Visible to the public Side Channel Attacks in Computation Offloading Systems with GPU Virtualization

TitleSide Channel Attacks in Computation Offloading Systems with GPU Virtualization
Publication TypeConference Paper
Year of Publication2019
AuthorsLiu, Sihang, Wei, Yizhou, Chi, Jianfeng, Shezan, Faysal Hossain, Tian, Yuan
Conference Name2019 IEEE Security and Privacy Workshops (SPW)
PublisherIEEE
ISBN Number978-1-7281-3508-3
Keywordscloud, cloud computing, composability, computation offloading systems, computation performance, cryptography, GPU systems, GPU vendors, GPU virtualization, graphics processing units, high-performance GPUs, Human Behavior, human factors, intensive computation, Internet of Things, IoT, Kernel, learning (artificial intelligence), Libraries, Metrics, mobile computing, mobile systems, operating system, privacy, pubcrawl, resilience, Resiliency, Runtime, side channel attack, side channel attacks, side-channel attacks, virtual machine, virtual machines, virtualisation, virtualization, virtualization privacy
Abstract

The Internet of Things (IoT) and mobile systems nowadays are required to perform more intensive computation, such as facial detection, image recognition and even remote gaming, etc. Due to the limited computation performance and power budget, it is sometimes impossible to perform these workloads locally. As high-performance GPUs become more common in the cloud, offloading the computation to the cloud becomes a possible choice. However, due to the fact that offloaded workloads from different devices (belonging to different users) are being computed in the same cloud, security concerns arise. Side channel attacks on GPU systems have been widely studied, where the threat model is the attacker and the victim are running on the same operating system. Recently, major GPU vendors have provided hardware and library support to virtualize GPUs for better isolation among users. This work studies the side channel attacks from one virtual machine to another where both share the same physical GPU. We show that it is possible to infer other user's activities in this setup and can further steal others deep learning model.

URLhttps://ieeexplore.ieee.org/document/8844612/
DOI10.1109/SPW.2019.00037
Citation Keyliu_side_2019