Chapter 1

Question 1

Define a side channel.

Answer 1

An unintended information leakage path (e.g., timing, power, cache state) that reveals secrets without reading them directly.

Question 2

What makes caches powerful side channels?

Answer 2

Access latency depends on whether data is cached (hit) or not (miss). Attackers measure timing differences to infer victim memory accesses.

Question 3

Cache line size on x86_64 (typical)?

Answer 3

64 bytes. The lowest 6 address bits are the line offset.

Question 4

Page size (typical) and consequence for indexing?

Answer 4

4 KiB pages; the lowest 12 bits are the page offset (includes the 6-bit line offset). Many L1/L2 set-index bits lie within these 12 bits.

Question 5

Define cache associativity.

Answer 5

Number of lines per set. An N-way cache can hold N distinct lines per set before evicting.

Question 6

Number of sets formula.

Answer 6

(#cache bytes) / (line size × associativity).

Question 7

Which levels are per-core vs shared?

Answer 7

L1 and L2 are per-core; L3 (LLC) is shared among cores (often split into slices hashed by physical address).

Question 8

Inclusive vs non-inclusive caches.

Answer 8

Inclusive: L1⊆L2⊆L3; evicting from L3 invalidates copies in upper levels. Non-inclusive (or mostly-inclusive) has no strict subset relation.

Question 9

Do loads fill all cache levels?

Answer 9

Typically yes (on inclusive hierarchies): a miss fills L3→L2→L1. Later evictions can leave a line only in L2 or L3.

Question 10

Define Prime+Probe (high level).

Answer 10

Prime: fill a set. Victim runs. Probe: time reaccesses; slower lines indicate eviction by victim → reveals which set the victim used.

Question 11

Define Flush+Reload (high level).

Answer 11

Flush: invalidate a specific shared line (e.g., clflush). Victim runs. Reload: time access; fast=the victim reloaded it, slow=not touched.

Question 12

When do you use Flush+Reload?

Answer 12

When attacker and victim share physical pages (shared libraries, shared mmap). Gives high spatial resolution.

Question 13

When do you use Prime+Probe?

Answer 13

When no shared memory exists. You only need conflicting (same-set) addresses; works cross-process and cross-VM with care.

Question 14

How to time memory on x86_64?

Answer 14

Use rdtsc/rdtscp with fences. Example: lfence; rdtsc before and rdtscp; lfence after a volatile load.

Question 15

Why fences around rdtsc?

Answer 15

To serialize instructions so timing boundaries don’t get reordered by the CPU.

Question 16

Hit vs miss timing (typical ballpark).

Answer 16

L1: ~4–5 cycles; L2: ~10–20; L3: ~30–60+; DRAM: ~100–300+. Measure on your CPU to set thresholds.

Question 17

How to empirically pick a hit/miss threshold?

Answer 17

Measure cold (after clflush) and warm (repeated access) latencies; set threshold ~ midpoint, or use distributions and cluster.

Question 18

Define conflicting addresses.

Answer 18

Different virtual/physical addresses mapping to the same cache set (and same slice for LLC), competing for associativity.

Question 19

How to generate same-set addresses for L1/L2?

Answer 19

Use identical page offsets across many pages (e.g., base + k*4096 + offset where offset is multiple of 64).

Question 20

Why does LLC (L3) need extra care?

Answer 20

LLC is physically indexed and sliced by a hash; set index uses bits above page offset. You need physical info or measurement-based grouping.

Question 21

Simple conflict test idea.

Answer 21

Warm A; hammer candidate B; time A. If A slows (miss) more often than baseline, A and B likely conflict (same set/slice). Repeat and vote.

Question 22

Eviction set definition.

Answer 22

A set of ≥ associativity addresses mapping to the same set (and slice) so that accessing them evicts any victim line from that set.

Question 23

Greedy eviction-set refinement.

Answer 23

Build a large candidate pool; remove one address at a time and test if the victim still gets evicted. Keep only necessary addresses until ≈ associativity.

Question 24

Why many samples?

Answer 24

Microarchitectural noise, OS interrupts, and prefetchers add variance. Aggregation (median/mean) yields reliable classification.

Question 25

Role of prefetchers & how to avoid them.

Answer 25

Sequential accesses may trigger prefetchers; access in pseudo-random order, stride > page, or use dependent pointers to reduce prefetch.

Question 26

Effect of hyperthreading (SMT).

Answer 26

Sibling thread shares core-private caches (L1/L2) and execution resources, increasing noise and potential cross-thread leakage.

Question 27

Virtual vs physical addressing for caches.

Answer 27

L1/L2 often virtually indexed (set bits within page offset) but physically tagged; LLC is physically indexed and sliced—important for address mapping.

Question 28

‘Slice hashing’ in L3.

Answer 28

The LLC is split into slices (≈ one per core). A hash of physical-address bits selects the slice; conflicts must match both set and slice.

Question 29

How clflush works for attacks.

Answer 29

`clflush addr` invalidates the line from all levels (and other cores). Great for clean misses and for Flush+Reload.

Question 30

Flush+Reload minimal pseudo-code.

Answer 30

`clflush(p); victim(); t=timed_load(p); if (t

Question 31

Prime+Probe minimal pseudo-code.

Answer 31

`prime(set_addrs); victim(); for a in set_addrs: t=timed_load(a); if (t>thr) eviction_detected`.

Question 32

Why map ‘same page offset’ helps?

Answer 32

For L1/L2 the set index bits often lie within the 12-bit page offset. Matching offsets → same set index regardless of page frame.

Question 33

How to discover associativity experimentally?

Answer 33

Increase number of same-set candidates K until a probe is consistently evicted. The smallest K that causes eviction ≈ associativity.

Question 34

Covert vs side channel.

Answer 34

Covert: two cooperating parties communicate via the channel. Side: attacker infers information from an unaware victim.

Question 35

Statistics you should know.

Answer 35

Mean, median, variance; hypothesis testing or thresholding to separate hit vs miss distributions robustly.

Question 36

Minimal C timing helper (concept).

Answer 36

`t0=rdtsc(); volatile uint8_t v=*p; t1=rdtsc(); lat=t1-t0;` Use fences and volatile to avoid reordering/optimization.

Question 37

Why volatile on loads?

Answer 37

Prevents the compiler from optimizing the memory access away or caching it in a register; enforces an actual load.

Question 38

Mitigations (software) for Cache Side Channels.

Answer 38

Reduce timer precision, add noise, avoid secret-dependent accesses, use constant-time code, partition memory, disable shared pages.

Question 39

Spectre/Meltdown relationship.

Answer 39

Transient execution leaks or uses data into microarchitectural state (e.g., caches). Cache side channels (like Flush+Reload) exfiltrate that data.

Question 40

Why shared libraries enable Flush+Reload.

Answer 40

Identical code/data pages are mapped read-only and shared across processes; attacker and victim observe the same physical line.

Question 41

How to validate an eviction set.

Answer 41

Prime candidates; access a known target; probe multiple times; expect high miss rate. Cross-validate on different runs/addresses.

Question 42

Typical workflow for an attack lab in cache side channel attacks.

Answer 42

1) Calibrate timers & thresholds. 2) Build/validate eviction set. 3) Synchronize with victim. 4) Collect many traces. 5) Analyze statistically.

Question 43

Common failure modes & fixes in Side Channel Attacks for Cache

Answer 43

Noisy timings → pin threads & repeat; prefetch false positives → randomize order; wrong slice → enlarge pool; thresholds off → re-calibrate and histogram.