@inproceedings{e9980274824e4394bdc9092b62ffcb78,
title = "Attack directories, not caches: Side channel attacks in a non-inclusive world",
abstract = "Although clouds have strong virtual memory isolation guarantees, cache attacks stemming from shared caches have proved to be a large security problem. However, despite the past effectiveness of cache attacks, their viability has recently been called into question on modern systems, due to trends in cache hierarchy design moving away from inclusive cache hierarchies. In this paper, we reverse engineer the structure of the directory in a sliced, non-inclusive cache hierarchy, and prove that the directory can be used to bootstrap conflict-based cache attacks on the last-level cache. We design the first cross-core Prime+Probe attack on non-inclusive caches. This attack works with minimal assumptions: the adversary does not need to share any virtual memory with the victim, nor run on the same processor core. We also show the first high-bandwidth Evict+Reload attack on the same hardware. We demonstrate both attacks by extracting key bits during RSA operations in GnuPG on a state-of-the-art non-inclusive Intel Skylake-X server.",
keywords = "Cache-side-channel-attack, Directory, Evict+Reload, Flush+Reload, Non-inclusive-cache, Prime+Probe",
author = "Mengjia Yan and Read Sprabery and Bhargava Gopireddy and Fletcher, {Christopher Wardlaw} and Campbell, {R H} and Josep Torrellas",
note = "Publisher Copyright: {\textcopyright} 2019 IEEE.; 40th IEEE Symposium on Security and Privacy, SP 2019 ; Conference date: 19-05-2019 Through 23-05-2019",
year = "2019",
month = may,
doi = "10.1109/SP.2019.00004",
language = "English (US)",
series = "Proceedings - IEEE Symposium on Security and Privacy",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "888--904",
booktitle = "Proceedings - 2019 IEEE Symposium on Security and Privacy, SP 2019",
address = "United States",
}