This is a bit on the heavy side — we have no other assignment this week.

1. Explain how the code shown in Listing 2 of the Meltdown paper can lead to information leakage. Which is the statement that can temporarily access data that the process shouldn’t be able to? How does the process find out what the value is.
2. What is a stack canary? What kind of attacks does it protect against and how.
3. In CEASER: what is APLR? What if it is set to 200? What would be the overhead? How is the overhead as defined in the paper related to the true impact on performance? That is, will a 1% overhead translate into a 1% reduction in performance? Explain your answer by describing scenarios that support your case.
4. What is an eviction set? Referring to “Last-Level Cache Side-Channel Attacks are Practical” explain Algorithm 1. What does the first “foreach” loop achieve? What is the output of this loop? What is the property of the data that it outputs? For the second set of loops – nested foreach statements. What is the purpose of the first “if” statement? Why don’t we process all candidates in the inner foreach loop? What is the purpose of the nested foreach loop? What is the purpose of its “if” statement?
5. On the “CEASER” paper, Section V, subsections B and C. Can you explain the derivation in Subection B? Can you explain and re-derive the results presented in Subsection C? In particular, show that without remap (CEASE) and for a 1MB bank of the LLC it will take just 0.4 seconds to attack CEASE?
6. On the “CEASER” paper: Table II: What are tCAS, tRCD, tRP, and tRAS (we didn’t cover these in the lectures – you are supposed to find out the relevant literature on your own).
7. “CEASER” Fig 11. How is it possible that performance improves with CEASER? Do not simply recite what is written in the text, explain it with a scenario. Hint: this may be relevant “A case for two-way skewed-associative caches”