|
|
|
|
|
|
by alien_at_work
3086 days ago
|
|
|
Mostly high-level programmer. I may be wrong or be thinking of another recent attack but my understand was this: the attacker allocates 256 seperate pages, ensures they're not in memory and then runs code like this: if(false_but_predictive_execution_cant_tell)
{
int i = (int)*protected_kernel_memory_byte;
load_page(i, my_pages);
}
Then it becomes a matter of checking speed of reading from those pages. Which ever one is too fast to be loaded when read must be the value read from protected memory. |
|
|