Instruction Cache Attacks

Updated 3 January 2026

Instruction cache attacks are microarchitectural exploits that leverage timing discrepancies and cache manipulations to infer sensitive information, disrupt control flow, and bypass security measures.
They employ both software methods like self-modifying code and hardware techniques such as electromagnetic fault injection, validated on x86 and ARM architectures with distinct timing metrics.
Research shows these attacks can achieve high success in cryptographic key extraction, covert channel creation, and control-flow corruption while evading conventional defenses.

Instruction cache attacks are microarchitectural exploits that leverage the behavior, timing, and coherence mechanisms of modern processor instruction caches to infer sensitive information, alter control flow, or bypass security models. These attacks can be realized through both software-based manipulation of instruction cache states—including using self-modifying code (SMC) to induce measurable timing discrepancies—as well as hardware-based methods such as precise electromagnetic fault injection (EMFI). Instruction cache attacks have demonstrated applicability on x86, ARM, and ARMv7-M architectures, and underpin a broad spectrum of security threats including cryptographic key extraction, establishment of covert channels, and the circumvention of control-flow integrity measures (Son et al., 8 Feb 2025, Rivière et al., 2015, Lipp et al., 2015).

1. Instruction Cache Architectures and Their Security Properties

Contemporary instruction cache architectures differ across processor families but share fundamental properties exploited by attackers.

x86 L1 Instruction Cache: Typical configurations exhibit a 32 KB, 8-way set-associative, physically indexed and tagged structure, with 64 sets of 64-byte lines. The instruction cache is split from the L1 data cache, and feeds the back-end via separate micro-op caches and decode queues. Modifications to cache lines by SMC can trigger pipeline clears and invalidate front-end state, integral to several attack modalities (Son et al., 8 Feb 2025).
ARMv7-M Instruction Cache: Employs a 64 × 128-bit line (16-byte line) L1 cache with set-associativity and LRU replacement, supported by a 4-entry prefetch FIFO (PFQ) that buffers instructions prior to decode. Prefetch and cache-miss behaviors are key to EM fault attack models (Rivière et al., 2015).
ARMv7-A/ARMv8-A L1 Instruction Caches: Feature 16–32 KB split L1 instruction caches (2–4 ways, 64–256 sets, 64-byte lines), with a multi-level hierarchy including shared L2 caches of up to several MB. Set-indexing calculations are directly leveraged in Prime+Probe, Evict+Reload, and related attacks (Lipp et al., 2015).

Instruction cache behavior—including line fill, replacement, and coherency—directly impacts the side-channel surface and the efficacy of timing and fault-based attacks.

2. Timing and Conflict Mechanisms

Timing variations in instruction fetches, induced by intentional cache line modifications or by hardware faults, form the basis for information leakage.

SMC-Induced Timing in x86: Specific SMC operations such as CLFLUSH, write-back (MOV to code), or atomic updates against cache-resident instruction lines trigger “machine clears.” These events flush decode queues, clear micro-op caches, and force line refills from either LLC or DRAM, incurring penalties far exceeding nominal L1-I hits. Measured deltas on Intel Cascade Lake: mean $t_{hit} ≈ 30$ cycles ( $σ_{hit} ≈ 5$ ), mean $t_{miss} ≈ 350$ cycles ( $σ_{miss} ≈ 30$ ), with $\Delta t ≈ 320$ cycles (Son et al., 8 Feb 2025).
EMFI on ARMv7-M: EM pulses delivered at precise timing relative to PFQ refills selectively disrupt instruction line loads, producing highly reproducible skip-and-replay faults. Probability of precise, single-line disruptions approaches $P ≈ 0.96$ within window parameters ( $σ_t≈0.5$ ns, $σ_V≈0.3$ dBm). The resulting control-flow anomalies involve replaying prior 4-instruction blocks and skipping the intended next four, altering program semantics (Rivière et al., 2015).
ARMv7-A/ARMv8-A Timing: Residencies and evictions of instruction addresses are measured by reload times; for instance, on OnePlus One (Prime+Probe): $μ_{hit} ≈ 40$ cycles ( $σ_{hit} ≈ 3$ ), $μ_{miss} ≈ 500$ cycles ( $σ_{miss} ≈ 20$ ), threshold $T_{thr} ≈ 270$ cycles (Lipp et al., 2015).

