Side Channel Attacks in Computation Offloading Systems with GPU Virtualization

2019 IEEE Security and Privacy Workshops (SPW) Pub Date : 2019-05-19 DOI:10.1109/SPW.2019.00037

Sihang Liu, Yizhou Wei, Jianfeng Chi, F. H. Shezan, Yuan Tian

{"title":"Side Channel Attacks in Computation Offloading Systems with GPU Virtualization","authors":"Sihang Liu, Yizhou Wei, Jianfeng Chi, F. H. Shezan, Yuan Tian","doi":"10.1109/SPW.2019.00037","DOIUrl":null,"url":null,"abstract":"The Internet of Things (IoT) and mobile systems nowadays are required to perform more intensive computation, such as facial detection, image recognition and even remote gaming, etc. Due to the limited computation performance and power budget, it is sometimes impossible to perform these workloads locally. As high-performance GPUs become more common in the cloud, offloading the computation to the cloud becomes a possible choice. However, due to the fact that offloaded workloads from different devices (belonging to different users) are being computed in the same cloud, security concerns arise. Side channel attacks on GPU systems have been widely studied, where the threat model is the attacker and the victim are running on the same operating system. Recently, major GPU vendors have provided hardware and library support to virtualize GPUs for better isolation among users. This work studies the side channel attacks from one virtual machine to another where both share the same physical GPU. We show that it is possible to infer other user's activities in this setup and can further steal others deep learning model.","PeriodicalId":125351,"journal":{"name":"2019 IEEE Security and Privacy Workshops (SPW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Security and Privacy Workshops (SPW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SPW.2019.00037","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

The Internet of Things (IoT) and mobile systems nowadays are required to perform more intensive computation, such as facial detection, image recognition and even remote gaming, etc. Due to the limited computation performance and power budget, it is sometimes impossible to perform these workloads locally. As high-performance GPUs become more common in the cloud, offloading the computation to the cloud becomes a possible choice. However, due to the fact that offloaded workloads from different devices (belonging to different users) are being computed in the same cloud, security concerns arise. Side channel attacks on GPU systems have been widely studied, where the threat model is the attacker and the victim are running on the same operating system. Recently, major GPU vendors have provided hardware and library support to virtualize GPUs for better isolation among users. This work studies the side channel attacks from one virtual machine to another where both share the same physical GPU. We show that it is possible to infer other user's activities in this setup and can further steal others deep learning model.

查看原文本刊更多论文

GPU虚拟化计算分流系统中的侧信道攻击

如今的物联网(IoT)和移动系统需要进行更密集的计算，例如面部检测，图像识别甚至远程游戏等。由于计算性能和功耗预算有限，有时无法在本地执行这些工作负载。随着高性能gpu在云中变得越来越普遍，将计算卸载到云中成为一种可能的选择。但是，由于在同一云中计算来自不同设备(属于不同用户)的卸载工作负载，因此会出现安全问题。针对GPU系统的侧信道攻击已经被广泛研究，其中的威胁模型是攻击者和受害者在同一操作系统上运行。最近，主要的GPU供应商已经提供了硬件和库支持来虚拟化GPU，以便在用户之间更好地隔离。这项工作研究了从一个虚拟机到另一个共享相同物理GPU的虚拟机的侧信道攻击。我们表明，在这种设置中可以推断其他用户的活动，并可以进一步窃取其他深度学习模型。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 IEEE Security and Privacy Workshops (SPW)

自引率

0.00%

发文量