
Safecracker: Leaking Secrets through Compressed Caches, ASPLOS 2020
CopyCat: Controlled Instruction-Level Attacks on Enclaves, USENIX Security 2020
JIT Leaks: Inducing Timing Side Channels through Just-In-Time Compilation, S&P 2020
Nov 19 Trusted Execution Environments-2: ARM TrustZone
Demystifying Arm TrustZone: A Comprehensive Survey, ACM Computing Surveys 2019
vTZ: Virtualizing ARM TrustZone, USENIX Security 2017
SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-assisted TEE Systems, S&P 2020
Nov 24 No Class (ISCA deadline) -

Honor Code

I trust every student in this course to fully abide by the University's Honor Code and pledge to not commit academic fraud. You are allowed to discuss, collaborate, and brainstorm both within and outside your group. You're also free to lookup and use source code/tools on the internet with appropriate citations. However, you're not allowed to plagiarize text from another student's assignment or from the internet, and/or falsify data. Cheating will be taken seriously and will be reported to the honor committee. All suspected honor violations will receive an immediate zero on that assignment regardless of any action taken by the Honor Committee.

    Please let me know if you have any questions regarding the course Honor policy. If you believe you may have committed an Honor Offense, you may wish to file a Conscientious Retraction by calling the Honor Offices at (434) 924-7602. For your retraction to be considered valid, it must, among other things, be filed with the Honor Committee before you are aware that the act in question has come under suspicion by anyone. More information can be found here. Your Honor representatives can be found at this link

    Learning Accommodations

    Students with disabilities or learning needs
    It is my goal to create a learning experience that is as accessible as possible. If you anticipate any issues related to the format, materials, or requirements of this course, please meet with me outside of class so we can explore potential options. Students with disabilities may also wish to work with the Student Disability Access Center to discuss a range of options to removing barriers in this course, including official accommodations. Please visit their website for information on this process and to apply for services online. If you have already been approved for accommodations through SDAC, please send me your accommodation letter and meet with me so we can develop an implementation plan together.

    Discrimination and power-based violence
    The University of Virginia is dedicated to providing a safe and equitable learning environment for all students. To that end, it is vital that you know two values that I and the University hold as critically important:
    1. Power-based personal violence will not be tolerated.
    2. Everyone has a responsibility to do their part to maintain a safe community on Grounds.
    If you or someone you know has been affected by power-based personal violence, more information can be found on the UVA Sexual Violence website that describes reporting options and resources available.
      As your professor and as a person, know that I care about you and your well-being and stand ready to provide support and resources as I can. As a faculty member, I am a responsible employee, which means that I am required by University policy and federal law to report what you tell me to the University's Title IX Coordinator. The Title IX Coordinator's job is to ensure that the reporting student receives the resources and support that they need, while also reviewing the information presented to determine whether further action is necessary to ensure survivor safety and the safety of the University community. If you wish to report something that you have seen, you can do so at the Just Report It portal. The worst possible situation would be for you or your friend to remain silent when there are so many here willing and able to help.

      Religious accommodations
      It is the University's long-standing policy and practice to reasonably accommodate students so that they do not experience an adverse academic consequence when sincerely held religious beliefs or observances conflict with academic requirements. Students who wish to request academic accommodation for a religious observance should submit their request in writing directly to me as far in advance as possible. Students who have questions or concerns about academic accommodations for religious observance or religious beliefs may contact the University’s Office for Equal Opportunity and Civil Rights (EOCR) at UVAEOCR@virginia.edu or (434) 924-3200.