bluemsi/2nd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95cd8bb891bf94ea5dd50e4a490ee17d5707ecf2
2nd/10_Wiki/Topics/Backend/Cache Side-Channel Attack.md
T
Antigravity Agent f8b21af4be Wiki cleanup: error-doc removal, dedup merge, link normalization 
10_Wiki/Topics 대규모 정리:
- 오류 캡처/미완성 stub 문서 227개 제거
- 교차폴더 중복 43클러스터 병합 (63파일 → redirect)
- 링크명 정규화: 깨진 링크 수정·redirect 직결·개념 매핑 ~2,400건
- 카테고리 MOC 6개 신규 생성
- Graph 섹션 미해결 related-keyword 링크 10,058건 제거

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 23:52:15 +09:00

5.7 KiB
Raw Blame History

id, title, category, status, canonical_id, aliases, duplicate_of, source_trust_level, confidence_score, verification_status, tags, raw_sources, last_reinforced, github_commit, tech_stack
id title category status canonical_id aliases duplicate_of source_trust_level confidence_score verification_status tags raw_sources last_reinforced github_commit tech_stack
wiki-2026-0508-cache-side-channel-attack Cache Side-Channel Attack 10_Wiki/Topics verified self
Cache Timing Attack
Flush+Reload
Prime+Probe
Spectre
none A 0.9 applied
security
hardware
microarchitecture
side-channel
crypto
2026-05-10 pending
language framework
C/Assembly Linux/perf

Cache Side-Channel Attack

매 한 줄

"매 캐시 access timing 의 secret 를 leak". CPU cache 의 shared resource — attacker 가 victim 의 access pattern 을 timing 으로 observe 해서 key/data 를 복원. 2018 Spectre/Meltdown 이후 매 modern CPU 의 systemic threat — 2026 에도 hardware mitigation (Intel CET, ARM MTE) + software (constant-time crypto) 의 combo 가 필수.

매 핵심

매 attack primitives

  • Flush+Reload: 매 shared memory (libcrypto) — clflush 후 victim run, 다시 access timing 으로 hit/miss 판별. L3 inclusive cache 의 cross-core leak.
  • Prime+Probe: 매 shared memory 없을 때 — attacker 가 cache set 을 fill, victim run, attacker 의 reload 시 evicted line 의 timing spike.
  • Evict+Time: 매 victim 의 own execution time 측정 — coarser 매 cache state 무관.
  • Flush+Flush: 매 clflush 의 latency 자체로 hit/miss — quieter 매 PMU detection 회피.

매 transient execution (Spectre/Meltdown)

  • Spectre v1: bounds-check bypass — speculative load of out-of-bounds → cache trace.
  • Spectre v2: branch target injection — indirect branch poisoning.
  • Meltdown: kernel memory leak via deferred permission check.
  • MDS/L1TF/RIDL: microarchitectural buffer leaks.

매 응용

  1. AES key recovery (T-table lookup leak).
  2. RSA key bit recovery (modular exponentiation pattern).
  3. Cross-VM leak in cloud (Xen/KVM).
  4. Cross-process key extraction (libssl shared library).

💻 패턴

Flush+Reload (skeleton, x86_64)

#include <x86intrin.h>
#include <stdint.h>

static inline uint64_t rdtscp_serialized(void) {
    uint32_t aux;
    _mm_lfence();
    uint64_t t = __rdtscp(&aux);
    _mm_lfence();
    return t;
}

int probe(const void *addr) {
    uint64_t t0 = rdtscp_serialized();
    (void)*(volatile const uint8_t *)addr;
    uint64_t t1 = rdtscp_serialized();
    _mm_clflush(addr);
    return (int)(t1 - t0);   // < ~120 cycles → cached (hit)
}

Prime+Probe set-associative eviction

// Build eviction set for target cache set (LLC)
void prime(uint8_t **set, size_t ways) {
    for (size_t i = 0; i < ways; i++) {
        (void)*(volatile uint8_t *)set[i];
    }
}

int probe_set(uint8_t **set, size_t ways) {
    uint64_t total = 0;
    for (size_t i = 0; i < ways; i++) {
        uint64_t t0 = rdtscp_serialized();
        (void)*(volatile uint8_t *)set[i];
        uint64_t t1 = rdtscp_serialized();
        total += (t1 - t0);
    }
    return total > THRESHOLD;   // victim accessed this set
}

Constant-time AES (defensive)

// 매 T-table lookup 의 X — bitsliced AES 의 use
// libgcrypt / OpenSSL 3.x 의 AES-NI fallback path 의 default
#include <wmmintrin.h>
__m128i aes_round(__m128i state, __m128i rk) {
    return _mm_aesenc_si128(state, rk);  // hardware, no table
}

Spectre v1 mitigation (LFENCE fence)

if (idx < array_len) {
    _mm_lfence();                     // serialize speculation
    uint8_t v = array[idx];
    secret_dependent_load(v);
}

Speculative load hardening (Clang)

clang -mspeculative-load-hardening -O2 victim.c -o victim
# 매 conditional masking 의 inject — speculative path 의 secret 을 0 으로 mask

Constant-time comparison

int ct_memcmp(const void *a, const void *b, size_t n) {
    const uint8_t *x = a, *y = b;
    uint8_t diff = 0;
    for (size_t i = 0; i < n; i++) diff |= x[i] ^ y[i];
    return diff;   // 매 early-exit 의 X
}

Cache partitioning (Intel CAT)

# 매 LLC ways 의 isolate — victim domain 의 dedicated partition
pqos -e "llc:1=0x00ff;llc:2=0xff00"
pqos -a "core:1=1;core:2=2"

매 결정 기준

상황 Approach
Crypto library 작성 Constant-time + AES-NI/VAES intrinsics
Cloud multi-tenant CAT partitioning + SMT off + KPTI
Browser (JS sandbox) Site isolation + COOP/COEP + jittered timers
Embedded ARM MTE + speculative barriers (CSDB)
Detection Intel PMU MEM_LOAD_RETIRED.L3_MISS anomaly

기본값: constant-time crypto + KPTI + retpoline/IBRS + browser site isolation.

🔗 Graph

🤖 LLM 활용

언제: red-team threat model 의 enumerate, mitigation review, constant-time code audit. 언제 X: 매 actual exploit chain — practical attack 은 매 hardware-specific 의 measurement, LLM 의 hallucinate 가능.

안티패턴

  • Table-based AES in shared lib: 매 T-table 의 cache footprint 가 key-dependent — Flush+Reload 의 즉시 leak.
  • Branch on secret: 매 BTB poisoning 의 vector — constant-time control flow 의 use.
  • memcmp on secrets: 매 early-exit timing — ct_memcmp 의 substitute.
  • SMT enabled in cloud: sibling thread 의 L1 share — 매 disable.
  • Trusting rdtsc jitter as defense: 매 attacker 의 amplify 가능 — fundamental fix 가 필요.

🧪 검증 / 중복

  • Verified (Yarom & Falkner USENIX Security 2014; Kocher et al. 2018; Intel SDM Vol 3 §11).
  • 신뢰도 A.

🕓 Changelog

날짜 변경
2026-05-08 Phase 1
2026-05-10 Manual cleanup — Flush+Reload, Spectre, constant-time mitigation 정리
Reference in New Issue View Git Blame Copy Permalink