Texonom
Texonom/
Engineering
Engineering/Service Engineering/Computer Security/Hardware Security/Cache Side-Channel Attack/
FLUSH+RELOAD
Search

FLUSH+RELOAD

Creator
Creator
Seonglae ChoSeonglae Cho
Created
Created
2024 Jun 3 5:16
Editor
Editor
Seonglae ChoSeonglae Cho
Edited
Edited
2024 Jun 7 4:28
Refs
Refs

FLUSH+RELOAD Steps

notion image

FLUSH Step

Assumptions for flushing the LLC (Last-Level Cache)
  • Page sharing (due, e.g., to deduplication)
  • Unprivileged cache flush instruction
  • Cache inclusiveness to prevent non-exclusive
    Multilevel Caches     like level 1 data is not in level 2

RELOAD Step

C volatile variable for cache inclusiveness
This code access 256 times with 4096 byte padding spacial
Cache Locality to avoid using same
Cache Line unit.

Attack Scenarios

  • Shared Last Level Cache (LLC) with different processor cores
  • Same-OS/Co-located-VM scenarios with OS/VM uses page deduplication
By observing a single signing or decryption round, the attack extracts 98.7% of the bits on average in the same OS scenario and 96.7% in the cross-VM scenario, with a worst case of 95% and 90%, respectively.

Victim Program

Assumption: there is a victim function that uses a secret value as an index to load some values from an array, as follows
 
 
 
 
 

Recommendations

Texonom
Texonom/
Engineering
Engineering/Service Engineering/Computer Security/Hardware Security/Cache Side-Channel Attack/
FLUSH+RELOAD