Paper 2015/1155

Cross Processor Cache Attacks

Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar


Multi-processor systems are becoming the de-facto standard across different computing domains, ranging from high-end multi-tenant cloud servers to low-power mobile platforms. The denser integration of CPUs creates an opportunity for great economic savings achieved by packing processes of multiple tenants or by bundling all kinds of tasks at vari- ous privilege levels to share the same platform. This level of sharing carries with it a serious risk of leaking sensitive information through the shared microarchitectural compo- nents. Microarchitectural attacks initially only exploited core-private resources, but were quickly generalized to re- sources shared within the CPU. We present the first fine grain side channel attack that works across processors. The attack does not require CPU co- location of the attacker and the victim. The novelty of the proposed work is that, for the first time the directory protocol of high efficiency CPU interconnects is targeted. The directory protocol is common to all modern multi-CPU systems. Examples include AMD's HyperTransport, Intel's Quickpath, and ARM's AMBA Coherent Interconnect. The proposed attack does not rely on any specic characteristic of the cache hierarchy, e.g. inclusiveness. Note that in- clusiveness was assumed in all earlier works. Furthermore, the viability of the proposed covert channel is demonstrated with two new attacks: by recovering a full AES key in OpenSSL, and a full ElGamal key in libgcrypt within the range of seconds on a shared AMD Opteron server.

Available format(s)
Publication info
Published elsewhere. Minor revision. AsiaCCS 2016
Invalidate+TransferCross-CPU attackHyperTransportcache attacks
Contact author(s)
teisenbarth @ wpi edu
2016-03-11: last of 2 revisions
2015-11-30: received
See all versions
Short URL
Creative Commons Attribution


      author = {Gorka Irazoqui and Thomas Eisenbarth and Berk Sunar},
      title = {Cross Processor Cache Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1155},
      year = {2015},
      doi = {10.1145/2897845.2897867},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.