GPUs: Excellent Performance, But What About Security?

By Sparsh Mittal

May 31, 2018

Editor’s note: CPU security has grabbed the tech world’s attention in the wake of the Meltdown and Spectre vulnerability discoveries, but with the rise of GPU-computing and heterogeneous computing, security is not just a central processor concern. Computer scientist Sparsh Mittal is pioneering research into GPU security and has offered this article as a synopsis of his Survey of Techniques for Improving Security of GPUs (coauthored with Abhinaya S B, Manish Reddy, and Irfan Ali).

Mittal also shared some additional context on why this issue would be of concern to HPC users and adminstrators.

“Large HPC systems/clusters are invariably shared among multiple users. Hence, the impact of “denial-of-service” attack, (which implies making GPU too busy to prevent it from servicing other users’ request) becomes high. This attack is relatively easy to launch, but as you can see from Table 9 of our paper, major operating systems, e.g., Windows 7/XP, Mac OS X and Redhat Linux do not offer protection from this attack,” he wrote via email.

“Another way to look at the impact on HPC consumers is: security comes at performance cost. For example, in existing GPUs, only one cudaContext can run at a time and thus, a data-leakage attack can obtain only the final snapshot of the previous process. However, to better utilize GPU resources, future GPUs may allow multiprogramming and thus, multiple kernels can run simultaneously on GPUs. However, this makes GPUs vulnerable to covert-channel attack, since an attacker can co-locate a trojan process which can leak the data of a running process.”

GPUs, which were originally used for a narrow range of graphics applications, are now spreading their wings to a broad spectrum of compute-intensive and mission-critical applications, most notably, cryptography, finance, health, space and defense. After passing the initial ‘rounds’ of scrutiny on the metrics of performance and energy, it is time that GPUs face and pass the test on the metric of security, which is especially crucial in mission-critical applications.

The ESEA company incident

Recently, a malicious person hid a bitcoin miner in ESEA (a video game service) software. This miner used the GPUs in users’ machines to earn cryptocurrency without their knowledge. The miner overheated and harmed the machines by overloading the GPUs.

Security threats are real and far-reaching!

While overloading others’ GPUs is certainly a threat, there are other, even more severe, threats which have been recently brought to light. For example, in GPU memories, such as global, shared and local memory, deallocated data are not erased. This can allow a malicious agent to launch an information leakage attack and leak sensitive data such as credit card numbers and email contents from remnant data in GPU memory. Similarly, an attacker can guess the opened tabs from Google chrome, figure-portions from recently-opened Adobe Reader documents and portions of images from MATLAB.

To allow sharing GPUs among multiple users, major cloud services provide GPU computing platforms. However, different users in the cloud computing scenario may not trust other. For example, an adversary can rent a GPU-based virtual machine (VM) and leak information of users using other VMs on the same system via GPU memory. Clearly, with GPU virtualization approach, the risks of information-leakage are even higher than that with native execution.

Further, in the absence of rigorous memory-access protection mechanisms, an adversary can launch buffer overflow attack (e.g., stack overflow and heap overflow) for corrupting sensitive data or changing the execution flow. Also, since WebGL allows browsers to utilize GPUs for accelerating webpage rendering, an attacker can launch denial-of-service attack by enticing a user to open a malicious website which overloads user’s GPUs. Furthermore, GPUs may host malware such as keyboard loggers that stealthily log keyboard activity for stealing sensitive data.

In fact, due to their computational capabilities, GPUs are used for accelerating encryption algorithms such as AES (advanced encryption standard). However, while GPU is performing encryption, an attacker can leak the key by launching a side-channel attack. For example, he can leverage the correlation between execution time and shared-memory conflicts or the number of coalesced accesses sent to global memory. Our recent survey paper reviews all these attacks, along with their countermeasures in more detail.

Security through obscurity: a mixed blessing

GPU vendors take “security-through-obscurity approach” for securing GPUs. While lack of knowledge about GPU microarchitecture makes it difficult for malicious agents to launch an attack, it also makes it difficult for researchers to propose security solutions. Evidently, security-through-obscurity approach, per se, is not sufficient for ensuring GPU security.

