CacheAttack: Timing-based Cache Exploits
- CacheAttack is a side-channel technique that exploits timing differences in cache hits and misses to infer secret-dependent memory access patterns across various caching systems.
- It encompasses microarchitectural attacks like Flush+Reload and Prime+Probe as well as software-based attacks on OS page caches, web caches, and even semantic caches in large language models.
- Innovative methods such as CACHE SNIPER demonstrate that precise control of eviction timing can bypass traditional defenses, prompting the need for integrated, multi-layer countermeasures.
Cache attacks are attacks that exploit the timing of cache hits and misses to infer a victim’s secret-dependent memory access patterns, but the contemporary literature applies the same logic to a broader set of caching systems: shared CPU caches, the operating system page cache, shared web caches, and semantic caches for LLMs (Hu et al., 2023, Gruss et al., 2019, Mirheidari et al., 2019, Zhang et al., 30 Jan 2026). Within microarchitectural work, "CACHE SNIPER" shows that a cache attack can turn eviction into a precisely timed “interrupt” against asynchronous victim computations, defeating “good-enough” countermeasures such as prefetching and leakage minimization by controlling eviction timing at sub-round granularity (Briongos et al., 2020). Across the wider literature, the unifying theme is that cache state, cache residency, cache replacement metadata, or cache keys become observables that can be correlated with secrets, private behavior, or authorization-relevant state.
1. Scope and taxonomy
The core microarchitectural taxonomy distinguishes hit-based attacks from miss-based attacks. Hit-based attacks, such as Flush+Reload and Evict+Reload, arrange that secret-dependent lines are resident and then time reloads to identify hits; miss-based attacks, such as Prime+Probe and Evict+Time, prime sets or evict lines and then observe misses or victim runtime changes. A second axis separates non-speculative side channels from speculative attacks, and a third axis separates cross-domain from same-domain sender/receiver configurations; in speculative attacks, the sender and receiver can be in the same security domain, whereas conventional side channels are typically cross-domain (Hu et al., 2023).
The same analytical structure reappears outside hardware caches. The page-cache attack literature treats the operating system page cache as a pure software cache shared across processes and even across CPUs on the same machine. Web Cache Deception treats a shared CDN or proxy cache as the contested object. Semantic cache attacks treat embedding vectors or their LSH-based discretizations as fuzzy cache keys whose locality properties create collision opportunities (Gruss et al., 2019, Mirheidari et al., 2019, Zhang et al., 30 Jan 2026).
| Cache layer | Primary observable or misuse primitive | Representative formulations |
|---|---|---|
| CPU data caches | Hit/miss timing, contention, replacement metadata | Flush+Reload, Prime+Probe, CACHE SNIPER, Prime+Retouch |
| Operating system page cache | Page residency or working-set presence | mincore, QueryWorkingSetEx |
| Browser-visible shared LLC state | Aggregate occupancy | Cache occupancy memorygrams |
| Web/CDN caches | Cacheability misclassification and path confusion | Web Cache Deception |
| LLM semantic caches | Embedding-key or LSH collision | CacheAttack against semantic caching |
A recurring conceptual distinction is between conflict-based leakage and occupancy-based leakage. Conflict-based attacks depend on identifying which specific set or line was touched. Occupancy-based attacks instead measure aggregate pressure, as in LLC-sized buffer sweeps used for website fingerprinting or in proposals that treat per-process cache occupancy as the better indicator for timing channels (Shusterman et al., 2018, Yao et al., 2019).
2. Contention, reuse, and replacement-state leakage
At the hardware level, cache attacks derive power from deterministic or near-deterministic relations among addresses, sets, ways, and replacement state. Prime+Probe exploits set congruence and replacement behavior; Flush+Reload exploits shared lines; and advanced attacks increasingly target the replacement policy itself rather than the presence or absence of a victim line (Hu et al., 2023).
