Even without shared memory, the attacker can observe the victim's behavior regarding certain memory addresses by observing the cache state. If the attacker sets up the cache to a known state, then observes which values were evicted, it learns some information about the victim's execution, depending on the cache organization and replacement policy.

Description

Even without shared memory, the attacker can observe the victim's behavior regarding certain memory addresses by observing the cache state. If the attacker sets up the cache to a known state, then observes which values were evicted, it learns some information about the victim's execution, depending on the cache organization and replacement policy.

CWE

CVE

Attack Surfaces

Cache Memory (MITRE EMB3D PID-11)

Attack Vectors

Cache State (MITRE EMB3D TID-103)

Defenses

constant-time code, make memory accesses independent of secrets

removing the contention, cache partitioning

making the leakage probabilistic, randomize the cache replacement policy