Cache Based Side-Channel Attacks

Part of the IITK Directions book series (IITKD, volume 4)


In the current era of computation, multiple processor cores are deployed in devices that range from smart-phones, laptops, desktops, servers, and cloud-based systems. Though, innovations in the world of hardware and computer architecture have resulted in faster computation in terms of better performance, a lot of sensitive data that is stored and processed by these devices can get leaked through various hardware components, such as branch predictors, caches, Translation lookaside buffers (TLBs), hardware prefetchers, Dynamic Random Access Memory (DRAM) controllers, and the DRAM. Basically, these hardware components become side-channels and leak information through attacks known as side-channel attacks. A recent and famous attack that was of similar taste was the famous Spectre and Meltdown attacks. This chapter discusses some of the famous side-channel attacks on on-chip SRAM cache memories and off-chip DRAM memory.


Side-channel attacks Timing channels Caches DRAM Processor 


  1. 1.
    Neve M, Seifert JP (2006) Advances on access-driven cache attacks on AES. In: International workshop on selected areas in cryptography. Springer, pp 147–162Google Scholar
  2. 2.
    Aciiçmez O (2007) Yet another microarchitectural attack: exploiting i-cache. In: Proceedings of the 2007 ACM workshop on computer security architecture. ACM, pp 11–18Google Scholar
  3. 3.
    Acıiçmez O, Brumley BB, Grabher P (2010) New results on instruction cache attacks. In: International workshop on cryptographic hardware and embedded systems. Springer, pp 110–124Google Scholar
  4. 4.
    Tromer E, Osvik DA, Shamir A (2010) Efficient cache attacks on AES, and countermeasures. J Cryptol 23(1):37–71MathSciNetCrossRefGoogle Scholar
  5. 5.
    Gullasch D, Bangerter E, Krenn S (2011) Cache games–bringing access-based cache attacks on AES to practice. In: 2011 IEEE symposium on security and privacy (SP). IEEE, pp 490–505Google Scholar
  6. 6.
    Zhang Y, Juels A, Reiter MK, Ristenpart T (2012) Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM conference on computer and communications security. ACM, pp 305–316Google Scholar
  7. 7.
    Benger N, Van de Pol J, Smart NP, Yarom Y (2014) “Ooh aah... just a little bit”: a small amount of side channel can go a long way. In: International workshop on cryptographic hardware and embedded systems. Springer, pp 75–92Google Scholar
  8. 8.
    Liu F, Yarom Y, Ge Q, Heiser G, Lee RB (2015) Last-level cache side-channel attacks are practical. In: 2015 IEEE symposium on security and privacy (SP). IEEE, pp 605–622Google Scholar
  9. 9.
    Irazoqui G, Eisenbarth T, Sunar B (2015) S \$ A: a shared cache attack that works across cores and defies VM sandboxing–and its application to AES. In: 2015 IEEE symposium on security and privacy (SP). IEEE, pp 591–604Google Scholar
  10. 10.
    Irazoqui G, Inci MS, Eisenbarth T, Sunar B (2014) Wait a minute! a fast, cross-VM attack on AES. In: International workshop on recent advances in intrusion detection. Springer, pp 299–319Google Scholar
  11. 11.
    Apecechea GI, Inci MS, Eisenbarth T, Sunar B (2014) Fine grain cross-VM attacks on xen and vmware are possible! IACR cryptology ePrint archive 2014:248Google Scholar
  12. 12.
    Wang Z, Lee RB (2006) Covert and side channels due to processor architecture. In: 2006 22nd annual computer security applications conference (ACSAC’06). IEEE, pp 473–482Google Scholar
  13. 13.
    Osvik DA, Shamir A, Tromer E (2006) Cache attacks and countermeasures: the case of AES. In: Cryptographers’ track at the RSA conference. Springer, pp 1–20Google Scholar
  14. 14.
    Percival C (2005) Cache missing for fun and profitGoogle Scholar
  15. 15.
    Bonneau J, Mironov I (2006) Cache-collision timing attacks against AES. In: International workshop on cryptographic hardware and embedded systems. Springer, pp 201–215Google Scholar
  16. 16.
    Yarom Y, Falkner K (2014) Flush\(+\)reload: a high resolution, low noise, L3 cache side-channel attack. In: USENIX security symposium, vol 1, pp 22–25Google Scholar
  17. 17.
    Yarom Y, Benger N (2014) Recovering openssl ecdsa nonces using the flush\(+\)reload cache side-channel attack. IACR cryptology ePrint archive, vol 2014, pp 140Google Scholar
  18. 18.
    Wang Z, Lee RB (2007) New cache designs for thwarting software cache-based side channel attacks. In: ACM SIGARCH computer architecture news, vol 35. ACM, pp 494–505Google Scholar
  19. 19.
    Yan M, Gopireddy B, Shull T, Torrellas J (2017) Secure hierarchy-aware cache replacement policy (sharp): defending against cache-based side channel attacks. In: 2017 ACM/IEEE 44th annual international symposium on computer architecture (ISCA). IEEE, pp 347–360Google Scholar
  20. 20.
    Lipp M, Schwarz M, Gruss D, Prescher T, Haas W, Mangard S, Kocher P, Genkin D, Yarom Y, Hamburg M (2018) Meltdown. arXiv:1801.01207
  21. 21.
    Domnitser L, Jaleel A, Loew J, Abu-Ghazaleh N, Ponomarev D (2012) Non-monopolizable caches: low-complexity mitigation of cache side channel attacks. ACM Trans Archit Code Optim (TACO) 8(4):35Google Scholar
  22. 22.
    Kiriansky V, Lebedev I, Amarasinghe S, Devadas S, Emer J (2018) DAWG: A defense against cache timing attacks in speculative execution processors. In: 2018 51st annual IEEE/ACM international symposium on microarchitecture (MICRO). IEEE, pp 974–987Google Scholar
  23. 23.
    Martin R, Demme J, Sethumadhavan S (2012) Timewarp: rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks. ACM SIGARCH Computer Architecture News 40(3):118–129CrossRefGoogle Scholar
  24. 24.
    Qureshi MK (2018) Ceaser: Mitigating conflict-based cache attacks via encrypted-address and remapping. In: 2018 51st annual IEEE/ACM international symposium on microarchitecture (MICRO). IEEE, pp 775–787Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.Indian Institute of Technology KanpurKanpurIndia

Personalised recommendations