GPUs: Excellent Performance, But What About Security?

By Sparsh Mittal

May 31, 2018

Editor’s note: CPU security has grabbed the tech world’s attention in the wake of the Meltdown and Spectre vulnerability discoveries, but with the rise of GPU-computing and heterogeneous computing, security is not just a central processor concern. Computer scientist Sparsh Mittal is pioneering research into GPU security and has offered this article as a synopsis of his Survey of Techniques for Improving Security of GPUs (coauthored with Abhinaya S B, Manish Reddy, and Irfan Ali).

Mittal also shared some additional context on why this issue would be of concern to HPC users and adminstrators.

“Large HPC systems/clusters are invariably shared among multiple users. Hence, the impact of “denial-of-service” attack, (which implies making GPU too busy to prevent it from servicing other users’ request) becomes high. This attack is relatively easy to launch, but as you can see from Table 9 of our paper, major operating systems, e.g., Windows 7/XP, Mac OS X and Redhat Linux do not offer protection from this attack,” he wrote via email.

“Another way to look at the impact on HPC consumers is: security comes at performance cost. For example, in existing GPUs, only one cudaContext can run at a time and thus, a data-leakage attack can obtain only the final snapshot of the previous process. However, to better utilize GPU resources, future GPUs may allow multiprogramming and thus, multiple kernels can run simultaneously on GPUs. However, this makes GPUs vulnerable to covert-channel attack, since an attacker can co-locate a trojan process which can leak the data of a running process.”

GPUs, which were originally used for a narrow range of graphics applications, are now spreading their wings to a broad spectrum of compute-intensive and mission-critical applications, most notably, cryptography, finance, health, space and defense. After passing the initial ‘rounds’ of scrutiny on the metrics of performance and energy, it is time that GPUs face and pass the test on the metric of security, which is especially crucial in mission-critical applications.

The ESEA company incident

Recently, a malicious person hid a bitcoin miner in ESEA (a video game service) software. This miner used the GPUs in users’ machines to earn cryptocurrency without their knowledge. The miner overheated and harmed the machines by overloading the GPUs.

Security threats are real and far-reaching!

While overloading others’ GPUs is certainly a threat, there are other, even more severe, threats which have been recently brought to light. For example, in GPU memories, such as global, shared and local memory, deallocated data are not erased. This can allow a malicious agent to launch an information leakage attack and leak sensitive data such as credit card numbers and email contents from remnant data in GPU memory. Similarly, an attacker can guess the opened tabs from Google chrome, figure-portions from recently-opened Adobe Reader documents and portions of images from MATLAB.

To allow sharing GPUs among multiple users, major cloud services provide GPU computing platforms. However, different users in the cloud computing scenario may not trust other. For example, an adversary can rent a GPU-based virtual machine (VM) and leak information of users using other VMs on the same system via GPU memory. Clearly, with GPU virtualization approach, the risks of information-leakage are even higher than that with native execution.

Further, in the absence of rigorous memory-access protection mechanisms, an adversary can launch buffer overflow attack (e.g., stack overflow and heap overflow) for corrupting sensitive data or changing the execution flow. Also, since WebGL allows browsers to utilize GPUs for accelerating webpage rendering, an attacker can launch denial-of-service attack by enticing a user to open a malicious website which overloads user’s GPUs. Furthermore, GPUs may host malware such as keyboard loggers that stealthily log keyboard activity for stealing sensitive data.

In fact, due to their computational capabilities, GPUs are used for accelerating encryption algorithms such as AES (advanced encryption standard). However, while GPU is performing encryption, an attacker can leak the key by launching a side-channel attack. For example, he can leverage the correlation between execution time and shared-memory conflicts or the number of coalesced accesses sent to global memory. Our recent survey paper reviews all these attacks, along with their countermeasures in more detail.

Security through obscurity: a mixed blessing

GPU vendors take “security-through-obscurity approach” for securing GPUs. While lack of knowledge about GPU microarchitecture makes it difficult for malicious agents to launch an attack, it also makes it difficult for researchers to propose security solutions. Evidently, security-through-obscurity approach, per se, is not sufficient for ensuring GPU security.

