Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed.
The findings are from a paper “DABANGG: Time for Fearless Flush based Cache Attacks” published by a pair of researchers, Biswabandan Panda and Anish Saxena, from the Indian Institute of Technology (IIT) Kanpur earlier this week.
However, the new variant aims to improve the accuracy of these attacks even in a noisy multi-core system. It also works seamlessly against non-Linux Operating Systems, like macOS.
“Like any other cache attacks, flush based cache attacks rely on the calibration of cache latency,” Biswabandan Panda, assistant professor at IIT Kanpur, told The Hacker News. “State-of-the-art cache timing attacks are not effective in the real world as most of them work in a highly controlled environment.”
“With DABANGG, we make a case for cache attacks that can succeed in the real world that’s resilient to system noise and work perfectly even in a highly noisy environment,” he added.
Flush+Reload and Flush+Flush attacks work by flushing out the memory line (using the “clflush” instruction), then waiting for the victim process to access the memory line, and subsequently reloading (or flushing) the memory line, measuring the time needed to load it.
DABANGG is a lot like Flush+Reload and Flush+Flush attacks in that it’s a flush-based attack, which depends on the execution timing difference between cached and non-cached memory accesses. But unlike the latter two, DABANGG makes the thresholds used to differentiate a cache hit from a miss dynamic.
Power management techniques like dynamic voltage and frequency scaling (DVFS) in modern processors allow for frequency changes based on overall CPU utilisation, with cores running compute-intensive processes operating at a higher frequency than those that do not.
images from Hacker News