Home / Series / Chaos Communication Congress / Aired Order / Season 36 / Episode 37

Practical Cache Attacks from the Network and Bad Cat Puns

Our research shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform). With our attack called NetCAT, we show this threat extends to untrusted clients over the network, which can now leak sensitive data such as keystrokes in a SSH session from remote servers with no local access. The root cause of the vulnerability is a recent Intel feature called DDIO, which grants network devices and other peripherals access to the CPU cache. Originally, intended as a performance optimization in fast networks, we show DDIO has severe security implications, exposing servers in local untrusted networks to remote side-channel attacks.

English
  • Originally Aired December 27, 2019
  • Runtime 40 minutes
  • Production Code 10884
  • Created December 27, 2019 by
    Administrator admin
  • Modified December 27, 2019 by
    Administrator admin