CPU based solutions: not enough

The decades of research on CPU security may be useful, but not sufficient, for designing GPU security solutions. After launching the program on the GPU, the CPU remains isolated and thus, it cannot monitor the execution of GPU. Hence, security mechanisms proposed on CPUs, such as a CPU taint-tracking scheme may not work for GPUs. For example, they may not detect a GPU-resident malware and thus, an attacker can load a compressed/encrypted code on GPU and then call a GPU kernel to quickly unpack/decrypt the code which starts working as a malware. Similarly, since a sharp increase in GPU load is likely to go undetected more easily compared to that in CPU load, a GPU malware is stealthier. Clearly, we need novel, GPU-specific solutions for ensuring its security.

The silver lining

Although these threats exist, there are also reasons which make it difficult to attack a GPU. With its huge number of threads, GPU can simultaneously perform multiple encryptions and hence, the timing of individual encryptions cannot be measured. This makes it more difficult to form accurate timing side-channel. Also, in a cloud environment, both the cloud and GPU architectures offer layers of obscurity which makes it difficult to launch an attack on GPUs. Further, some of the vulnerabilities in earlier GPU hardware/drivers have been addressed in their recent versions.

Nonetheless, the task of securing GPUs is a never-ending one since, while some researchers design a secure GPU or propose a security technique, others point out its vulnerabilities. Since even one loophole in security can be exploited to take full-control of the system, the goal of security requires the architects to be always on vigil!

Implications on the future processing units (PUs)

With the era of AI ushering in, nearly every leading vendor is designing their own custom PUs for accelerating AI applications, such as the tensor processing unit (TPU) from Google. Just as GPUs rose to prominence in the last decade, these PUs are also expected to break previous performance records in very near future. But before we get too far optimizing these PUs for performance, it is imperative that we design them with security as the first-class design constraint, instead of retrofitting for it. The experiences of and failures in securing GPUs can teach us a lot in this regard. Let us learn from the history, instead of repeating it!

About the Author

Sparsh Mittal received the B.Tech. degree in electronics and communications engineering from IIT, Roorkee, India and the Ph.D. degree in computer engineering from Iowa State University (ISU), USA. He worked as a Post-Doctoral Research Associate at Oak Ridge National Lab (ORNL), USA for 3 years. He is currently working as an assistant professor at IIT Hyderabad, India. He was the graduating topper of his batch in B.Tech and has received fellowship from ISU and performance award from ORNL. Sparsh has published more than 70 papers in top conferences and journals. His research interests include accelerators for machine learning, non-volatile memory, and GPU architectures. His webpage is http://www.iith.ac.in/~sparsh/

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

ORNL Helps Identify Challenges of Extremely Heterogeneous Architectures

March 21, 2019

Exponential growth in classical computing over the last two decades has produced hardware and software that support lightning-fast processing speeds, but advancements are topping out as computing architectures reach thei Read more…

By Laurie Varma

Interview with 2019 Person to Watch Jim Keller

March 21, 2019

On the heels of Intel's reaffirmation that it will deliver the first U.S. exascale computer in 2021, which will feature the company's new Intel Xe architecture, we bring you our interview with our 2019 Person to Watch Jim Keller, head of the Silicon Engineering Group at Intel. Read more…

By HPCwire Editorial Team

What’s New in HPC Research: TensorFlow, Buddy Compression, Intel Optane & More

March 20, 2019

In this bimonthly feature, HPCwire highlights newly published research in the high-performance computing community and related domains. From parallel programming to exascale to quantum computing, the details are here. Read more…

By Oliver Peckham

HPE Extreme Performance Solutions

HPE and Intel® Omni-Path Architecture: How to Power a Cloud

Learn how HPE and Intel® Omni-Path Architecture provide critical infrastructure for leading Nordic HPC provider’s HPCFLOW cloud service.

powercloud_blog.jpgFor decades, HPE has been at the forefront of high-performance computing, and we’ve powered some of the fastest and most robust supercomputers in the world. Read more…

IBM Accelerated Insights

Insurance: Where’s the Risk?

