Paper 2013/448
Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack
Yuval Yarom and Katrina Falkner
Abstract
Sharing memory pages between non-trusting processesis a common method of reducing the memory footprintof multi-tenanted systems. In this paper we demonstratethat, due to a weakness in the Intel X86 processors,page sharing exposes processes to information leaks. Wepresent FLUSH+RELOAD, a cache side-channel attacktechnique that exploits this weakness to monitor accessto memory lines in shared pages. Unlike previous cacheside-channel attacks, FLUSH+RELOAD targets the Last-Level Cache (i.e. L3 on processors with three cache levels).Consequently, the attack program and the victim donot need to share the execution core.We demonstrate the efficacy of the FLUSH+RELOADattack by using it to extract the private encryption keysfrom a victim program running GnuPG 1.4.13. We testedthe attack both between two unrelated processes in a singleoperating system and between processes running inseparate virtual machines. On average, the attack is ableto recover 96.7% of the bits of the secret key by observinga single signature or decryption round.
Metadata
- Available format(s)
PDF- Publication info
- Published elsewhere. USENIX Security 2014
- Keywords
- Side Channel AttackCacheRSAExponentiation
- Contact author(s)
- yval @cs adelaide edu au
- History
- 2014-07-05: revised
- 2013-07-22: received
- See all versions
- Short URL
- https://ia.cr/2013/448
- License
CC BY
BibTeX
@misc{cryptoeprint:2013/448, author = {Yuval Yarom and Katrina Falkner}, title = {Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack}, howpublished = {Cryptology {ePrint} Archive, Paper 2013/448}, year = {2013}, url = {https://eprint.iacr.org/2013/448}}