%0 Journal Article %T Evict+Time Attack on Intel CPUs without Explicit Knowledge of Address Offsets %J The ISC International Journal of Information Security %I Iranian Society of Cryptology %Z 2008-2045 %A Meraji, Vahid %A Soleimany, Hadi %D 2021 %\ 01/01/2021 %V 13 %N 1 %P 19-27 %! Evict+Time Attack on Intel CPUs without Explicit Knowledge of Address Offsets %K Evict+Time attack %K access-driven attacks %K LRU replacement policy %K Inclusive memory %R 10.22042/isecure.2020.209945.500 %X Numerous studies have been conducted to present new attacks using the time difference between the processor access to main memory and cache memory. Access-driven attacks are a series of cache-based attacks using fewer measurement samples to extract sensitive key values due to the ability of the attacker to evict or access cache lines compared to the other attacks based on this feature. In the access-driven attacks, the attacker frequently needs to evict or reload data from the cache memory before or after performing the targeted cryptosystem which requires the knowledge about the virtual or physical addresses. Knowledge of address offset for the corresponding data blocks in cryptographic libraries is a prerequisite for an adversary to reload or evict cache lines in Intel processors. Preventing the access of attackers to the address offsets can potentially be a countermeasure to mitigate access-driven attacks. In this paper, we demonstrate how to perform the Evict+Time attack on Intel x86 CPUs without any privilege of knowing address offsets. %U https://www.isecure-journal.com/article_113678_10b8229e122f30b49ed5b6abb81f3a62.pdf