This lab is about side channels. You will see how caches can introduce side-channels and learn how some of them can be exploited to extract secrets from victim programs.
Exploiting side-channels vulnerabilities is an offensive technique. Trying it on real systems is against law and you might be prosecuted. Always do experiments with test hosts and users.
- Prerequisites
- Task 1: memory access time
- Task 2: memory access time with caches
- Task 3: FLUSH+RELOAD
- Task 4: FLUSH+FLUSH
If you are interested in learning more about cache side-channels, you can read the following two papers:
-
- Yuval Yarom and Katrina Falkner. “FLUSH+ RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack.” 23rd USENIX security symposium (USENIX security 14). 2014.
- Dag Arne Osvik, Adi Shamir, and Eran Tromer. “Cache attacks and countermeasures: the case of AES.” Cryptographers’ track at the RSA conference. Springer, Berlin, Heidelberg, 2006.
- Daniel Gruss, et al. “Flush+ Flush: a fast and stealthy cache attack.” International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, Cham, 2016.