CUDA Leaks: Information Leakage in GPU Architectures
This work addresses security risks for users of CUDA-based GPGPU computing, revealing previously unknown vulnerabilities that could compromise data privacy.
The paper discovered and demonstrated novel information leakage vulnerabilities in CUDA GPU architectures (Fermi and Kepler), showing they can be exploited to cause severe leaks, as proven with a GPU AES encryption case study.
Graphics Processing Units (GPUs) are deployed on most present server, desktop, and even mobile platforms. Nowadays, a growing number of applications leverage the high parallelism offered by this architecture to speed-up general purpose computation. This phenomenon is called GPGPU computing (General Purpose GPU computing). The aim of this work is to discover and highlight security issues related to CUDA, the most widespread platform for GPGPU computing. In particular, we provide details and proofs-of-concept about a novel set of vulnerabilities CUDA architectures are subject to, that could be exploited to cause severe information leak. Following (detailed) intuitions rooted on sound engineering security, we performed several experiments targeting the last two generations of CUDA devices: Fermi and Kepler. We discovered that these two families do suffer from information leakage vulnerabilities. In particular, some vulnerabilities are shared between the two architectures, while others are idiosyncratic of the Kepler architecture. As a case study, we report the impact of one of these vulnerabilities on a GPU implementation of the AES encryption algorithm. We also suggest software patches and alternative approaches to tackle the presented vulnerabilities. To the best of our knowledge this is the first work showing that information leakage in CUDA is possible using just standard CUDA instructions. We expect our work to pave the way for further research in the field.