85 lines
4.6 KiB
BibTeX
85 lines
4.6 KiB
BibTeX
@misc{flushflush,
|
||
title={Flush+Flush: A Fast and Stealthy Cache Attack},
|
||
author={Daniel Gruss and Clémentine Maurice and Klaus Wagner and Stefan Mangard},
|
||
year={2016},
|
||
eprint={1511.04594},
|
||
archivePrefix={arXiv},
|
||
primaryClass={cs.CR},
|
||
url={https://arxiv.org/abs/1511.04594},
|
||
}
|
||
|
||
|
||
@inproceedings{calibrationdoneright,
|
||
TITLE = {{Calibration Done Right: Noiseless Flush+Flush Attacks}},
|
||
AUTHOR = {Didier, Guillaume and Maurice, Cl{\'e}mentine},
|
||
URL = {https://inria.hal.science/hal-03267431},
|
||
BOOKTITLE = {{DIMVA 2021 - The 18th Conference on Detection of Intrusions and Malware \& Vulnerability Assessment}},
|
||
ADDRESS = {Lisboa / Virtual, Portugal},
|
||
YEAR = {2021},
|
||
MONTH = Jul,
|
||
PDF = {https://inria.hal.science/hal-03267431/file/dimva21_didier.pdf},
|
||
HAL_ID = {hal-03267431},
|
||
HAL_VERSION = {v1},
|
||
}
|
||
|
||
@misc{broadwelldieshot,
|
||
title={Broadwell - Microarchitectures - Intel - WikiChip (2024)},
|
||
url={https://en.wikichip.org/wiki/intel/microarchitectures/broadwell_(client)#Deca-core_Broadwell},
|
||
}
|
||
|
||
|
||
@inproceedings{slice-reverse,
|
||
author = {Maurice, Cl\'{e}mentine and Scouarnec, Nicolas and Neumann, Christoph and Heen, Olivier and Francillon, Aur\'{e}lien},
|
||
title = {Reverse Engineering Intel Last-Level Cache Complex Addressing Using Performance Counters},
|
||
year = {2015},
|
||
isbn = {9783319263618},
|
||
publisher = {Springer-Verlag},
|
||
address = {Berlin, Heidelberg},
|
||
url = {https://doi.org/10.1007/978-3-319-26362-5_3},
|
||
doi = {10.1007/978-3-319-26362-5_3},
|
||
abstract = {Cache attacks, which exploit differences in timing to perform covert or side channels, are now well understood. Recent works leverage the last level cache to perform cache attacks across cores. This cache is split in slices, with one slice per core. While predicting the slices used by an address is simple in older processors, recent processors are using an undocumented technique called complex addressing. This renders some attacks more difficult and makes other attacks impossible, because of the loss of precision in the prediction of cache collisions.In this paper, we build an automatic and generic method for reverse engineering Intel's last-level cache complex addressing, consequently rendering the class of cache attacks highly practical. Our method relies on CPU hardware performance counters to determine the cache slice an address is mapped to. We show that our method gives a more precise description of the complex addressing function than previous work. We validated our method by reversing the complex addressing functions on a diverse set of Intel processors. This set encompasses Sandy Bridge, Ivy Bridge and Haswell micro-architectures, with different number of cores, for mobile and server ranges of processors. We show the correctness of our function by building a covert channel. Finally, we discuss how other attacks benefit from knowing the complex addressing of a cache, such as sandboxed rowhammer.},
|
||
booktitle = {Proceedings of the 18th International Symposium on Research in Attacks, Intrusions, and Defenses - Volume 9404},
|
||
pages = {48–65},
|
||
numpages = {18},
|
||
keywords = {Side channel, Reverse engineering, Last level cache, Cross-Core, Covert channel, Complex addressing},
|
||
location = {Kyoto, Japan},
|
||
series = {RAID 2015}
|
||
}
|
||
|
||
@book{intel-man-vol1,
|
||
author={Intel Corporation},
|
||
title={Intel 64 and IA-32 Architecture Optimization Reference Manual},
|
||
year={2024},
|
||
url={https://software.intel.com/sites/default/files/managed/9e/bc/64-ia-32-architectures-optimization-manual.pdf}
|
||
}
|
||
|
||
@book{intel-man-vol4,
|
||
author={Intel Corporation},
|
||
title={Intel 64 and IA-32 Architectures Software Developer’s Manual},
|
||
year={2023},
|
||
url={https://www.intel.fr/content/www/fr/fr/content-details/774500/intel-64-and-ia-32-architectures-software-developer-s-manual-volume-4-model-specific-registers.html}
|
||
}
|
||
|
||
@inproceedings{cachetemplateattacks,
|
||
author={Daniel Gruss and Raphael Spreitzer and Stefan Mangard},
|
||
title={Cache Template Attacks: Automating Attacks on Inclusive {Last-Level} Caches},
|
||
booktitle={24th USENIX Security Symposium (USENIX Security 15)},
|
||
year={2015},
|
||
isbn={978-1-939133-11-3},
|
||
address={Washington, D.C.},
|
||
pages={897--912},
|
||
url={https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/gruss},
|
||
publisher={USENIX Association},
|
||
month=aug
|
||
}
|
||
|
||
|
||
@misc{cryptoeprint:2014/140,
|
||
author={Yuval Yarom and Naomi Benger},
|
||
title={Recovering {OpenSSL} {ECDSA} Nonces Using the {FLUSH}+{RELOAD} Cache Side-channel Attack},
|
||
howpublished={Cryptology ePrint Archive, Paper 2014/140},
|
||
year={2014},
|
||
note={\url{https://eprint.iacr.org/2014/140}},
|
||
url={https://eprint.iacr.org/2014/140}
|
||
}
|