The paper by Dag Arne Osvik, Adi Shamir, and Eran Tromer explores software side-channel attacks that leverage the state of the CPU's memory cache to reveal memory access patterns, which can be used for cryptanalysis of cryptographic primitives that use data-dependent table lookups. These attacks can exploit inter-process leakage, allowing an unprivileged process to attack other processes running in parallel on the same processor, even with partitioning methods like memory protection, sandboxing, and virtualization. The authors demonstrate several methods to learn about another process's memory access patterns, including those that affect the cache state and those that investigate the cache state during or after encryption. They provide experimental demonstrations of these attacks on real systems, such as OpenSSL and Linux's dm-crypt encrypted partitions, where the full key can be recovered after just 800 writes to the partition, taking 65 milliseconds. One variant of the attack can extract the key without knowledge of either the plaintext or ciphertext, making it an unusually strong form of attack. The paper also discusses countermeasures to mitigate such attacks and reviews related works on cross-process leakage via cache state.The paper by Dag Arne Osvik, Adi Shamir, and Eran Tromer explores software side-channel attacks that leverage the state of the CPU's memory cache to reveal memory access patterns, which can be used for cryptanalysis of cryptographic primitives that use data-dependent table lookups. These attacks can exploit inter-process leakage, allowing an unprivileged process to attack other processes running in parallel on the same processor, even with partitioning methods like memory protection, sandboxing, and virtualization. The authors demonstrate several methods to learn about another process's memory access patterns, including those that affect the cache state and those that investigate the cache state during or after encryption. They provide experimental demonstrations of these attacks on real systems, such as OpenSSL and Linux's dm-crypt encrypted partitions, where the full key can be recovered after just 800 writes to the partition, taking 65 milliseconds. One variant of the attack can extract the key without knowledge of either the plaintext or ciphertext, making it an unusually strong form of attack. The paper also discusses countermeasures to mitigate such attacks and reviews related works on cross-process leakage via cache state.