Modern computing platforms are becoming increasingly heterogeneous, combining a main processor with accelerators/co-processors to perform data-intensive computations. As the most common accelerator, Graphics Processing Units (GPUs) are widely integrated in all computing devices to enhance the performance of both graphics and computational workloads. GPUs as new components in heterogeneous systems introduce potential vulnerabilities and other security problems.
This dissertation studies the security of modern GPUs in terms of micro-architectural covert and side channels attacks and defenses. In micro-architectural attacks, information leakage is measured through processes interactions through the shared hardware resources on a processor.
The first contribution of my dissertation is a study of covert channel attacks on General Purpose GPUs (GPGPUs). I first reverse engineer the hardware scheduler to create co-residency between two malicious applications. I study contention and construct operational channels on different resources including caches, functional units and memory on three different Nvidia GPGPUs, obtaining error-free bandwidth of over 4 Mbps.
Next, I explore side channel attacks; a dangerous threat vector on GPUs where a malicious spy application can interleave execution with a victim application to extract sensitive information. I build three practical end-to-end attacks in both the graphics and the computational stacks on GPUs: 1) Website fingerprinting attack that identifies user browsing websites, 2) tracking user activity on web browsers that captures keystroke timing, and 3) Neural Network model extraction to reconstruct the internal structure of a neural network with high accuracy.
The third contribution of the dissertation is to study architectural mitigations to protect GPU-based systems against these attacks. I propose GPUGuard, a decision tree based detection and a hierarchical defense framework which isolates contending applications into separate security domains at different hierarchy levels to maximize sharing when it is safe, but to reliably close contention based channels when there is a possibility of such a channel.
The final contribution of my dissertation is an exploration of cross-component covert and side channel attacks in integrated CPU-GPU environments, exploiting the sharing of common resources among them. These attacks demonstrate the vital need to secure heterogeneous systems and components, and not just the CPUs, against microarchitectural attacks.