Cache side-channel attack for VMs


New Member

Flush+Reload is a cache side-channel attack that monitors access to data in shared pages. In this paper we demonstrate
how to use the attack to extract private encryption keys from GnuPG.
The high resolution and low noise of the Flush+Reload attack enables a spy program to recover over 98% of the bits of the private key in a single decryption or signing round. Unlike previous attacks, the attack targets the last level L3 cache. Consequently, the spy program and the victim do not need to share the execution core of the CPU. The attack is not limited to a traditional OS and can be
used in a virtualised environment, where it can attack programs executing in a different VM.
By: Yuval Yarom and Katrina Falkner

Web: Direct PDF:

This might be the start of new attacks aimed at virtual servers. Memory de-duplication of crypt libs can now cause a lot of security issues.


The ocean is digital
I'm no hacker but this kind of thing has always struck me as a potential risk in a shared environment, but one of low priority as most people are never a target until an automated brainless script is made for the skids. That said, it's certainly an interesting discussion to have, and who knows when one could wake up one morning and find it quite relevant.
Last edited by a moderator:


Beware the bunny-rabbit!
Verified Provider
This mostly affects setups which use container virtualization or memory dedup.  Xen, for example, is unlikely to be affected.