Using JavaScript To Read L3 CPU Cache

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Profile image of Mattias Geniar

Mattias Geniar, April 21, 2015

Follow me on Twitter as @mattiasgeniar

Remarkable. And dangerous (PDF).

Side channel analysis is a remarkably powerful class of cryptanalytic attack. It lets attackers extract secret information hidden inside a secure device by analyzing the physical signals (power, radiation, heat, etc.) the device emits as it performs a secure computation [15].

The attack code itself, executes a Javascript-based cache attack, which allows it to track accesses to the DUT’s last-level cache (LLC) over time. Since this single cache is shared by all CPU cores and by all users, processes and protection rings, this information can provide the attacker with a detailed knowledge of the user and the system under attack.

The practical details and proof-of-concept are being withheld until all browsers have had a change to push an update and patch for this problem.

Using JavaScript to read data from the shared L3 CPU cache. Impressive.

The full research paper is available online: The Spy in the Sandbox – Practical Cache Attacks in Javascript.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.