Cross Processor Cache Attacks

Gorka Irazoqui, Thomas Eisenbarth, Berk Sunar


Multi-processor systems are becoming the de-facto standardacross different computing domains, ranging from high-endmulti-tenant cloud servers to low-power mobile platforms.The denser integration of CPUs creates an opportunity forgreat economic savings achieved by packing processes of multiple tenants or by bundling all kinds of tasks at vari-ous privilege levels to share the same platform. This levelof sharing carries with it a serious risk of leaking sensitiveinformation through the shared microarchitectural compo-nents. Microarchitectural attacks initially only exploitedcore-private resources, but were quickly generalized to re-sources shared within the CPU.

We present the first fine grain side channel attack that worksacross processors. The attack does not require CPU co-location of the attacker and the victim. The novelty of the proposed work is that, for the first time the directoryprotocol of high efficiency CPU interconnects is targeted.The directory protocol is common to all modern multi-CPUsystems. Examples include AMD’s HyperTransport , Intel’s Quickpath , and ARM’s AMBA Coherent Interconnect . Theproposed attack does not rely on any specific characteristicof the cache hierarchy, e.g. inclusiveness. Note that in-clusiveness was assumed in all earlier works. Furthermore,the viability of the proposed covert channel is demonstratedwith two new attacks: by recovering a full AES key inOpenSSL, and a full ElGamal key in libgcrypt within therange of seconds on a shared AMD Opteron server.
Original languageEnglish
Title of host publicationProceedings of the 11th ACM on Asia Conference on Computer and Communications Security
Number of pages12
Place of PublicationNew York, NY, USA
Publication date2016
ISBN (Print)978-1-4503-4233-9
Publication statusPublished - 2016
Event11th ACM on Asia Conference on Computer and Communications Security - Xi'an, China
Duration: 30.05.201603.06.2016


Dive into the research topics of 'Cross Processor Cache Attacks'. Together they form a unique fingerprint.

Cite this