Cache side-channel attacks rely on the capability to observe cache hits/misses for a given set. Usually this is done via timing information, e.g. in flush+reload or prime+probe. Why is the performance monitoring function of CPUs, e.g. the Intel Processor Performance Monitoring not used for cache attacks?
As far as I understand, the performance counters give information about the number of cache misses/hits. Using this assumption could you observe if a certain cache set was replaced by the victim? The attacker accesses a certain memory address, and observes if the number of cache misses increased by 1 instead of measuring the access time in the probe phase of prime+probe.
Is the only reason that the the performance monitoring units do not provide high enough resolution?
1 Answer 1
Assuming Windows you cannot read the performance counters from user mode, you need a kernel module for that.
When you have the option to install a kernel module there are much easier ways than a cache attack to get information from other processes.