Timings are collected using hardware-supported counters (e.g., rdtsc, perf_event_open) or high-precision timers and inform threshold selection for bit extraction and attack synchronization.

3. Attack Methodologies: Software and Hardware Primitives

A variety of primitives, leveraging the unique properties of instruction caches, underlie potent attack strategies.

Software-based (x86, ARM, ARMv8-A):

Prime+Probe, Flush+Reload, Evict+Reload (and SMC-enhanced): Attackers calibrate sets and introduce congruent addresses to manipulate cache residency, leveraging timing measurements on subsequent reloads or flushes to infer victim activity. On x86 with SMC, attacks are made less noisy and more precise through induced pipeline clears (Son et al., 8 Feb 2025). On ARM, eviction sets or ARM-specific flush instructions are used to emulate the same primitives (Lipp et al., 2015).
Flush+Flush: On ARMv8-A, timing the flush instruction itself reveals line residency (cached: $\sim$ 220 cycles; uncached: $\sim$ 180 cycles) and thus victim access patterns, entirely avoiding reloads (Lipp et al., 2015).
Covert Channels and Spectre-like Attacks: By mistraining branch predictors and subsequently leveraging instruction cache conflicts, high-capacity covert channels (e.g., 3,100–4,100 B/s) with $>98\%$ success can be established across microarchitectures (Son et al., 8 Feb 2025).

Hardware-based (EMFI on ARMv7-M):

Precise Instruction Skipping and Replay: EMFI at the PFQ refill stage yields deterministic, line-granular faults, facilitating control-flow manipulations and rendering standard countermeasures—such as single-instruction duplication—ineffective (Rivière et al., 2015).

Pseudocode and attack flow are calibrated by adaptive timing, with empirical measurement of $μ_{hit}$ , $μ_{miss}$ , and threshold $T_{thr}$ to reliably distinguish victim activity.

4. Applications: Cryptographic Attacks, Covert Channels, and Control-Flow Corruption

Instruction cache attacks have immediate and practical impact on security-critical operations:

Target/Technique	Key Outcome	Empirical Results
RSA-2048 (x86, Libgcrypt)	Key extraction via SMC-enhanced cache profiling	$P_{det} ≈ 0.94–0.98$ , 1 trace: $\sim$ 63% bits, 10 traces: $\geq$ 70% (Son et al., 8 Feb 2025)
JIT Java AES (ARM)	Bitwise partial key recovery via Evict+Reload	Upper 4 bits in $\approx$ 256 encryptions
AES DFA/BellCoRe (ARMv7-M, EMFI)	Full round/step skips, CRT recovery	DFA + EMFI enables classical attacks (Rivière et al., 2015)
Privilege Escalation	Skipping security checks/stack setup (ARMv7-M, EMFI)	Handler jump with elevated privileges
UI/keystroke monitoring (ARM)	Detect UI and keyboard activity via cache hits	Bandwidth: $1,140,650$ bits/s; error $\sim$ 1% (Lipp et al., 2015)

A plausible implication is that, in the absence of architectural countermeasures or access control on timing interfaces, cache attacks will remain viable against a wide range of targets, including cryptographic engines, privileged execution domains (e.g., ARM TrustZone), and user input channels.

