[cryptography] AES side channel attack using a weakness in the Linux scheduler

Jack Lloyd lloyd at randombit.net
Wed Nov 24 11:26:21 EST 2010

An interesting new eprint on attacking AES using cache timings. It
describes a weakness in the Linux completely fair scheduler that
allows an attacker to gain a lot of information about the victim's
cache accesses.

"Cache Games - Bringing Access Based Cache Attacks on AES to Practice"
Endre Bangerter and David Gullasch and Stephan Krenn

What are people's thoughts on these kinds of local cache attacks, in
terms of actual systems security? While obviously very powerful, I
tend to think that once you have a focused attacker in an unprivledged
account on your machine, you have bigger problems than losing your AES
keys (maybe Midori or Coyotos or L4 will fix this someday).


More information about the cryptography mailing list