FLUSH+RELOAD Steps
FLUSH Step
Assumptions for flushing the LLC (Last-Level Cache)
- Page sharing (due, e.g., to deduplication)
- Unprivileged cache flush instruction
- Cache inclusiveness to prevent non-exclusive Multilevel Caches like level 1 data is not in level 2
RELOAD Step
C volatile variable for cache inclusiveness
This code access 256 times with 4096 byte padding spacial Cache Locality to avoid using same Cache Line unit.
Attack Scenarios
- Shared Last Level Cache (LLC) with different processor cores
- Same-OS/Co-located-VM scenarios with OS/VM uses page deduplication
By observing a single signing or decryption round, the attack extracts 98.7% of the bits on average in the same OS scenario and 96.7% in the cross-VM scenario, with a worst case of 95% and 90%, respectively.
Victim Program
Assumption: there is a victim function that uses a secret value as an index to load some values from an array, as follows