5. Experimental Platforms and Quantitative Metrics

Instruction cache attacks have been empirically evaluated across multiple hardware and software platforms.

x86 (Intel Cascade Lake, AMD Ryzen): SMC-induced attacks measured at rdtsc resolutions ( $\sim$ 1–20 cycles). Enhanced Flush+iReload bandwidth: $450$–$670$ Kbit/s (error $0.4$– $0.9\%$ ); SNR $>10$ (Son et al., 8 Feb 2025).
ARMv7-M (EMFI): Pulse generators (<5 ps jitter), broadband amplifiers (400 MHz), near-field probes, and sub-nanosecond delay control yield $P_{fault} \approx 0.96$ on single-instruction-line faults (Rivière et al., 2015).
ARMv7-A/ARMv8-A: Consumer smartphones (OnePlus One, Samsung Galaxy S6, Alcatel A53), timing via perf_event_open, clock_gettime, or dedicated threads. Prime+Probe bandwidth: $\sim$ 13,600 bits/s; Flush+Reload: $1,140,650$ bits/s; Flush+Flush: $178,292$ bits/s, with error rates from $0.48\%$ to $3.8\%$ depending on attack variant (Lipp et al., 2015).

Threshold choices, SNR values, and required traces closely track cache design, timing interfaces, and noise factors specific to each architecture.

6. Countermeasures and Detection

Resistance to instruction cache attacks spans hardware, OS, and application levels.

Dynamic Detection (Intel, SMaCk): Machine clear events (MACHINE_CLEARS.SMC), stall counters, and decode queue bubbles are collected in sliding windows (100 ms). Normalized anomaly scores indicate attack state when exceeding thresholds. On Cascade Lake, Prime+iProbe_SMC detected with $99.4\%$ accuracy ( $F_1=0.99$ , $FPR=0.85\%$ ); Flush+iReload_SMC achieves $100\%$ detection. The overhead is minimal (<1% CPU) (Son et al., 8 Feb 2025).
Hardware mechanisms: Instruction-Set Architecture (ISA) extensions for randomised or partitioned instruction caches, automatic flushes on domain/context switches, and AES-AE support eliminate table-lookup timings. Prefetch disabling or instruction cache coloring may further reduce the attack surface (Lipp et al., 2015).
Operating system protections: Restriction of /proc/pid/pagemap, /proc/self/maps, and disabling content-based page deduplication limits adversarial discovery of address mappings. Enforcement of cache flushes and secrecy of shared binaries disrupts attack synchronization.
Application countermeasures: Application-level measures include constant-time, bit-sliced cryptographic implementations, insertion of dummy flows, and code layout partitioning. This suggests that performance cost and portability trade-offs are inherent for application designers.

Despite existing mitigations, the low performance overhead and broad applicability of instruction cache attacks underscore persistent architectural vulnerabilities.

7. Implications and Research Directions

Instruction cache attacks represent a powerful class of microarchitectural exploits with demonstrated capacity for information leakage, control-flow deviation, and privileged code monitoring, even in highly constrained or unprivileged execution environments. The increased precision obtained via SMC-induced timing on x86 and deterministic EMFI on ARM platforms enables high-bandwidth covert channels, efficient cryptographic key extraction, and subversion of control-flow and masking countermeasures.

A plausible implication is that, as processors maintain high levels of microarchitectural state for performance, side channels—especially those manifesting in instruction caches—will remain an enduring vector for attack. Defense will likely require cross-layer approaches, combining low-level hardware design alterations and robust OS/application policies, while balancing overhead, compatibility, and deployment feasibility (Son et al., 8 Feb 2025, Rivière et al., 2015, Lipp et al., 2015).

PDF Markdown Chat (Pro)

References (3)

SMaCk: Efficient Instruction Cache Attacks via Self-Modifying Code Conflicts (2025)

High Precision Fault Injections on the Instruction Cache of ARMv7-M Architectures (2015)

ARMageddon: Cache Attacks on Mobile Devices (2015)

Whiteboard

Generate a whiteboard explanation of this topic.

Topic to Video (Beta)

Generate a video overview of this topic.

Follow Topic

Get notified by email when new papers are published related to Instruction Cache Attacks.