Insurers are facing extreme competitive challenges in their core businesses. Property and Casualty (P&C) and Life and Health (L&H) firms alike are highly impacted by the ongoing globalization, increasing regulation, and digital transformation of their client bases. Read more…

At GTC: Nvidia Expands Scope of Its AI and Datacenter Ecosystem

March 19, 2019

In the high-stakes race to provide the AI life-cycle solution of choice, three of the biggest horses in the field are IBM, Intel and Nvidia. While the latter is only a fraction of the size of its two bigger rivals, and has been in business for only a fraction of the time, Nvidia continues to impress with an expanding array of new GPU-based hardware, software, robotics, partnerships and... Read more…

By Doug Black

At GTC: Nvidia Expands Scope of Its AI and Datacenter Ecosystem

March 19, 2019

In the high-stakes race to provide the AI life-cycle solution of choice, three of the biggest horses in the field are IBM, Intel and Nvidia. While the latter is only a fraction of the size of its two bigger rivals, and has been in business for only a fraction of the time, Nvidia continues to impress with an expanding array of new GPU-based hardware, software, robotics, partnerships and... Read more…

By Doug Black

Nvidia Debuts Clara AI Toolkit with Pre-Trained Models for Radiology Use

March 19, 2019

AI’s push into healthcare got a boost yesterday with Nvidia’s release of the Clara Deploy AI toolkit which includes 13 pre-trained models for use in radiolo Read more…

By John Russell

It’s Official: Aurora on Track to Be First US Exascale Computer in 2021

March 18, 2019

The U.S. Department of Energy along with Intel and Cray confirmed today that an Intel/Cray supercomputer, "Aurora," capable of sustained performance of one exaf Read more…

By Tiffany Trader

Why Nvidia Bought Mellanox: ‘Future Datacenters Will Be…Like High Performance Computers’

March 14, 2019

“Future datacenters of all kinds will be built like high performance computers,” said Nvidia CEO Jensen Huang during a phone briefing on Monday after Nvidia revealed scooping up the high performance networking company Mellanox for $6.9 billion. Read more…

By Tiffany Trader

Oil and Gas Supercloud Clears Out Remaining Knights Landing Inventory: All 38,000 Wafers

March 13, 2019

The McCloud HPC service being built by Australia’s DownUnder GeoSolutions (DUG) outside Houston is set to become the largest oil and gas cloud in the world th Read more…

By Tiffany Trader

Quick Take: Trump’s 2020 Budget Spares DoE-funded HPC but Slams NSF and NIH

March 12, 2019

U.S. President Donald Trump’s 2020 budget request, released yesterday, proposes deep cuts in many science programs but seems to spare HPC funding by the Depar Read more…

By John Russell

Nvidia Wins Mellanox Stakes for $6.9 Billion

March 11, 2019

The long-rumored acquisition of Mellanox came to fruition this morning with GPU chipmaker Nvidia’s announcement that it has purchased the high-performance net Read more…

By Doug Black

Optalysys Rolls Commercial Optical Processor

March 7, 2019

Optalysys, Ltd., a U.K. company seeking to advance it optical co-processor technology, moved a step closer this week with the unveiling of what it claims is th Read more…

By George Leopold

Quantum Computing Will Never Work

November 27, 2018

Amid the gush of money and enthusiastic predictions being thrown at quantum computing comes a proposed cold shower in the form of an essay by physicist Mikhail Read more…

By John Russell

The Case Against ‘The Case Against Quantum Computing’

January 9, 2019

It’s not easy to be a physicist. Richard Feynman (basically the Jimi Hendrix of physicists) once said: “The first principle is that you must not fool yourse Read more…

By Ben Criger

ClusterVision in Bankruptcy, Fate Uncertain

February 13, 2019

ClusterVision, European HPC specialists that have built and installed over 20 Top500-ranked systems in their nearly 17-year history, appear to be in the midst o Read more…

