- Jul 5, 2013
- 20,537 (6.09/day)
That is incorrect. Section4, the very first sentence reads as follows; "Following most side-channel attacks, we assume the attacker can execute unprivileged native code on the target machine"' This directly implies physical access by a logged in user. Additionally, in the paragraph "User-Space Leakage" it states that "In the cross-process user-space scenario, an unprivileged attacker leaks values loaded or stored by another concurrently running user-space application. We consider such a cross-process scenario most dangerous for end users. Many secrets are likely to be found in user-space applications such as browsers. The attacker is co-located with the victim on the same physical but a different logical CPU core, a common case for hyperthreading." Network users login using a different protocol than physical access users. The user-space parameters effect side-channel access adversely.Physical access is not needed. Admin is. Remote or not is irrelevant.
Such requirements need physical access in the initial stage of any attack, whether by fully executing the attack in physical presence or by starting the attack with physical presence and handing off to a remote user. Regardless of the following stages of any attack, the use of this vulnerability requires physical access to the machine being attacked.