CPU based solutions: not enough

The decades of research on CPU security may be useful, but not sufficient, for designing GPU security solutions. After launching the program on the GPU, the CPU remains isolated and thus, it cannot monitor the execution of GPU. Hence, security mechanisms proposed on CPUs, such as a CPU taint-tracking scheme may not work for GPUs. For example, they may not detect a GPU-resident malware and thus, an attacker can load a compressed/encrypted code on GPU and then call a GPU kernel to quickly unpack/decrypt the code which starts working as a malware. Similarly, since a sharp increase in GPU load is likely to go undetected more easily compared to that in CPU load, a GPU malware is stealthier. Clearly, we need novel, GPU-specific solutions for ensuring its security.

The silver lining

Although these threats exist, there are also reasons which make it difficult to attack a GPU. With its huge number of threads, GPU can simultaneously perform multiple encryptions and hence, the timing of individual encryptions cannot be measured. This makes it more difficult to form accurate timing side-channel. Also, in a cloud environment, both the cloud and GPU architectures offer layers of obscurity which makes it difficult to launch an attack on GPUs. Further, some of the vulnerabilities in earlier GPU hardware/drivers have been addressed in their recent versions.

Nonetheless, the task of securing GPUs is a never-ending one since, while some researchers design a secure GPU or propose a security technique, others point out its vulnerabilities. Since even one loophole in security can be exploited to take full-control of the system, the goal of security requires the architects to be always on vigil!

Implications on the future processing units (PUs)

With the era of AI ushering in, nearly every leading vendor is designing their own custom PUs for accelerating AI applications, such as the tensor processing unit (TPU) from Google. Just as GPUs rose to prominence in the last decade, these PUs are also expected to break previous performance records in very near future. But before we get too far optimizing these PUs for performance, it is imperative that we design them with security as the first-class design constraint, instead of retrofitting for it. The experiences of and failures in securing GPUs can teach us a lot in this regard. Let us learn from the history, instead of repeating it!

About the Author

Sparsh Mittal received the B.Tech. degree in electronics and communications engineering from IIT, Roorkee, India and the Ph.D. degree in computer engineering from Iowa State University (ISU), USA. He worked as a Post-Doctoral Research Associate at Oak Ridge National Lab (ORNL), USA for 3 years. He is currently working as an assistant professor at IIT Hyderabad, India. He was the graduating topper of his batch in B.Tech and has received fellowship from ISU and performance award from ORNL. Sparsh has published more than 70 papers in top conferences and journals. His research interests include accelerators for machine learning, non-volatile memory, and GPU architectures. His webpage is

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

Tribute: Dr. Bob Borchers, 1936-2018

June 21, 2018

Dr. Bob Borchers, a leader in the high performance computing community for decades, passed away peacefully in Maui, Hawaii, on June 7th. His memorial service will be held on June 22nd in Reston, Virginia. Dr. Borchers Read more…

By Ann Redelfs

ISC 2018 Preview from @hpcnotes

June 21, 2018

Prepare for your social media feed to be saturated with #HPC, #ISC18, #Top500, etc. Prepare for your mainstream media to talk about supercomputers (in between the hourly commentary on Brexit, the FIFA World Cup, or US pr Read more…

By Andrew Jones

AMD’s EPYC Road to Redemption in Six Slides

June 21, 2018

A year ago AMD returned to the server market with its EPYC processor line. The earth didn’t tremble but folks took notice. People remember the Opteron fondly but later versions of the Bulldozer line not so much. Fast f Read more…

By John Russell

HPE Extreme Performance Solutions

HPC and AI Convergence is Accelerating New Levels of Intelligence

Data analytics is the most valuable tool in the digital marketplace – so much so that organizations are employing high performance computing (HPC) capabilities to rapidly collect, share, and analyze endless streams of data. Read more…

IBM Accelerated Insights

Preview the World’s Smartest Supercomputer at ISC 2018

Introducing an accelerated IT infrastructure for HPC & AI workloads Read more…

Why Student Cluster Competitions are Better than World Cup

June 21, 2018

My last article about the ISC18 Student Cluster Competition, titled “World Cup is Lame Compared to This Competition”, may have implied that I believe Student Cluster Competitions are better than World Cup soccer in s Read more…