Replacement metadata is therefore not merely an implementation detail. CACHE SNIPER relies on a reverse-engineered “quad-age” pseudo-LRU LLC replacement policy to configure recency states so that the victim’s insertion becomes the immediate eviction candidate, and its single-memory-access eviction primitive exploits Intel TSX transient execution together with that replacement-policy model (Briongos et al., 2020). Prime+Retouch makes the same point more starkly: it leaks via non-shared memory, yet because underlying eviction metadata is shared. The attack exploits shared Tree-PLRU metadata, incurs no eviction on the victim’s data, requires minimal synchronization of only one memory access to the attacker’s pre-primed cache lines, and was demonstrated on both Intel x86 and Apple M1 (Lee et al., 2024).
This shift from data-line eviction to metadata observation changes the threat model for defenses. Prefetching-and-locking techniques such as Cloak prevent evictions on sensitive lines, but Prime+Retouch shows that hits still flip Tree-PLRU direction bits and thereby create a side channel. Detection schemes that look for abnormal miss rates are similarly weakened when the attack no longer needs to evict victim-owned lines (Lee et al., 2024).
The same issue appears in randomized caches. Work on randomized LLC designs shows that attackers can still construct small conflict groups or generalized eviction sets quickly enough unless re-randomization is very aggressive. "New Attacks and Defenses for Randomized Caches" argues that current randomization schemes require an extremely high refresh rate to be secure, on average a 15\% performance overhead, and upto 50\% in the worst case, motivating indirection-table randomization that re-randomizes one iTable entry at a time and quantitatively does almost as well as a fully associative cache (Ramkrishnan et al., 2019).
3. Precisely timed asynchronous attacks
CACHE SNIPER is centered on timing control rather than coarse integration over an entire encryption. Its “aim–wait–shoot” methodology first detects the moment the victim begins a protected operation, then waits for a calibrated offset, and finally evicts a specific LLC line precisely when a narrow leakage window opens (Briongos et al., 2020).
Its threat model is deliberately weak from the attacker’s perspective: an unprivileged user-mode process, cross-core LLC observation, no explicit synchronization with the victim, and no shared memory in the strongest variant. For best detection granularity it assumes Intel x86 with TSX, an inclusive L3/LLC with a pseudo-LRU “quad-age” replacement policy, and rdtsc for high-resolution timing. The TSX abort-based detector fills the target LLC set inside a transaction and waits for a victim access that conflicts with the transactional read-set. On an Intel i5-7600K, the abort consistently arrives about 380 cycles after the server’s “start encryption” timestamp, with a 97\% detection rate across 10,000 encryptions (Briongos et al., 2020).
The attack’s novelty lies in combining that start-of-encryption detector with a single-memory-access eviction primitive. Transactional reads bring lines into caches and update ages even if the transaction aborts, allowing the attacker to pre-program recency so that the victim’s target line becomes the eviction candidate after its first protected prefetch. A shared-memory alternative based on Flush+Reload can also detect the prefetch event; detection success rises above 99\% once the wait-count parameter is set appropriately, while valid detections peak around 70\% in the reported experiment (Briongos et al., 2020).
End-to-end, the method recovers AES-128 keys from OpenSSL’s S-Box implementation despite per-round prefetch, and extracts RSA exponent bits from wolfSSL’s hardened square-and-multiply implementation. The significance is not merely a new primitive but a changed assumption about temporal granularity: prefetch-based defenses and leakage minimization strategies can fail when the attacker can control eviction timing between a protective prefetch and a subsequent secret-dependent access (Briongos et al., 2020).
4. Cache attacks beyond the CPU LLC
The page-cache work extends cache attacks to a hardware-agnostic software cache. Here the observable is whether specific disk-backed pages are resident. On Linux, mincore yields per-page residency bits; on Windows, QueryWorkingSetEx exposes working-set information. The resulting side channel has 4 KB spatial resolution and measured average query latencies of 2.04 μs on Linux and 465.91 ns on Windows, with measurement-rate limits of approximately 6.7 measurements per second on Linux and 223 measurements per second on Windows because eviction dominates runtime (Gruss et al., 2019). This attack surface supports local covert channels, timed UI redressing, keystroke timing, recovery of temporary passwords derived from microtime, and a remote covert channel that achieved 7.74 bit/s on an HDD-backed system and 3.08 bit/s on an SSD-backed system (Gruss et al., 2019).
