Confidentiality Issues on a GPU in a Virtualized Environment

详细信息    查看全文

• 作者：Clémentine Maurice (15) (16)
  Christoph Neumann (15)
  Olivier Heen (15)
  Aurélien Francillon (16)
  
• 关键词：GPU ; Security ; Cloud computing ; Information leakage
• 刊名：Lecture Notes in Computer Science
• 出版年：2014
• 出版时间：2014
• 年：2014
• 卷：1
• 期：1
• 页码：119-135
• 全文大小：624 KB
• 参考文献：1. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0946 (2012)
  2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4225 (2012)
  3. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0109 (2013)
  4. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0110 (2013)
  5. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0131 (2013)
  6. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. ACM SIGOPS Oper. Syst. Rev. 37(5), 164-77 (2003) CrossRef
  7. Becchi, M., Sajjapongse, K., Graves, I., Procter, A., Ravi, V., Chakradhar, S.: virtual memory based runtime to support multi-tenancy in clusters with GPUs. In: HPDC-2 (2012)
  8. Bernemann, A., Schreyer, R., Spanderen, K.: Pricing structured equity products on gpus. In: Workshop on High Performance Computational Finance (WHPCF-0) (2010)
  9. Bre?, S., Kiltz, S., Sch?ler, M.: Forensics on GPU coprocessing in databases - research challenges, first experiments, and countermeasures. In: Workshop on Databases in Biometrics, Forensics and Security Applications (2013)
  10. Chou, A., Yang, J., Chelf, B., Hallem, S., Engler, D.: An empirical study of operating systems errors. In: SOSP-1 (2001)
  11. Colp, P., Nanavati, M., Zhu, J., Aiello, W., Coker, G., Deegan, T., Loscocco, P., Warfield, A.: Breaking up is hard to do: security and functionality in a commodity hypervisor. In: SOSP-1 (2011)
  12. Di Pietro, R., Lombardi, F., Villani, A.: CUDA Leaks: Information Leakage in GPU Architectures (2013). arXiv:1305.7383v1
  13. Dowty, M., Sugerman, J.: GPU virtualization on VMware’s hosted I/O architecture. ACM SIGOPS Oper. Syst. Rev. 43(3), 73-2 (2009) CrossRef
  14. Envytools. https://github.com/envytools/envytools
  15. Giunta, G., Montella, R., Agrillo, G., Coviello, G.: A GPGPU transparent virtualization component for high performance computing clouds. In: D’Ambra, P., Guarracino, M., Talia, D. (eds.) Euro-Par 2010, Part I. LNCS, vol. 6271, pp. 379-91. Springer, Heidelberg (2010) CrossRef
  16. gKrypt Engine. http://gkrypt.com/
  17. Gupta, V., Gavrilovska, A., Schwan, K., Kharche, H., Tolia, N., Talwar, V., Ranganathan, P.: GViM: GPU-accelerated virtual machines. In: HPCVirt-9 (2009)
  18. Harnik, D., Pinkas, B., Shulman-peleg, A.: Side channels in cloud services, the case of deduplication in cloud storage. IEEE Secur. Priv. 8(6), 40-7 (2010) CrossRef
  19. Kato, S., McThrow, M., Maltzahn, C., Brandt, S.: Gdev: first-class GPU resource management in the operating system. In: USENIX ATC-2 (2012)
  20. Kerrisk, M.: Xdc 2012: Graphics stack security (2012). https://lwn.net/Articles/517375/
  21. Kivity, A., Kamay, Y., Laor, D., Lublin, U., Liguori, A.: kvm: the linux virtual machine monitor. In: Proceedings of the Linux Symposium, pp. 225-30 (2007)
  22. Kolb, C., Pharr, M.: GPU Gems 2, chapter Options Pricing on the GPU (2005)
  23. Kolivas, C.: cgminer. https://github.com/ckolivas/cgminer
  24. Ladakis, E., Koromilas, L., Vasiliadis, G., Polychronakis, M., Ioannidis, S.: You can type, but you can’t hide: a stealthy GPU-based keylogger. In: EuroSec-3 (2013)
  25. Lindholm, E., Nickolls, J., Oberman, S., Montrym, J.: Nvidia Tesla: a unified graphics and computing architecture. IEEE Micro 28(2), 39-5 (2008) CrossRef
  26. Lombardi, F., Di Pietro
• 作者单位：Clémentine Maurice (15) (16)
  Christoph Neumann (15)
  Olivier Heen (15)
  Aurélien Francillon (16)
  
  15. Technicolor, Rennes, France
  16. Eurecom, Sophia Antipolis, France
  
• ISSN：1611-3349

文摘

General-Purpose computing on Graphics Processing Units (GPGPU) combined to cloud computing is already a commercial success. However, there is little literature that investigates its security implications. Our objective is to highlight possible information leakage due to GPUs in virtualized and cloud computing environments. We provide insight into the different GPU virtualization techniques, along with their security implications. We systematically experiment and analyze the behavior of GPU global memory in the case of direct device assignment. We find that the GPU global memory is zeroed only in some configurations. In those configurations, it happens as a side effect of Error Correction Codes (ECC) and not for security reasons. As a consequence, an adversary can recover data of a previously executed GPGPU application in a variety of situations. These situations include setups where the adversary launches a virtual machine after the victim’s virtual machine using the same GPU, thus bypassing the isolation mechanisms of virtualization. Memory cleaning is not implemented by the GPU card itself and we cannot generally exclude the existence of data leakage in cloud computing environments. We finally discuss possible countermeasures for current GPU clouds users and providers.