|
|
|
|
|
|
by tptacek
3084 days ago
|
|
|
Is it the timing mechanism you have trouble with, or the timing target? Flush+Reload is (to me) an unusually clear paper (it's an engineering paper, which is probably why it wound up at Usenix). But even in the paper, the actual target (not just understanding square-and-multiply but also how that gets translated into cache hits) is tricky. The nice thing about Meltdown and Spectre is that the cache hits are less tricky to understand; they're engineered specifically to make the exploit work. |
|
|
I guess part of what bothered me is what makes it well written; there is so much of the discussion spent on background, which felt like stating the obvious to me. It wasn't clear to me how specific the conditions needed to be for the attack. They use GnuPG as an example, and ostensibly rely on knowing the algorithms that the decryption and encryption functions beforehand. With knowledge of the implementation, they're able to trace execution, and subsequently infer each bit of the victim data that they want to probe. They also need to know the victim's cache characteristics; hierarchy and timing.
It's a far cry from arbitrarily reading memory on an arbitrary victim.