UC Riverside

Graphics Processing Units (GPUs) were introduced as peripheral devices for accelerating graphics and multi-media workloads. The inherent parallel computational model of graphics rendering makes GPUs suited for other workloads that operate on massive data and that are throughput oriented. To enable such general purpose applications to leverage GPUs, Nvidia introduced Compute Unified Device Architecture (CUDA) that allowed general purpose computing on GPUs. GPUs are currently ubiquitous in all computing platforms, from portable devices to high-end servers on the cloud. Customarily, GPUs are available in a discrete form where the GPUs are connected to rest of the system as a peripheral device with its own separate memory.

This dissertation explores the security of emerging classes of GPUs to a type of microarchitectural attacks -- those targeting the architecture of the computing devices-- called covert- and side-channel attacks. The last decade has seen a rise in these types of attacks, primarily targeting CPU microarchitectural structures. Specifically, in these attacks an attacker uses malicious software that exploits resource sharing on the underlying architecture to either communicate secret data through covert channel or to extract information from the victim application indirectly by observing measurable contention. While the majority of these attacks have targeted conventional CPU resources, some recent work has shown that GPUs are also vulnerable to this type of attack.

This dissertation explores the feasibility of these attacks, and demonstrates several end to end attacks in two emerging GPU domains: (1) Integrated GPUs: GPUs are also increasingly offered as integrated processors on the same chip as CPUs, enabling lower form factors and cost, while providing support for multi-media workloads which are important for consumer machines. Chip manufacturers like Intel have GPU integrated in the same die as the CPU. GPUs are currently available in distributed form as well where multiple GPUs are connected by proprietary connectors. We show that attacks from the GPU on the CPU and vice versa are possible in these environments. To enable these attacks, we have to solve a number of unique challenges many of which originate due to the heterogeneous view of the shared resources between the CPU and integrated GPU. This is the first known attack of this type that crosses heterogeneous components, which has important implications to future heterogeneous computing designs; and (2) Multi-GPU high performance servers: on the other end, there is an emerging class of multi-GPU systems targeted at high-performance applications in general, and machine learning workloads in particular. We demonstrate a number of covert and side-channel attacks on this type of environment, exploiting remote sharing of GPU caches. Our cache based covert channel obtained a bandwidth of 120 KB/s and 3.2 MB/s in the integrated and distributed GPU settings. We have also demonstrated side channel attacks in both the computing environments. Our work substantially expands our understanding of the threat models facing these important and emerging systems, and helps define how future systems should be built to mitigate these attacks.