-
Notifications
You must be signed in to change notification settings - Fork 0
/
ThreatModel.tex
4 lines (3 loc) · 1.42 KB
/
ThreatModel.tex
1
2
3
4
\section{Threat Model}
The adversary can run code on the same machine as the victim, but does not have physical access to the machine. It may be able to execute the code on the same core in another hyperthread or on the same hyperthread via context-switching. The adversary can use unpriveleged user-mode instructions to manipluate the processor, and has access to high-resolution timers such as timestamp counters. The attacker may know what code the victim is running, and even have the binary the victim is running. We assume that the system has address layout randomization (ASLR), so the attacker does not know the virtual or physical page numbers of the victim's data, although it might know the offsets within the segment for functions or data structures, such as the offset of main function in the code segment.
We focus on the specific case of leaking the order of accesses to a table via cache set contention, where the order and offsets into the table can be used to reconstruct secret information, such as an encryption key. Cache set contention should not give the adversary any useful information. As noted above, we don't consider attacks that require physical access to the machine, such as cold-boot attacks, or physical proximity such as electromagnetic \cite{nazari2017eddie}, power \cite{kocher1999differential}, or acoustic channels. We also don't consider attacks that rely on data reuse in the cache to learn information.