CUDA Leaks: Information Leakage in GPU Architectures

TL;DR

This paper uncovers security vulnerabilities in CUDA GPU architectures, demonstrating how information leaks can occur through standard instructions, and provides proofs-of-concept, impact analysis, and potential patches.

Contribution

It is the first work to show information leakage in CUDA via standard instructions, revealing vulnerabilities in Fermi and Kepler architectures with practical implications.

Findings

Identified information leakage vulnerabilities in CUDA architectures

Demonstrated leakage using experiments on Fermi and Kepler GPUs

Proposed software patches and mitigation strategies

Abstract

Graphics Processing Units (GPUs) are deployed on most present server, desktop, and even mobile platforms. Nowadays, a growing number of applications leverage the high parallelism offered by this architecture to speed-up general purpose computation. This phenomenon is called GPGPU computing (General Purpose GPU computing). The aim of this work is to discover and highlight security issues related to CUDA, the most widespread platform for GPGPU computing. In particular, we provide details and proofs-of-concept about a novel set of vulnerabilities CUDA architectures are subject to, that could be exploited to cause severe information leak. Following (detailed) intuitions rooted on sound engineering security, we performed several experiments targeting the last two generations of CUDA devices: Fermi and Kepler. We discovered that these two families do suffer from information leakage vulnerabilities. In particular, some vulnerabilities are shared between the two architectures, while others are idiosyncratic of the Kepler architecture. As a case study, we report the impact of one of these vulnerabilities on a GPU implementation of the AES encryption algorithm. We also suggest software patches and alternative approaches to tackle the presented vulnerabilities. To the best of our knowledge this is the first work showing that information leakage in CUDA is possible using just standard CUDA instructions. We expect our work to pave the way for further research in the field.