_______ __ _______
| | |.---.-..----.| |--..-----..----. | | |.-----..--.--.--..-----.
| || _ || __|| < | -__|| _| | || -__|| | | ||__ --|
|___|___||___._||____||__|__||_____||__| |__|____||_____||________||_____|
on Gopher (inofficial)
URI Visit Hacker News on the Web
COMMENT PAGE FOR:
URI MIT 6.5950 Secure Hardware Design â An open-source course on hardware attacks
ignoramous wrote 6 hours 55 min ago:
If you're looking for a quick overview, Satnam Singh who worked at
Google on Silver Oak / OpenTitan, gave an interesting 50m talk related
to his work: [1] / mirror: [2] [summary: [3] / mirror: [4] ]
OpenTitan (RISC-V based tamper-resistant open specification RoT/TPM/SE)
themselves have a neat write-up on designing against hardware attacks:
[5] / mirror:
URI [1]: https://youtube.com/watch?v=ujmgPCIWuU4
URI [2]: https://ghostarchive.org/varchive/ujmgPCIWuU4
URI [3]: https://g.co/gemini/share/07c6439e8a78
URI [4]: https://archive.vn/51k4y
URI [5]: https://opentitan.org/book/doc/security/implementation_guideli...
URI [6]: https://archive.vn/UqAVo
oytis wrote 11 hours 33 min ago:
Somewhat unrelated, but - is it just me or do other people notice too,
that whenever a major university publishes course materials online, the
instructors there are normally very young? It wasn't like that a while
ago, e.g. when Coursera started, or it is not like that if you look at
older MIT videos.
Does it reflect university teachers getting younger? Or younger
teachers tend to give more effort to putting everything online? Or did
my perception change with age?
jprx wrote 42 min ago:
Personally, I learned programming when I was a kid by watching
YouTube tutorials + reading random Internet sources. When helping
build SHD, it was important to me that we "paid it forward" & made
all our lab materials open for everyone to learn from.
Hopefully someone out there finds it useful!
porridgeraisin wrote 8 hours 25 min ago:
Younger teachers get "out there" for the same class of reasons
software developers today want to be more "out there" -
website,twitter,etc - compared to the relatively quieter personal
websites of the last generation.
mettamage wrote 15 hours 22 min ago:
Reminds me of hardware security at VUSEC Amsterdam :)
Good times!
klop1 wrote 15 hours 27 min ago:
I actually did these a while ago. Courses taught me a lot and have
recommended it to friends since. Very grateful for the course team for
making everything public :)
Akhilmurali wrote 14 hours 50 min ago:
Hey! I was curious how did you get access to the lectures? You said
that the material is public, can you please help me locate the
lecture vidoes?
stavros wrote 10 hours 7 min ago:
I have the same question, I'd love to watch the presentations in my
own time, but I don't want to sign up for something that will have
strict deadlines, as my schedule doesn't allow that.
Does anyone know which kind of the two above this course is? I
couldn't find that info.
jprx wrote 37 min ago:
You can find PDFs of the lectures as well as the reading list
here: [1]
URI [1]: https://shd.mit.edu/2025/calendar.html
URI [2]: https://shd.mit.edu/2025/lectureReadings.html
stavros wrote 31 min ago:
Thanks, but it looks like the videos aren't available, so I'm
not sure why the title says "open source".
brcmthrowaway wrote 20 hours 10 min ago:
Does this include Spectre?
jprx wrote 16 hours 56 min ago:
Yes!
Our labs include building your own real spectre attack against the
kernel, bypassing ASLR and building ROP chains with various side
channels, finding and exploiting backdoors in a RISC-V CPU by
building a hardware fuzzer, and more.
(source: I designed the Spectre lab plus a few others)
All our labs are fully open source for anyone to try: [1] If you give
them a try, please do let us know what you think! We genuinely want
these activities to be fun and approachable (we designed them like a
big CTF) and welcome feedback from the community.
URI [1]: https://github.com/MATCHA-MIT/SHD-StarterCode
SilverSlash wrote 13 hours 11 min ago:
Any plans to make lecture videos available as well?
brcmthrowaway wrote 16 hours 0 min ago:
Do you support arm64e?
jprx wrote 50 min ago:
We teach using Intel X86_64 CPUs for a variety of reasons
- Most academic research has been done on Intel systems, so it's
easier for students reading papers to relate to their experiences
in the labs
- X86_64 provides convenient cache flush and cycle measurement
instructions in userspace
- Intel's strongly ordered memory model and cache inclusion
policy makes cross-core side channels simpler to reason about
- Practically, it's easier to scale up server infrastructure on
Intel (you can do most of the labs on inexpensive Intel-based
Linux systems)
- For Rowhammer, our students attack one particular kind of DRAM
that we have profiled and know works well with our machines
- Note that AMD's cache inclusion policy differs from Intel's- we
only support Intel chips for now
Down the road I could see us moving to ARM for a few labs
(perhaps a future PACMAN attack lab...?)
LPisGood wrote 20 hours 1 min ago:
It starts with necessary background into cache side channels and
covers transient execution attacks like Spectre.
DIR <- back to front page