[cryptography] AES side channel attack using a weakness in the Linux scheduler

Jack Lloyd lloyd at randombit.net
Wed Nov 24 11:26:21 EST 2010


An interesting new eprint on attacking AES using cache timings. It
describes a weakness in the Linux completely fair scheduler that
allows an attacker to gain a lot of information about the victim's
cache accesses.

"Cache Games - Bringing Access Based Cache Attacks on AES to Practice"
Endre Bangerter and David Gullasch and Stephan Krenn
http://eprint.iacr.org/2010/594

What are people's thoughts on these kinds of local cache attacks, in
terms of actual systems security? While obviously very powerful, I
tend to think that once you have a focused attacker in an unprivledged
account on your machine, you have bigger problems than losing your AES
keys (maybe Midori or Coyotos or L4 will fix this someday).

-Jack



More information about the cryptography mailing list