Browser-side occupancy attacks show that high-resolution timers are not necessary when the signal is amplified. The cache occupancy channel for website fingerprinting allocates an LLC-sized buffer and measures the time to sweep it, or, in Tor Browser, counts how many sweeps fit into each 100 ms slot. The method works in mainstream browsers with one sample every 2 ms for 30 s, and in Tor Browser with 500 measurements over 50 s. Closed-world accuracy reaches 91.4\% on Linux/Chrome with an LSTM and 46.7\% in Tor Browser, while open-world sensitive-vs-non-sensitive detection yields AUC in all settings (Shusterman et al., 2018). The key implication is explicit in the paper: timer reduction/jitter is insufficient because the attack already works at 10–500 Hz (Shusterman et al., 2018).
Shared web caches create a different class of cache attack. Web Cache Deception is a path-confusion attack in which the origin treats a URL as a dynamic, private page while the caching proxy interprets the same URL as a static, cacheable asset. In a study of 340 high-profile sites, 25 were found vulnerable; encoded variants such as %3F, %23, %3B, and %0A expanded the attack surface, and 11 of the 25 vulnerable sites were only exploitable via a variant rather than the original path-parameter trick (Mirheidari et al., 2019).
The same "CacheAttack" label has also been extended to semantic caching for LLM systems. In that setting, semantic cache keys are treated as fuzzy hashes. The attack is black-box and automated, relying on adversarial queries that collide under cosine or LSH-based reuse gates. On the SC-IPI setting, CacheAttack-1 reached a hit rate of 86.9\% for semantic caches and 85.8\% for semantic KV caches, with injection success rates of 81.1\% and 83.0\%, respectively. In agent tool-invocation hijacking, hit rate reached 90.6\% for semantic caches and 87.1\% for semantic KV caches, while tool selection and answer accuracy collapsed under attack (Zhang et al., 30 Jan 2026). This suggests that the cache-attack concept now spans confidentiality, integrity, and authorization failures across layers, not only timing leakage.
5. Measurement, attribution, and runtime detection
As cache attacks diversified, evaluation frameworks moved from attack-specific demonstrations to general leakage quantification. CacheFX models caches, attackers, and victims in software and introduces three metrics: Relative Eviction Entropy, eviction-set construction complexity, and protection against cryptographic attacks. Relative Eviction Entropy is a KL-divergence from the uniform eviction behavior of a fully associative random-replacement cache. Under this metric, set-associative and CEASER caches leak approximately bits per access, fully associative and NewCache show near-zero leakage, and the broader experimental conclusion is that all non-partitioned designs allow for effective cryptographic attacks. CacheFX also reports that eviction-based attacks are more difficult to mount than occupancy-based attacks in state-of-the-art secure caches (Genkin et al., 2022).
CacheQL pushes measurement down to the binary and trace level. It quantifies leakage as mutual information , models leakage localization as a cooperative game, and distributes leaked bits to program points with Shapley values. It is explicitly designed for whole side-channel traces with millions of records and for non-deterministic settings involving blinding, ORAM, or real-world noise. In evaluation, it identified a few hundred new leakage sites in recent OpenSSL (ver. 3.0.0), MbedTLS (ver. 3.0.0), and Libgcrypt (ver. 1.9.4), including pre-processing modules that earlier tools did not analyze (Yuan et al., 2022).
