ECE PhD Proposal Review: Majid Sabbagh

PhD Proposal Review: The perils of shared computing: A hardware security perspective

Majid Sabbagh

Location: Teams Link

Abstract: The enormous computation power of modern processors and accelerators has rendered them shared computing resources for multiple users and applications, both in the cloud and on the edge. Despite software techniques for security such as virtualization and containers, recently a new attack surface is emerging that pertains to the hardware vulnerabilities of shared computing resources, posing serious threats to shared computing.
Fault attacks (FAs) and Side-Channel Attacks (SCAs) are two hardware-oriented attacks that target the system implementations. FAs aim to tamper the integrity of application execution through different fault injection methods, to compromise the data or disrupt computation at run-time. SCAs exploit the information leakage of sensitive applications in physical parameters, such as power consumption, electromagnetic emanations, and timing, to breach the confidentiality of the application.

In this dissertation, we introduce a new class of FAs against Graphics Processing Units (GPUs), called overdrive fault attacks. We discover the security vulnerability of GPU’s voltage-frequency scaling (VFS) mechanism, a common feature to balance power consumption and performance. An out-of-specification configuration of GPU voltage and frequency can be set by an adversary on the host CPU, through the software interfaces to GPU’s power management units. This setting will cause timing violations for the computation and result in silent data corruptions (SDCs). We apply the overdrive fault attacks on two common victim applications. One is cryptographic applications accelerated by GPU. We launch a differential fault analysis (DFA) attack on an AES kernel running on an AMD RX 580 GPU and successfully recover the secret key. The other victim is deep neural network (DNN) inference. In modern GPUs that support multiple kernels, the adversary is able to track the execution of the victim DNN through shared resources and control the timing of fault injections precisely. We launch a successful attack on a convolutional neural network kernel running on an NVIDIA RTX 2080 SUPER GPU with misclassifications. We further study the characteristics of fault injections and the fault propagation through the network.
We evaluate a timing side-channel attack called Prime+Probe attack on Central Processing Units (CPUs) and propose a Side-Channel Attack DEtection Tool (SCADET). SCADET is a methodology and a tool that analyzes an x86 program’s memory accesses. It records and analyzes the memory accesses using dynamic binary instrumentation by running the program in a controlled environment to accurately identify the malicious access patterns corresponding to the Prime+Probe attack.
Finally, I propose an FPGA-based RISC-V processor prototype as an evaluation platform for various cache timing attacks and transient attacks, and implement a taint tracking-based countermeasure against transient attacks. For the first phase, we have ported spectre v1 and v2 and return-stack-buffer attack to the SonicBOOM RISC-V processor.