Cryptology ePrint Archive: Report 2015/1155

Cross Processor Cache Attacks

Gorka Irazoqui and Thomas Eisenbarth and Berk Sunar

Abstract: Multi-processor systems are becoming the de-facto standard across di erent computing domains, ranging from high-end multi-tenant cloud servers to low-power mobile platforms. The denser integration of CPUs creates an opportunity for great economic savings achieved by packing processes of multiple tenants or by bundling all kinds of tasks at vari- ous privilege levels to share the same platform. This level of sharing carries with it a serious risk of leaking sensitive information through the shared microarchitectural compo- nents. Microarchitectural attacks initially only exploited core-private resources, but were quickly generalized to re- sources shared within the CPU. We present the first fine grain side channel attack that works across processors. The attack does not require CPU co- location of the attacker and the victim. The novelty of the proposed work is that, for the fi rst time the directory protocol of high efficiency CPU interconnects is targeted. The directory protocol is common to all modern multi-CPU systems. Examples include AMD's HyperTransport, Intel's Quickpath, and ARM's AMBA Coherent Interconnect. The proposed attack does not rely on any speci c characteristic of the cache hierarchy, e.g. inclusiveness. Note that in- clusiveness was assumed in all earlier works. Furthermore, the viability of the proposed covert channel is demonstrated with two new attacks: by recovering a full AES key in OpenSSL, and a full ElGamal key in libgcrypt within the range of seconds on a shared AMD Opteron server.

Category / Keywords: Invalidate+Transfer, Cross-CPU attack, HyperTransport, cache attacks

Original Publication (with minor differences): AsiaCCS 2016

Date: received 28 Nov 2015, last revised 11 Mar 2016

Contact author: teisenbarth at wpi edu

Available format(s): PDF | BibTeX Citation

Version: 20160311:145453 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]