A Systematic Evaluation of Novel and Existing Cache Side Channels
Fabian Rauscher
Network and Distributed System Security (NDSS) Symposium 2025 · Day 2 · Side Channels 1
This talk, presented by Fabian Rauscher at the NDSS Symposium, introduces three novel cache side-channel attack primitives utilizing the recently introduced Intel `CLDEMOTE` instruction. Beyond the discovery of these new attack vectors, the core contribution of this research lies in a comprehensive, systematic evaluation of both these novel attacks and seven existing cache side-channel primitives. The research meticulously compares these attacks across nine distinct metrics, including blind spot size, temporal precision, and covert channel capacity, on two recent Intel microarchitectures: Sapphire Rapids and Emerald Rapids. This rigorous comparative analysis addresses a significant gap in prior research, which often relied on custom, potentially suboptimal implementations of attacks, hindering accurate cross-comparison. The talk also demonstrates the practical implications of the `CLDEMOTE` instruction's unique properties, specifically its ability to bypass Kernel Address Space Layout Randomization (KASLR) on modern Intel CPUs, even those not officially supporting the instruction.
AI review
Solid, original hardware security research that earns its place at a top venue. Three new attack primitives derived from a single underexplored instruction, a rigorous nine-metric comparative framework across two recent microarchitectures, and a KASLR bypass that works even on CPUs where the instruction is officially a NOP — that's a real contribution, not a literature survey in a blazer.