IACR News item: 28 November 2014
Gorka Irazoqui, Thomas Eisenbarth, Berk Sunar
ePrint ReportIn this work, we introduce a ne-grain cross-core cache attack that exploits access time variations on the last level cache. The attack exploits huge pages to work across VM boundaries without requiring
deduplication. No conguration changes on the victim OS are needed, making the attack quite viable. Furthermore, only machine co-location is required, while the target and victim OS can still reside on
diferent cores of the machine. Our new attack is a variation of the prime and probe cache attack whose applicability at the time is limited to L1 cache. In contrast, our attack works in the spirit of the flush and reload attack targeting the shared L3 cache instead. Indeed, by adjusting the huge page size our attack can be customized to work virtually at any cache level/size. We demonstrate the viability of the attack by targeting an OpenSSL1.0.1f implementation of AES. The attack recovers AES keys in the cross-VM setting on Xen 4.1 with deduplication disabled, being only slightly less ecient than the flush and reload attack. Given that huge pages are a standard feature enabled in the memory management unit of OS\'s and that besides co-location no additional assumptions are needed, the attack we present poses a signicant risk to existing cloud servers.
Additional news items may be found on the IACR news page.