ECE 69500 - Hardware and Software Security

Course Details

Lecture Hours: 3 Credits: 3

Areas of Specialization:

  • Computer Engineering

Counts as:

Normally Offered:

Each Fall


On-campus only


ECE 496

Requisites by Topic:

Operating systems engineering

Catalog Description:

This course provides an in-depth look at the relationships between hardware and software in the context of cyber-security. To do so, it explores the design, implementation and integration of secure hardware elements (e.g., processor extensions, secure co-processors) and their use to provide secure computing systems. Further, it analyzes different attack vectors from software to overcome these security properties (e.g., side-channel attacks, rowhammering, artificial processor-aging, hardware fuzzing). The lectures focus on a full-stack perspective of hardware-software co-existence and its effects on computer security by surveying existing technologies and their shortcomings. The course includes hands-on labs to develop and exploit practical software applications. Lastly, the course includes a research component to actualize and explore the trends of the topics covered in class.

Required Text(s):


Recommended Text(s):

  1. Blue Fox: Arm Assembly Internals & Reverse Engineering , Markstedter, Maria , Wiley , 2023 , ISBN No. 978-1-119-74530-3
  2. Principles of Secure Processor Architecture Design , Szefer, Jakub , Springer , 2018 , ISBN No. 978-3-031-00632-6
  3. Trusted Computing Platforms: TPM2.0 in Context , Proudler, Graeme; Chen, Liqun; Dalton, Chris , Springer , 2015 , ISBN No. 978-3319087436

Lecture Outline:

Week Topic
1 Introduction and problem statement: How do hardware and software affect the security of each other
2 Part 1, Hardware features for secure software. A first look at the hardware-software stack: bootloader, early boot, kernel, early userspace, init system and late userspace
3 Fundamental hardware security features: NX memory, virtual memory, etc.
4 Secure co-processors: TPMs and HSMs, secret handling; TPM ME, measured execution and measured boot; secure boot; software patterns that leverage these
5 "Advanced" processor-level security features: Virtualization instructions and ring -1 (also ARM); Hypervisor types; Paravirtualization and virtual hardware; Kernel namespaces and containers pointer authentication on ARMv8; Capability Hardware Enhanced RISC Instructions (CHERI)
6 Advanced processor-level security features: Secure enclaves (SGX and TrustZone); Remote attestation and enclave certificates; Programming for secure enclaves
7 Processors 3: Trust Domain Extensions (Intel TDX); Lightweight VMs; midterm review
8 Accelerators and Application Processor & Multi-processing security: Multiprocessor and Many-Core Protections; Deep Learning accelerators and their interactions with main application; Other Peripheral
9 Part II: Software attacks on hardware; Fundamentals of side-channels: Timing attacks; Extracting secret keys and passwords; Constant time compare and other mitigations
10 Side-channels 2: Speculative execution; Spectre, Meltdown, and friends; Software level mitigations (e.g., retpoline)
11 SW attacks on HW; Row hammer attacks; Processor Aging; Practical examples of RH: flip feng shui; Avoiding rowhammer and processor aging
12 Attacks on firmware: Firmware update vectors and exploitation; Exploiting Arm TrustZone; Applicable software defenses
13 Firmware, Hardware fuzzing & Fault Innjection; Binary re-hosting for fuzzing; Hidden processor instructions (chip fuzzing). ISA vs Processor implementation; Peripheral fuzzing; Fault injection
14 Misc attacks & defenses 1: Attacking the VLSI software pipeline; Software Supply Chain attacks on hardware; FPGA security

Assessment Method:

Exams, projects, presentations. (4/2023)