This paper presents several software side-channel attacks that exploit memory cache state leakage between processes running on the same processor. These attacks reveal memory access patterns, which can be used to perform cryptanalysis on cryptographic primitives that use data-dependent table lookups. The attacks allow an unprivileged process to attack other processes, despite partitioning methods such as memory protection, sandboxing, and virtualization. Some methods only require the ability to trigger encryption or MAC services using an unknown key, such as encrypted disk partitions or secure network links. The paper describes an extremely strong attack that requires no knowledge of plaintexts or ciphertexts and works by monitoring the effect of the cryptographic process on the cache. The attacks are demonstrated on AES, with experiments showing their applicability to real systems like OpenSSL and Linux's dm-crypt encrypted partitions. For example, the full key can be recovered after 800 writes to the partition in 65 milliseconds. The paper also describes several countermeasures to mitigate such attacks. The paper shows how the structure of memory caches in modern CPUs causes subtle interactions between processes, leading to cross-process information leakage. While data in the cache is protected by virtual memory, metadata about the cache contents and memory access patterns is not fully protected. The paper describes methods for an attacker to learn about memory access patterns of another process, including methods that affect the cache state and measure the effect on encryption running time, and methods that investigate the cache state during or after encryption. These methods are shown to be effective and noise-resistant. The paper also describes a variant of the attack that extracts keys without knowledge of plaintexts or ciphertexts, which is an unusually strong form of attack. Implementing AES that is impervious to this attack is non-trivial, and various countermeasures are described and analyzed. The paper also discusses related works, including previous research on cache-based attacks.This paper presents several software side-channel attacks that exploit memory cache state leakage between processes running on the same processor. These attacks reveal memory access patterns, which can be used to perform cryptanalysis on cryptographic primitives that use data-dependent table lookups. The attacks allow an unprivileged process to attack other processes, despite partitioning methods such as memory protection, sandboxing, and virtualization. Some methods only require the ability to trigger encryption or MAC services using an unknown key, such as encrypted disk partitions or secure network links. The paper describes an extremely strong attack that requires no knowledge of plaintexts or ciphertexts and works by monitoring the effect of the cryptographic process on the cache. The attacks are demonstrated on AES, with experiments showing their applicability to real systems like OpenSSL and Linux's dm-crypt encrypted partitions. For example, the full key can be recovered after 800 writes to the partition in 65 milliseconds. The paper also describes several countermeasures to mitigate such attacks. The paper shows how the structure of memory caches in modern CPUs causes subtle interactions between processes, leading to cross-process information leakage. While data in the cache is protected by virtual memory, metadata about the cache contents and memory access patterns is not fully protected. The paper describes methods for an attacker to learn about memory access patterns of another process, including methods that affect the cache state and measure the effect on encryption running time, and methods that investigate the cache state during or after encryption. These methods are shown to be effective and noise-resistant. The paper also describes a variant of the attack that extracts keys without knowledge of plaintexts or ciphertexts, which is an unusually strong form of attack. Implementing AES that is impervious to this attack is non-trivial, and various countermeasures are described and analyzed. The paper also discusses related works, including previous research on cache-based attacks.