NDSS 2025 – A Systematic Evaluation Of Novel And Existing Cache Side Channels
None
<p>Session 5D: Side Channels 1 </p><p></p><center data-preserve-html-node="true"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="" src="https://www.youtube-nocookie.com/embed/tm89r_XG1bQ?si=GR8fZqnzD7VyOiVj" width="560" frameborder="0" data-preserve-html-node="true" title="YouTube video player" height="315"></iframe> <p></p><center data-preserve-html-node="true">Authors, Creators & Presenters: Fabian Rauscher (Graz University of Technology), Carina Fiedler (Graz University of Technology), Andreas Kogler (Graz University of Technology), Daniel Gruss (Graz University of Technology) <p></p><center data-preserve-html-node="true">PAPER<br> <center data-preserve-html-node="true">A Systematic Evaluation Of Novel And Existing Cache Side Channels <p></p><center data-preserve-html-node="true">CPU caches are among the most widely studied side-channel targets, with Prime+Probe and Flush+Reload being the most prominent techniques. These generic cache attack techniques can leak cryptographic keys, user input, and are a building block of many microarchitectural attacks. In this paper, we present the first systematic evaluation using 9 characteristics of the 4 most relevant cache attacks, Flush+Reload, Flush+Flush, Evict+Reload, and Prime+Probe, as well as three new attacks that we introduce: Demote+Reload, Demote+Demote, and DemoteContention. We evaluate hit-miss margins, temporal precision, spatial precision, topological scope, attack time, blind spot length, channel capacity, noise resilience, and detectability on recent Intel microarchitectures. Demote+Reload and Demote+Demote perform similar to previous attacks and slightly better in some cases, e.g., Demote+Reload has a 60.7 % smaller blind spot than Flush+Reload. With 15.48 Mbit/s, Demote+Reload has a 64.3 % higher channel capacity than Flush+Reload. We also compare all attacks in an AES T-table attack and compare Demote+Reload and Flush+Reload in an inter-keystroke timing attack. Beyond the scope of the prior attack techniques, we demonstrate a KASLR break with Demote+Demote and the amplification of power side-channel leakage with Demote+Reload. Finally, Sapphire Rapids and Emerald Rapids CPUs use a non-inclusive L3 cache, effectively limiting eviction-based cross-core attacks, e.g., Prime+Probe and Evict+Reload, to rare cases where the victim’s activity reaches the L3 cache. Hence, we show that in a cross-core attack, DemoteContention can be used as a reliable alternative to Prime+Probe and Evict+Reload that does not require reverse-engineering of addressing functions and cache replacement policy. <hr> <p></p><center data-preserve-html-node="true">ABOUT NDSS<br> <center data-preserve-html-node="true">The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies. <hr> <p>Our thanks to the <a href="https://www.ndss-symposium.org/">Network and Distributed System Security (NDSS) Symposium</a> for publishing their Creators, Authors and Presenter’s superb <a href="https://www.youtube.com/@NDSSSymposium">NDSS Symposium 2025 Conference</a> content on the <a href="https://www.ndss-symposium.org/">Organizations’</a> <a href="https://youtube.com/@ndsssymposium?si=lLtn9sVVEwmZ8J9h3">YouTube Channel</a>. </p> <p></p></center></center></center></center></center></center></center><p><a href="https://www.infosecurity.us/blog/2025/12/13/ndss-2025-a-systematic-evaluation-of-novel-and-existing-cache-side-channels">Permalink</a></p><p> </p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/12/ndss-2025-a-systematic-evaluation-of-novel-and-existing-cache-side-channels/" data-a2a-title="NDSS 2025 – A Systematic Evaluation Of Novel And Existing Cache Side Channels"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-a-systematic-evaluation-of-novel-and-existing-cache-side-channels%2F&linkname=NDSS%202025%20%E2%80%93%20A%20Systematic%20Evaluation%20Of%20Novel%20And%20Existing%20Cache%20Side%20Channels" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-a-systematic-evaluation-of-novel-and-existing-cache-side-channels%2F&linkname=NDSS%202025%20%E2%80%93%20A%20Systematic%20Evaluation%20Of%20Novel%20And%20Existing%20Cache%20Side%20Channels" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-a-systematic-evaluation-of-novel-and-existing-cache-side-channels%2F&linkname=NDSS%202025%20%E2%80%93%20A%20Systematic%20Evaluation%20Of%20Novel%20And%20Existing%20Cache%20Side%20Channels" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-a-systematic-evaluation-of-novel-and-existing-cache-side-channels%2F&linkname=NDSS%202025%20%E2%80%93%20A%20Systematic%20Evaluation%20Of%20Novel%20And%20Existing%20Cache%20Side%20Channels" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fndss-2025-a-systematic-evaluation-of-novel-and-existing-cache-side-channels%2F&linkname=NDSS%202025%20%E2%80%93%20A%20Systematic%20Evaluation%20Of%20Novel%20And%20Existing%20Cache%20Side%20Channels" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.infosecurity.us/">Infosecurity.US</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Marc Handelman">Marc Handelman</a>. Read the original post at: <a href="https://www.youtube-nocookie.com/embed/tm89r_XG1bQ?si=GR8fZqnzD7VyOiVj">https://www.youtube-nocookie.com/embed/tm89r_XG1bQ?si=GR8fZqnzD7VyOiVj</a> </p>