By Tiffany Trader

Intel Reportedly in $6B Bid for Mellanox

January 30, 2019

The latest rumors and reports around an acquisition of Mellanox focus on Intel, which has reportedly offered a $6 billion bid for the high performance interconn Read more…

By Doug Black

Why Nvidia Bought Mellanox: ‘Future Datacenters Will Be…Like High Performance Computers’

March 14, 2019

“Future datacenters of all kinds will be built like high performance computers,” said Nvidia CEO Jensen Huang during a phone briefing on Monday after Nvidia revealed scooping up the high performance networking company Mellanox for $6.9 billion. Read more…

By Tiffany Trader

Looking for Light Reading? NSF-backed ‘Comic Books’ Tackle Quantum Computing

January 28, 2019

Still baffled by quantum computing? How about turning to comic books (graphic novels for the well-read among you) for some clarity and a little humor on QC. The Read more…

By John Russell

Contract Signed for New Finnish Supercomputer

December 13, 2018

After the official contract signing yesterday, configuration details were made public for the new BullSequana system that the Finnish IT Center for Science (CSC Read more…

By Tiffany Trader

Deep500: ETH Researchers Introduce New Deep Learning Benchmark for HPC

February 5, 2019

ETH researchers have developed a new deep learning benchmarking environment – Deep500 – they say is “the first distributed and reproducible benchmarking s Read more…

By John Russell

Leading Solution Providers

SC 18 Virtual Booth Video Tour

Advania @ SC18 AMD @ SC18
ASRock Rack @ SC18
DDN Storage @ SC18
HPE @ SC18
IBM @ SC18
Lenovo @ SC18 Mellanox Technologies @ SC18
NVIDIA @ SC18
One Stop Systems @ SC18
Oracle @ SC18 Panasas @ SC18
Supermicro @ SC18 SUSE @ SC18 TYAN @ SC18
Verne Global @ SC18

IBM Quantum Update: Q System One Launch, New Collaborators, and QC Center Plans

January 10, 2019

IBM made three significant quantum computing announcements at CES this week. One was introduction of IBM Q System One; it’s really the integration of IBM’s Read more…

By John Russell

IBM Bets $2B Seeking 1000X AI Hardware Performance Boost

February 7, 2019

For now, AI systems are mostly machine learning-based and “narrow” – powerful as they are by today's standards, they're limited to performing a few, narro Read more…

By Doug Black

The Deep500 – Researchers Tackle an HPC Benchmark for Deep Learning

January 7, 2019

How do you know if an HPC system, particularly a larger-scale system, is well-suited for deep learning workloads? Today, that’s not an easy question to answer Read more…

By John Russell

HPC Reflections and (Mostly Hopeful) Predictions

December 19, 2018

So much ‘spaghetti’ gets tossed on walls by the technology community (vendors and researchers) to see what sticks that it is often difficult to peer through Read more…

By John Russell

Arm Unveils Neoverse N1 Platform with up to 128-Cores

February 20, 2019

Following on its Neoverse roadmap announcement last October, Arm today revealed its next-gen Neoverse microarchitecture with compute and throughput-optimized si Read more…

By Tiffany Trader

It’s Official: Aurora on Track to Be First US Exascale Computer in 2021

March 18, 2019

The U.S. Department of Energy along with Intel and Cray confirmed today that an Intel/Cray supercomputer, "Aurora," capable of sustained performance of one exaf Read more…

By Tiffany Trader

Move Over Lustre & Spectrum Scale – Here Comes BeeGFS?

November 26, 2018

Is BeeGFS – the parallel file system with European roots – on a path to compete with Lustre and Spectrum Scale worldwide in HPC environments? Frank Herold Read more…

By John Russell

France to Deploy AI-Focused Supercomputer: Jean Zay

January 22, 2019

HPE announced today that it won the contract to build a supercomputer that will drive France’s AI and HPC efforts. The computer will be part of GENCI, the Fre Read more…

By Tiffany Trader

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This