Runtime detection takes a different view. CacheShield monitors the victim rather than the attacker, using hardware performance events and a CUSUM change-point detector over LLC misses. The final design monitors PAPI_L3_TCM and cycles, samples at μs, and achieved with no missed attacks in the reported tests. Representative mean detection latencies range from 2.97 ms for ElGamal under Flush+Reload on native hardware to 13.42 ms for AES under Prime+Probe in VMware (Briongos et al., 2017). Another line of work argues that cache occupancy is a stronger detector than cache misses because occupancy is bidirectional. In gem5 experiments, miss-based cross-correlation drops from 0.79 to 0.40 under adversarial noise, whereas occupancy-based cross-correlation remains at 1.00 and changes by less than 0.01 (Yao et al., 2019).
6. Defenses and design directions
A persistent theme in the literature is that narrow defenses fail when the attacker shifts observables. CACHE SNIPER bypasses prefetching and leakage minimization by placing eviction in the gap between prefetch and later secret-dependent access, and Prime+Retouch bypasses prefetch-and-lock defenses because locking data does not isolate replacement metadata (Briongos et al., 2020, Lee et al., 2024). This suggests that effective defenses must control mapping, replacement, sharing, speculative state, and observability together rather than separately.
One response is to redesign cache placement and replacement. "Chameleon Cache" extends randomized skewed caches with a victim cache and automatic reinsertion, reducing leakage per eviction from approximately 5 bits to approximately 0.4 bits in one reported CEASER-S configuration, while keeping average performance overhead under 1\% (Unterluggauer et al., 2022). SEA Cache adds per-domain logical associativity; at , SEA with yields attack success and core 1 CPI increase , compared to success and 0 CPI increase for a CEASER-SH-equivalent 1 configuration (Liu et al., 2024). RollingCache replaces fixed set mapping with runtime-controlled indirection and reports 1.67\% average slowdown with 2 area overhead while making miss attribution collapse toward a coin flip under the paper’s model (Ojha et al., 2024). ClepsydraCache combines time-to-live decay with index randomization, reducing conflict-based evictions by more than 90\% across evaluated workloads with low average runtime overheads, including 1.38\% on PARSEC (Thoma et al., 2021).
A second response is to suppress or hide unsafe fills. STAR-FARR and STAR-NEWS compose domain-tagged NoHit, randomized eviction, and SFill-Inv, and report average overheads of 5.6\% and 6.8\%, respectively, while targeting both non-speculative and speculative cache channels (Hu et al., 2023). Random and Safe (RaS) takes a related path: only “safe” addresses may fill, and fills occur at a constant rate from a Safe History Buffer. RaS-Spec reports 3.8\% average slowdown, while RaS+ variants span 7.9\% to 45.2\% depending on protection level (Hu et al., 2023).
A third response is to collapse the hit/miss signal directly. BackCache places evicted L1D lines into a fully associative backup cache, so that an L1D miss can still return at L1 latency if the line resides in the backup. The evaluation reports performance degradation of 2.61\%, 2.66\%, and 3.36\% for OS kernel, single-thread, and multi-thread benchmarks, respectively (Wang et al., 2023).
Software and OS defenses remain important where hardware cannot change. CacheBar uses copy-on-access to defeat Flush+Reload across containers and manages per-color cacheability budgets to blunt Prime+Probe in shared LLCs. In evaluation, Prime+Probe demand classification accuracy drops from 67.5\% without CacheBar to 33\% with it (Zhou et al., 2016). Page-cache attacks motivate API restriction: the proposed mitigations are to make Linux mincore privileged and to require PROCESS_QUERY_INFORMATION rather than PROCESS_QUERY_LIMITED_INFORMATION for QueryWorkingSetEx, while removing ShareCount from the returned structure (Gruss et al., 2019).
The broader record is therefore cumulative rather than definitive. Randomization alone can be bypassed, timer hardening alone is insufficient, prefetch-and-lock can leak through metadata, and protection that only separates domains can miss same-domain speculative channels. The literature increasingly converges on multi-layer countermeasures: randomized mapping, random replacement, domain tagging, safe-fill policies, restricted cache-residency queries, and application-level constant-time discipline (Ramkrishnan et al., 2019, Shusterman et al., 2018, Hu et al., 2023).