By Dan Olds

ISC 2018 Preview from @hpcnotes

June 21, 2018

Prepare for your social media feed to be saturated with #HPC, #ISC18, #Top500, etc. Prepare for your mainstream media to talk about supercomputers (in between t Read more…

By Andrew Jones

AMD’s EPYC Road to Redemption in Six Slides

June 21, 2018

A year ago AMD returned to the server market with its EPYC processor line. The earth didn’t tremble but folks took notice. People remember the Opteron fondly Read more…

By John Russell

European HPC Summit Week and PRACEdays 2018: Slaying Dragons and SHAPEing Futures One SME at a Time

June 20, 2018

The University of Ljubljana in Slovenia hosted the third annual EHPCSW18 and fifth annual PRACEdays18 events which opened May 29, 2018. The conference was chair Read more…

By Elizabeth Leake (STEM-Trek for HPCwire)

Cray Introduces All Flash Lustre Storage Solution Targeting HPC

June 19, 2018

Citing the rise of IOPS-intensive workflows and more affordable flash technology, Cray today introduced the L300F, a scalable all-flash storage solution whose p Read more…

By John Russell

Sandia to Take Delivery of World’s Largest Arm System

June 18, 2018

While the enterprise remains circumspect on prospects for Arm servers in the datacenter, the leadership HPC community is taking a bolder, brighter view of the x86 server CPU alternative. Amongst current and planned Arm HPC installations – i.e., the innovative Mont-Blanc project, led by Bull/Atos, the 'Isambard’ Cray XC50 going into the University of Bristol, and commitments from both Japan and France among others -- HPE is announcing that it will be supply the United States National Nuclear Security Administration (NNSA) with a 2.3 petaflops peak Arm-based system, named Astra. Read more…

By Tiffany Trader

The Machine Learning Hype Cycle and HPC

June 14, 2018

Like many other HPC professionals I’m following the hype cycle around machine learning/deep learning with interest. I subscribe to the view that we’re probably approaching the ‘peak of inflated expectation’ but not quite yet starting the descent into the ‘trough of disillusionment. This still raises the probability that... Read more…

By Dairsie Latimer

Xiaoxiang Zhu Receives the 2018 PRACE Ada Lovelace Award for HPC

June 13, 2018

Xiaoxiang Zhu, who works for the German Aerospace Center (DLR) and Technical University of Munich (TUM), was awarded the 2018 PRACE Ada Lovelace Award for HPC for her outstanding contributions in the field of high performance computing (HPC) in Europe. Read more…

By Elizabeth Leake

U.S Considering Launch of National Quantum Initiative

June 11, 2018

Sometime this month the U.S. House Science Committee will introduce legislation to launch a 10-year National Quantum Initiative, according to a recent report by Read more…

By John Russell

MLPerf – Will New Machine Learning Benchmark Help Propel AI Forward?

May 2, 2018

Let the AI benchmarking wars begin. Today, a diverse group from academia and industry – Google, Baidu, Intel, AMD, Harvard, and Stanford among them – releas Read more…

By John Russell

How the Cloud Is Falling Short for HPC

March 15, 2018

The last couple of years have seen cloud computing gradually build some legitimacy within the HPC world, but still the HPC industry lies far behind enterprise I Read more…

By Chris Downing

US Plans $1.8 Billion Spend on DOE Exascale Supercomputing

April 11, 2018

On Monday, the United States Department of Energy announced its intention to procure up to three exascale supercomputers at a cost of up to $1.8 billion with th Read more…

By Tiffany Trader

Deep Learning at 15 PFlops Enables Training for Extreme Weather Identification at Scale

March 19, 2018

Petaflop per second deep learning training performance on the NERSC (National Energy Research Scientific Computing Center) Cori supercomputer has given climate Read more…

