- Joined
- Mar 3, 2018
- Messages
- 1,713
Researchers from The University of California, Riverside, published a paper detailing how an Nvidia GPU can be used to orchestrate a variety of attacks. In one attack, the researchers fed GPU memory allocation and performance counter data to a "machine learning based classifier," which accurately identified websites the victim was browsing. Other exploits were able to steal password information, or steal data from shared cloud instances. The research was tested with a Tesla K40, a Geforce GTX 745 and a Titan V, but the researchers noted that other Nvidia and AMD GPUs have similar performance counters. The exploits require a malicious application to be downloaded and run first, and Nvidia is already working on an option patch to disable the performance counters used in the attacks. They also sent a copy of the paper to AMD's and Intel's graphics departments, so that they can mitigate similar attacks. The full research paper is available for free.
In the second attack, the authors extracted user passwords. Each time the user types a character, the whole password textbox is uploaded to GPU as a texture to be rendered. Monitoring the interval time of consecutive memory allocation events leaked the number of password characters and inter-keystroke timing, well-established techniques for learning passwords.
The third attack targets a computational application in the cloud. The attacker launches a malicious computational workload on the GPU which operates alongside the victim’s application. Depending on neural network parameters, the intensity and pattern of contention on the cache, memory and functional units differ over time, creating measurable leakage. The attacker uses machine learning-based classification on performance counter traces to extract the victim’s secret neural network structure, such as number of neurons in a specific layer of a deep neural network.
In the second attack, the authors extracted user passwords. Each time the user types a character, the whole password textbox is uploaded to GPU as a texture to be rendered. Monitoring the interval time of consecutive memory allocation events leaked the number of password characters and inter-keystroke timing, well-established techniques for learning passwords.
The third attack targets a computational application in the cloud. The attacker launches a malicious computational workload on the GPU which operates alongside the victim’s application. Depending on neural network parameters, the intensity and pattern of contention on the cache, memory and functional units differ over time, creating measurable leakage. The attacker uses machine learning-based classification on performance counter traces to extract the victim’s secret neural network structure, such as number of neurons in a specific layer of a deep neural network.