CSCI 699: Understanding and Identifying Side-Channel Threats in Cloud and LLM Systems
Fall 2025 | Thursday 3:30-6:50pm
Course Overview
Units: 4.0
Term—Day—Time: Fall 2025, Thursday 3:30-6:50pm
Location: DMC 211
Instructor: Mengyuan Li
Office: GCS 502A
Office Hours: Wednesday 11am-12 pm, GCS, B2 floor-SB9
Contact Info: mli49061@usc.edu (Please include “CSCI 699” in your email subject.)
Teaching Assistant: TBD
Slides & Materials: Shared via the Google Drive folder
Course Description
This graduate seminar course provides an in-depth exploration of side-channel attacks with a focus on cloud computing environments and large language model (LLM) systems. We will examine how subtle indirect leakages (e.g., execution timing, cache usage, resource contention) can breach isolation barriers in multi-tenant clouds and reveal sensitive data from cryptographic operations, cloud VMs/containers, and even modern AI models. Students will study both foundational side-channel techniques (cache timing attacks, speculative execution vulnerabilities) and cutting-edge research on side channels targeting cloud infrastructure and LLM deployments.
Learning Objectives
- Taxonomy & Fundamentals: Understand the taxonomy of side-channel attacks (timing, cache, power, etc.) and why they pose threats to secure cloud computing. Grasp fundamental techniques like cache Flush+Reload and Prime+Probe, branch prediction manipulation, and other microarchitectural exploits.
- Cloud Multi-Tenancy Risks: Analyze how cloud features (VM co-residency, shared hardware like last-level caches, GPUs) enable cross-tenant side-channel leaks.
- Speculative Execution Vulnerabilities: Comprehend transient execution attacks (e.g., Meltdown, Spectre) that exploit out-of-order and speculative execution to leak protected memory.
- A better understanding of other common privacy-preserving computation techniques such as FL, MPC, and FHE.
- Improve academic writing and presentation skills through assignments and the final project.
Grading Breakdown
| Assessment Tool | % of Grade |
|---|---|
| Assignment 1 | 15% |
| Assignment 2 | 15% |
| Course Presentation | 20% |
| Final Project | 40% |
| Participation and Discussion | 10% |
Course Schedule
| Week | Date | Topics/Daily Activities | Readings/Preparation | Deliverables |
|---|---|---|---|---|
| 1 | Aug 28 | Introduction to Side Channel | Course syllabus, Introductory articles on cloud security | - |
| 2 | Sept 04 | Microarchitecture Side-channels | Relevant research papers about cache side channel | - |
| 3 | Sept 11 | Side Channels in Trusted Execution Environments (TEEs) | Articles on CVMs and cloud implementations | - |
| 4 | Sept 18 | Programming with fingerprinting webpages | Tutorial on VMs and QEMU (related website: QEMU and KVM) | Assignment 1.1 Assigned |
| 5 | Sept 25 | Transient Execution Attacks; Assignment 1.2 Demo | 2-3 relevant research papers | Assignment 1.1 Check-in/ Assignment 1.2 Assigned |
| 6 | Oct 2 | Beyond microarchitecture side channel – Frequency, Port Contention, and Other Channels | 2-3 relevant research papers | - |
| 7 | Oct 9 | Side-Channel Attacks on GPUs | 2-3 relevant research papers | Assignment 1 Due/Assignment 2.1 Assigned |
| 8 | Oct 16 | Side-Channel Inference of ML Models (DNNs) | 2-3 relevant research papers about GPU vulnerabilities | Assignment 2.1 Due/Assignment 2.2 Assigned |
| 9 | Oct 23 | Side Channels in Large Language Model Services | - | - |
| 10 | Oct 30 | Programming with ML side-channel attacks | - | - |
| 11 | Nov 6 | Secure Software Development Practices/ Project Midterm Presentation | 2-3 relevant research papers about TEE side-channel Attacks | Project Midterm Report Due/Assignment 2.2 Due |
| 12 | Nov 13 | Balancing Security and Performance in Confidential Computing – CPU scenario | 2-3 relevant research papers about TEE-based system optimization | - |
| 13 | Nov 20 | Mitigating cache side channels: introducing mitigations from architecture design level and detection tool level. | 2-3 relevant research papers about GPU-TEE-based Systems | - |
| 14 | Nov 27 | Lectures; Final Project Presentations | - | In-class presentations |
| 15 | Dec 4 | Final Project Presentations | - | In-class presentations |
| 16 | Dec 11 | Final Project Report Due | - | Project Final Report Due |
Academic Integrity
This course follows the expectations for academic integrity as stated in the USC Student Handbook. Violations will result in disciplinary action.
Support Systems
For counseling, mental health, and other support services, visit USC Support Systems.