This work challenges the validity of a recent occupancy-based side-channel attack—reported at USENIX Security 2025—that claims to recover AES keys from MIRAGE randomized caches. We construct a high-fidelity cache simulation model to rigorously analyze the attack’s underlying assumptions. Our analysis reveals that its success stems from the erroneous use of a fixed random seed, rendering cache eviction behavior deterministic and violating MIRAGE’s fundamental requirement of true randomness. Experiments confirm that when varying the seed across repeated executions, the correlation between AES table-access patterns and observed runtime vanishes entirely, causing the attack to fail. Thus, the reported key leakage is an artifact of flawed modeling—not an actual vulnerability in MIRAGE. To our knowledge, this is the first study to expose the critical sensitivity of such attacks to the implementation details of randomness; it establishes a vital methodological benchmark for evaluating the side-channel security of randomized cache defenses.

Recent work presented at USENIX Security 2025 claims that occupancy-based attacks can recover AES keys from the MIRAGE randomized cache. In this paper, we examine these claims and find that they arise from fundamental modeling flaws. Most critically, the authors' simulation of MIRAGE uses a constant seed to initialize the random number generator used for global evictions in MIRAGE, causing every AES encryption they trace to evict the same deterministic sequence of cache lines. This artificially creates a highly repeatable timing pattern that is not representative of a realistic implementation of MIRAGE, where eviction sequences vary randomly between encryptions. When we instead randomize the eviction seed for each run, reflecting realistic operation, the correlation between AES T-table accesses and attacker runtimes disappears, and the attack fails. These findings show that the reported leakage is an artifact of incorrect modeling, and not an actual vulnerability in MIRAGE.