CSE Colloquium: Yinqian Zhang

Presenter: Yinqian Zhang, Assistant Professor, The Ohio State University

Title: Rethinking Side-Channel Security in the Era of Confidential Computing

Date: Wednesday, February 20

Location: HBL Video Theatre 2

Time: 11:30-12:30pm

Abstract:

“Side channels” commonly refer to “unintended” vectors of information leakage of a computer system. They allow adversaries to infer secrets by observing the “side effects” of the system’s execution, such as execution time, power consumption, acoustic emission, etc. Side-channel security has been a growing research area in cybersecurity. It also gradually gains traction from the IT industry, especially after the disclosure of the Meltdown and Spectre attacks. This talk will provide a high-level overview of the side-channel research in the past decades, including some of the established principles and techniques that are commonly used to defeat these attacks.

A particular focus of this talk is side-channel security in the context of confidential computing. Confidential computing is an emerging computing paradigm. With the protection of trusted hardware, such as Intel SGX and AMD SEV, applications processing privacy-sensitive data can be securely outsourced to untrusted computing platforms. Confidential computing drastically alters the trust model of modern computation and enables a wide range of application scenarios, such as confidential cloud computing and privacy-preserving blockchains. However, side channels remain the primary security threat. As the privileged software is not trusted, extremely powerful side-channel attacks may be conducted. As such, side-channel defenses in the era of confidential computing face unprecedented challenges. This talk will cover some of my research on this topic, with a particular emphasis on the quest for effective side-channel defenses through runtime attack detection.

Short bio:

Prof. Yinqian Zhang is an assistant professor of the Department of Computer Science and Engineering at The Ohio State University. His research interest lies in computer security in general. His most prominent research is on the topic of side-channel security, particularly in the context of cloud computing, mobile computing, and confidential computing. Over the past ten years, he has published numerous high-quality peer-reviewed research papers in well-regarded conference proceedings and journals, including over 20 papers published at the “big four” security conferences (i.e., IEEE S&P, ACM CCS, Usenix Security, and NDSS). As an expert in system security and side channels, he has been frequently invited to serve on the technical program committees of these top security venues. Prof. Zhang is a recipient of the NSF CAREER Award. He holds three U.S. patents that were derived from his previous research.