By Rob Farber

Lenovo Unveils Warm Water Cooled ThinkSystem SD650 in Rampup to LRZ Install

February 22, 2018

This week Lenovo took the wraps off the ThinkSystem SD650 high-density server with third-generation direct water cooling technology developed in tandem with par Read more…

By Tiffany Trader

ORNL Summit Supercomputer Is Officially Here

June 8, 2018

Oak Ridge National Laboratory (ORNL) together with IBM and Nvidia celebrated the official unveiling of the Department of Energy (DOE) Summit supercomputer toda Read more…

By Tiffany Trader

Nvidia Responds to Google TPU Benchmarking

April 10, 2017

Nvidia highlights strengths of its newest GPU silicon in response to Google's report on the performance and energy advantages of its custom tensor processor. Read more…

By Tiffany Trader

Hennessy & Patterson: A New Golden Age for Computer Architecture

April 17, 2018

On Monday June 4, 2018, 2017 A.M. Turing Award Winners John L. Hennessy and David A. Patterson will deliver the Turing Lecture at the 45th International Sympo Read more…

By Staff

Leading Solution Providers

SC17 Booth Video Tours Playlist

Altair @ SC17


AMD @ SC17


ASRock Rack @ SC17

ASRock Rack



DDN Storage @ SC17

DDN Storage

Huawei @ SC17


IBM @ SC17


IBM Power Systems @ SC17

IBM Power Systems

Intel @ SC17


Lenovo @ SC17


Mellanox Technologies @ SC17

Mellanox Technologies

Microsoft @ SC17


Penguin Computing @ SC17

Penguin Computing

Pure Storage @ SC17

Pure Storage

Supericro @ SC17


Tyan @ SC17


Univa @ SC17


Google Chases Quantum Supremacy with 72-Qubit Processor

March 7, 2018

Google pulled ahead of the pack this week in the race toward "quantum supremacy," with the introduction of a new 72-qubit quantum processor called Bristlecone. Read more…

By Tiffany Trader

Google I/O 2018: AI Everywhere; TPU 3.0 Delivers 100+ Petaflops but Requires Liquid Cooling

May 9, 2018

All things AI dominated discussion at yesterday’s opening of Google’s I/O 2018 developers meeting covering much of Google's near-term product roadmap. The e Read more…

By John Russell

Pattern Computer – Startup Claims Breakthrough in ‘Pattern Discovery’ Technology

May 23, 2018

If it weren’t for the heavy-hitter technology team behind start-up Pattern Computer, which emerged from stealth today in a live-streamed event from San Franci Read more…

By John Russell

Nvidia Ups Hardware Game with 16-GPU DGX-2 Server and 18-Port NVSwitch

March 27, 2018

Nvidia unveiled a raft of new products from its annual technology conference in San Jose today, and despite not offering up a new chip architecture, there were still a few surprises in store for HPC hardware aficionados. Read more…

By Tiffany Trader

Part One: Deep Dive into 2018 Trends in Life Sciences HPC

March 1, 2018

Life sciences is an interesting lens through which to see HPC. It is perhaps not an obvious choice, given life sciences’ relative newness as a heavy user of H Read more…

By John Russell

Intel Pledges First Commercial Nervana Product ‘Spring Crest’ in 2019

May 24, 2018

At its AI developer conference in San Francisco yesterday, Intel embraced a holistic approach to AI and showed off a broad AI portfolio that includes Xeon processors, Movidius technologies, FPGAs and Intel’s Nervana Neural Network Processors (NNPs), based on the technology it acquired in 2016. Read more…

By Tiffany Trader

Google Charts Two-Dimensional Quantum Course

April 26, 2018

Quantum error correction, essential for achieving universal fault-tolerant quantum computation, is one of the main challenges of the quantum computing field and it’s top of mind for Google’s John Martinis. At a presentation last week at the HPC User Forum in Tucson, Martinis, one of the world's foremost experts in quantum computing, emphasized... Read more…

By Tiffany Trader

Cray Rolls Out AMD-Based CS500; More to Follow?

April 18, 2018

Cray was the latest OEM to bring AMD back into the fold with introduction today of a CS500 option based on AMD’s Epyc processor line. The move follows Cray’ Read more…

By John Russell

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This