CS 292G - Quantitative Information Flow and Side Channels - Fall 2021

Instructor: Tevfik Bultan     Office: Eng. I 2104   Office Hours: Thursday 1:00-3:00  
Class Times: Tuesday/Thursday 11:00-12:50   Location: PHELP 2510
Units: 4
Course webpage: http://www.cs.ucsb.edu/~bultan/courses/292/

Course Topics

Many computer systems have access to sensitive information nowadays and, consequently, information leakage has become a significant security concern for users. Side-channel vulnerabilities that are based on information gained by observing nonfunctional properties of computer systems (such as execution time or memory usage) can enable attackers to infer the secret information that the system accesses.

In this course, we will discuss static and dynamic analysis techniques for detecting information leakage in computer systems. In most practical settings, complete elimination of information leakage, where all observable outputs are independent of secrets (called noninterference), is not achievable. An alternative approach, called quantitative information flow analysis, is to quantify the amount of information that leaks from a given computer system using information theoretic concepts such as entropy. Quantitative information flow analysis enables detection of harmful side-channel vulnerabilities while minimizing false alarms that are due to benign information leakage. In this course, we will discuss recent developments in detection of side-channel vulnerabilities and quantitative information flow analysis. The topics we will discuss include:

Course Work

There will be several homework assignments, a midterm exam, and a final exam. The papers related to the topics discussed in the class and/or lecture notes will be given as reading assignments.


Homework Assignments

Slides from Lectures and Reading Assignments

Related Papers