CAREER: Investigating and Mitigating Information Leakage Threats in Real-World GPU-as-a-Service (GPUaaS)

About This Grant

Graphics Processing Units (GPUs) have become indispensable for accelerating compute-intensive applications across various domains. To meet the surging demand for GPU computing power, many cloud service providers now offer GPU-as-a-Service (GPUaaS) through virtualization technologies that allow multiple users to efficiently share physical GPU resources. However, the security implications of GPU sharing, particularly the risks of sensitive information leakage between co-resident tenants, remain largely unexplored. This project undertakes a pioneering effort to understand and mitigate such risks. The project's novelties are the first investigation of previously unknown side-channel threats in GPUaaS, a comprehensive measurement study of GPU resource sharing policies in real-world deployments, and the development of practical countermeasures easily adoptable in today's cloud infrastructure. The project’s broader significance and importance are stronger data-privacy guarantees for cloud users and actionable security guidance for the fast-growing GPUaaS market. The research in this project proceeds through three interconnected thrusts. The first thrust seeks to break new ground by uncovering the first practical side-channel attacks in GPUaaS, which exploit GPU microarchitectural components, specifically caches and translation lookaside buffers (TLBs), to expose sensitive information from virtual desktop users and extract the proprietary design of neural networks during their inference process. The second thrust conducts systematic measurement studies to understand GPU resource management and co-residency patterns in public clouds, for which it develops novel virtualized GPU fingerprinting techniques and analyzes factors that influence the likelihood of tenants sharing the same physical GPU. The third thrust designs effective and practical countermeasures against the identified attacks, including a detection-based approach that repurposes CUDA unified virtual memory features to monitor GPU TLB activities and identify anomalies, and a moving target defense that leverages the non-linear address mapping properties of GPU caches to significantly increase the difficulty of constructing cache eviction sets. Alongside the research, the project also incorporates extensive educational activities and outreach efforts to enhance cybersecurity education and workforce development. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.