Publication Type

Journal Article

Version

acceptedVersion

Publication Date

9-2022

Abstract

Graphics Processing Units (GPUs) are now a key component of many devices and systems, including those in the cloud and data centers, thus are also subject to side-channel attacks. Existing side-channel attacks on GPUs typically leak information from graphics libraries like OpenGL and CUDA, which require creating contentions within the GPU resource space and are being mitigated with software patches. This paper evaluates potential side channels exposed at a lower-level interface between GPUs and CPUs, namely the graphics interrupts. These signals could indicate unique signatures of GPU workload, allowing a spy process to infer the behavior of other processes. We demonstrate the practicality and generality of such side-channel exploitation with a variety of assumed attack scenarios. Simulations on both Nvidia and Intel graphics adapters showed that our attack could achieve high accuracy, while in-depth studies were also presented to explore the low-level rationale behind such effectiveness. On top of that, we further propose a practical mitigation scheme which protects GPU workloads against the graphics-interrupt-based side-channel attack by piggybacking mask payloads on them to generate interfering graphics interrupt “noises”. Experiments show that our mitigation technique effectively prohibited spy processes from inferring user behaviors via analyzing runtime patterns of graphics interrupt with only trivial overhead.

Keywords

Side-channel attacks, GPU, graphics interrupts, machine learning

Discipline

Graphics and Human Computer Interfaces

Research Areas

Cybersecurity

Publication

IEEE Transactions on Dependable and Secure Computing

Volume

19

Issue

5

First Page

3257

Last Page

3270

ISSN

1545-5971

Identifier

10.1109/TDSC.2021.3091159

Publisher

Institute of Electrical and Electronics Engineers

Download

Share

COinS