TID: Linux kernelmodule–flushes CPU cache after wiping sensitive data CLFLUSHOPT
TID is a new security protocol aimed at eliminating sensitive data from CPU caches after use. It effectively addresses vulnerabilities related to cache-based side-channel attacks, providing a significant latency barrier against potential attackers. The project is independent and requires sponsorship for ongoing research and validation efforts.
- ▪TID is designed to remove sensitive data remnants from CPU cache layers immediately after use.
- ▪It mitigates Flush+Reload and similar microarchitectural side-channel attacks.
- ▪The project utilizes optimized CPU instructions to ensure physical cache eviction.
Opening excerpt (first ~120 words) tap to expand
TID — The Instant Destroyer Independent security research in the field of protection against cache-based side-channel attacks. Overview TID is a specialized protocol designed to eliminate sensitive data remnants (such as cryptographic keys) from CPU cache layers ($L1, L2, \text{ and } L3$) immediately after use. It addresses a critical security gap where data persists in hardware structures even after being wiped from system memory (RAM). Key Achievements Verified Defense: Effectively mitigates Flush+Reload and similar microarchitectural side-channel attacks. Measurable Performance: * Unprotected Access: ~78 CPU cycles (Cache Hit). TID Protected Access: ~286 CPU cycles (Cache Miss). Security Margin: Provides a 3.7x latency barrier, successfully blinding potential attackers.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.