Computers at the University of California, Riverside for the first time revealed how easily attackers can use a computer graphics processing unit or a GPU, spy on web activities, stealing passwords, and switching to cloud-based applications.
Marlan and Rosemary Bourns College Computer Science Doctor Hoda Naghibijouibari and postdoctoral researcher Ajaia Neupane, together with associate professor Zhiyun Kian and Professor Nael Abu-Ghazaleh, audited Nvidia graphics graphics to demonstrate three attacks on graphics and graphics computers, and through them . The group believes this is the first report on general attacks on the side of the GPU.
All three attacks require the victim to first obtain a malicious program embedded in the downloaded application. The program was designed to spy on the victim's computer.
Web browsers use GPUs to display graphics on desktops, laptops, and smartphones. GPUs are also used to accelerate cloud applications and data centers. Web graphics can reveal user information and activities. Computer-enhanced GPUs include applications with sensitive data or algorithms that could be exposed to new attacks.
GPUs are typically programmed using application programming interfaces or APIs, such as OpenGL. OpenGL is available with any application on the desktop with user-level privileges, making all attacks more practical on the desktop. Since desktop or laptop computers come with installed graphic libraries and drivers, by default, an attack can easily be implemented using graphical APIs.
The first attack follows the activities of users on the web. When a victim opens a malicious application, she uses OpenGL to create a spy to terminate the behavior of the browser while using the GPU. Each web page has a unique clue in terms of using GPU memory due to the different number of objects and different sizes of objects being displayed. This signal is consistent over loading the same website several times and does not affect caching.
The researchers monitored the distribution of GPU memory over time or the GPU performance counter and fed these functions to classifiers based on machine learning, achieving a fingerprint with high precision. A spy can reliably receive all the event allocations to see what the user is doing on the Web.
In the second attack, the authors extracted user passwords. Each time a user enters a character, the entire password field is loaded into the GPU as the texture to be displayed. Monitoring the interval of successive memory allocation events has projected the number of password characters and a time interval, well-established password-learning techniques.
The third attack directs the cloud computing application. The attacker runs malicious computer workloads on the GPU that works along with the victim's application. Depending on the parameters of the neural network, the intensity and pattern of the cache memory and functional units differ in time, creating a measurable leak. The attacker uses a machine-based classification based on machine performance traces to extract the secret structure of the victim's neural network, such as the number of neurons in a particular layer of deep neural network.
The researchers discovered their findings by Nvidia, who said they intend to publish a patch that gives system administrators the ability to disable access to performance counters from the processor at the user level. They also shared a blueprint with AMD and Intel security teams to enable them to evaluate their GPUs against such vulnerabilities.
In the future, the group plans to test the performance of GPU side channel attacks on Android phones.
The work was published at the ACM SIGSAC Conference on Computer and Communications Security from October 15 to 19, 2018 in Toronto, Canada, "Rendered Insecure: GPU Side Channel Attacks Practical". The research was supported by the National Science Foundation Grant CNS-1619450.
Materials provided by University of California – Riverside. Original by Holly Ober. Note: The content can be edited for style and length.