E-mail senden E-Mail Adresse kopieren

E-Mail

Adresse

Stuhlsatzenhaus 5
66123 Saarbrücken (Germany)

Awards

EuroSys Roger Needham PhD Award (2020)

NSA Best Scientific Cybersecurity Paper Competition Honorable Mention: Meltdown (2019) 

Open Exploit Award: Meltdown and Spectre (2019)

S&P Distinguished Paper Award - Spectre (2019)

CSAW Best Paper Award - Meltdown (2018)

Pwnie Award for Best Privilege Escalation Bug - Meltdown (2018)

Pwnie Awardfor Most Innovative Research - Spectre (2018)

Kurzbiografie

Dr. Michael Schwarz ist Tenure-Track-Faculty am CISPA mit Fokus auf Microarchitectural Side-Channel Attacks und Systemsicherheit. Er erhielt seinen PhD mit dem Titel „Software-based Side-Channel Attacks and Defenses in Restricted Environments“ 2019 von der Graz Universität of Technology (beraten von Daniel Gruss). Michael hat zwei Masterabschlüsse, einen in Computer Science und einen in Software Engineering mit einem starken Fokus auf Security. Er ist regelmäßig Sprecher bei akademischen und Hacker-Konferenzen (7 Mal Black Hat, CCC, Blue Hat, etc.). Michael war Teil eines der Forschungsteams, das die Meltdown-, Spectre-, Fallout- und LVI-Schwachstellen, sowie die ZombieLoad-Schwachstelle gefunden hat. Er war auch Teil des Kaiser-Patches, die Basis für die Meltdown-Gegenmaßnahmen, die jetzt in jedem modernen Betriebssystem wie KPTI oder KVA Shadow eingesetzt werden.

CV: Letzte vier Stationen

Seit 2020
Faculty am CISPA Helmholtz-Zentrum für Informationssicherheit
2019 - 2020
Postdoctoral Researcher an der technischen Universität Graz
2016 - 2019
PhD Student an der technischen Universität Graz
2012 - 2017
Studienassistent in verschiedenen Studiengängen mit den Schwerpunkten Programmierung und Betriebssysteme

Veröffentlichungen von Michael Schwarz

Jahr 2023

Konferenz / Medium

SP
44th IEEE Symposium on Security and Privacy44th IEEE Symposium on Security and Privacy

Konferenz / Medium

SP
IEEE Symposium on Security and PrivacyIEEE Symposium on Security and Privacy

Konferenz / Medium

FC
Financial Cryptography and Data Security 2023Financial Cryptography and Data Security - 27th International Conference, FC 2023

Jahr 2022

Konferenz / Medium

ESORICS
Proceedings, Part I-II27th European Symposium on Research in Computer Security (ESORICS) 2022

Konferenz / Medium

ESORICS
ESORICSESORICS 2022

Konferenz / Medium

USENIX-Security
USENIX Security SymposiumUSENIX Security Symposium

Lehre von Michael Schwarz

Winter 2021/22

Side-Channel Attacks and Defenses

In this lecture, you will learn about side channels in software and hardware, their security implications, how they can be exploited from software, and ways to prevent data leakage. Since 2018, side channels received a lot of attention as they are a vital part of Meltdown and Spectre attacks. Meltdown and Spectre showed that the security boundaries of modern CPUs can be circumvented with the help of side channels. However, besides these publicly known attacks, there are many more attacks relying on side channels. In particular, this lecture provides an overview of attack techniques and countermeasures for

  • Timing Attacks
  • Cache Attacks
  • Page Table Attacks
  • Transient Execution Attacks (Meltdown- and Spectre-type Attacks)
  • Fault Attacks

This course provides hands-on experience with various exercises, in which attacks and defenses have to be implemented and evaluated.

Prerequisites

There are no formal prerequisites for this course. However, if you want to participate, you should

  • be familiar with programming C (it helps if you also have a basic understanding of x86 Assembly)
  • have a basic understanding of operating systems (e.g., the concept of virtual memory)
  • be able to work on Linux, as some exercises are only officially supported on Linux

Time and Location

The lecture will take place in-presence every Tuesday from 10.00 (c.t.) - 12.00, starting 19.10.2021. Location: E9 1 (CISPA), room 0.05 (lecture hall ground floor). A stream is also provided via YouTube (links in the Material section).

Grading

There is a total of 100 points for this course. There are up to 50 points for the practical assignments and 50 points for the final exam. Additionally, there are optional lecture challenges that give you bonus points if you solve them.

Note that you need a minimum of 26 points in the practical assignments and a minimum of 26 points in the exam to pass this course. Bonus points can only be used to get a better grade if you already passed the course, i.e., if you have at least 52 points without the bonus points.

Practical Assignments

There are three practical assignments with a total of 50 points. You need at least 26 points in total to pass the course. The practical assignments cover the topics covered in the lecture and aim to deepen your knowledge of the topics.

You can discuss the assignments with other students, but you should not collaborate on the solution with anyone. Your solution should be original and not be an existing solution (e.g., from someone else, or from the internet). All submissions will be automatically checked for plagiarism. Plagiarism automatically results in zero points.

Written Exam

Exams are done in writing. The final exam will take place on TBD. Note that physical presence is required for the exam.

Exams consist of both theoretical questions and practical questions. Theoretic questions are basically the theoretic parts of the slides and possibly additional content presented in the lecture, which is not part of the slides. Practical questions are, in principle, similar to the tasks given in the lecture challenges as well as in the practicals. However, the complexity of the questions is scaled to make them adequate for the time available during an exam.

All questions of the exam are in English. Answers can be given either in English or in German, at the student’s discretion.

No lecture notes or any other materials are allowed during an exam. All materials required to solve the practical questions are provided at the exam.

Lecture Challenges

During the lecture, there will be small “Lecture Challenges” that you can optionally solve as a bonus. These challenges are optional, but solving them results in bonus points. The aim of the challenges is to dig deeper into a certain topic of the respective lecture. Thus, it is advisable to try to complete the challenge soon after the lecture.