I Know What You Said: Unveiling Hardware Cache Side-Channels in Local Large Language Model Inference
Zibo Gao
34th USENIX Security Symposium (USENIX Security '25) · Day 1 · LLM Privacy
This talk, presented by Zibo Gao at USENIX Security, introduces a groundbreaking **cache side-channel attack** targeting on-device inference of **Large Language Models (LLMs)**. The research addresses a critical, previously underexplored vulnerability: while local LLMs are often perceived as a privacy-preserving solution, they remain susceptible to sophisticated hardware-level attacks that can bypass conventional software protections. The core of the work demonstrates how unprivileged malware, co-located on the same device, can reconstruct sensitive user prompts and model outputs purely by monitoring cache access patterns.
AI review
Genuinely novel work extending the classic flush+reload playbook into a target nobody's seriously attacked before — local LLM inference — with a full end-to-end exploitation pipeline that handles real-world noise at a 1:50,000 SNR. The threat model is sound, the validation breadth (5 LLM families, 10 frameworks, Intel 12th–14th gen) is serious, and the LMA/LMB approach to turn a noisy microarchitectural signal into coherent reconstructed text is the kind of creative cross-domain engineering that makes a paper worth reading twice.