[cixin]

Nice talk, there are many similarities to the memory deduplication attacks previously posted (also from the CCC).

They present a few cache based attacks. The first is a method to setup a covert communications channel between 2 processes by using cache misses and hits to communicate (basically timing to determine if an address is in cache or not).

Next is attacking crypto. In some AES implementations the T-table sits in a precomputed array in memory. By flushing and probing to see if entries have been added to cache you can find out which parts of the table have been recently accessed. This allows you to extract the key.

I assume you need to probe the whole of memory as you won't know where the table is. I also assume, though not explicitly mentioned that it doesn't matter if you have access to the pages or not, as long as you attempt an access it gets loaded into the cache?

Finally they show that you can monitor keystrokes via the cache, using a method similar to the crypto breaking.