Beyond the Bridge: Contention-Based Covert and Side Channel Attacks on Multi-GPU Interconnect

• URL: http://arxiv.org/abs/2404.03877v2
• Date: Thu, 2 May 2024 05:35:36 GMT
• Title: Beyond the Bridge: Contention-Based Covert and Side Channel Attacks on Multi-GPU Interconnect
• Authors: Yicheng Zhang, Ravan Nazaraliyev, Sankha Baran Dutta, Nael Abu-Ghazaleh, Andres Marquez, Kevin Barker,
• Abstract summary: This study highlights the vulnerability of multi-GPU systems to covert and side channel attacks due to congestion on interconnects. An adversary can infer private information about a victim's activities by monitoring NVLink congestion without needing special permissions.
• Score: 4.573191891034322
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: High-speed interconnects, such as NVLink, are integral to modern multi-GPU systems, acting as a vital link between CPUs and GPUs. This study highlights the vulnerability of multi-GPU systems to covert and side channel attacks due to congestion on interconnects. An adversary can infer private information about a victim's activities by monitoring NVLink congestion without needing special permissions. Leveraging this insight, we develop a covert channel attack across two GPUs with a bandwidth of 45.5 kbps and a low error rate, and introduce a side channel attack enabling attackers to fingerprint applications through the shared NVLink interconnect.

Related papers

• NVBleed: Covert and Side-Channel Attacks on NVIDIA Multi-GPU Interconnect [4.573191891034322]
  We explore whether the interconnect on such systems can offer a novel source of leakage, enabling new forms of covert and side-channel attacks. We develop two end-to-end crossGPU side-channel attacks, including application fingerprinting and 3D graphics character identification within Blender. We also discover that leakage surprisingly occurs across Virtual Machines on the Google Cloud Platform.
  arXiv  Detail & Related papers  (2025-03-22T19:52:02Z)
• Derail Yourself: Multi-turn LLM Jailbreak Attack through Self-discovered Clues [88.96201324719205]
  This study exposes the safety vulnerabilities of Large Language Models (LLMs) in multi-turn interactions. We introduce ActorAttack, a novel multi-turn attack method inspired by actor-network theory.
  arXiv  Detail & Related papers  (2024-10-14T16:41:49Z)
• MeMoir: A Software-Driven Covert Channel based on Memory Usage [7.424928818440549]
  MeMoir is a novel software-driven covert channel that, for the first time, utilizes memory usage as the medium for the channel. We implement a machine learning-based detector that can predict whether an attack is present in the system with an accuracy of more than 95%. We introduce a noise-based countermeasure that effectively mitigates the attack while inducing a low power overhead in the system.
  arXiv  Detail & Related papers  (2024-09-20T08:10:36Z)
• Video-Infinity: Distributed Long Video Generation [73.30145218077074]
  Diffusion models have recently achieved remarkable results for video generation. Our method generates videos up to 2,300 frames in approximately 5 minutes, enabling long video generation at a speed 100 times faster than the prior methods.
  arXiv  Detail & Related papers  (2024-06-24T01:56:12Z)
• Amplifying Main Memory-Based Timing Covert and Side Channels using Processing-in-Memory Operations [6.709670986126109]
  We show that processing-in-memory (PiM) solutions provide a new way to directly access main memory, which malicious user applications can exploit. We introduce IMPACT, a set of high- throughput main memory-based timing attacks that leverage characteristics of PiM architectures to establish covert and side channels. Our results demonstrate that our covert channels achieve 12.87 Mb/s and 14.16 Mb/s communication throughput, respectively, which is up to 4.91x and 5.41x faster than the state-of-the-art main memory-based covert channels.
  arXiv  Detail & Related papers  (2024-04-17T11:48:14Z)
• Exploiting CPU Clock Modulation for Covert Communication Channel [0.3277163122167433]
  We unveil a novel covert channel exploiting the duty cycle modulation feature of modern x86 processors. Specifically, we illustrate how two collaborating processes, a sender and a receiver can manipulate this feature to transmit sensitive information surreptitiously. Our live system implementation demonstrates that this covert channel can achieve a data transfer rate of up to 55.24 bits per second.
  arXiv  Detail & Related papers  (2024-04-08T19:23:04Z)
• Blink: Link Local Differential Privacy in Graph Neural Networks via Bayesian Estimation [79.64626707978418]
  We propose using link local differential privacy over decentralized nodes to train graph neural networks. Our approach spends the privacy budget separately on links and degrees of the graph for the server to better denoise the graph topology. Our approach outperforms existing methods in terms of accuracy under varying privacy budgets.
  arXiv  Detail & Related papers  (2023-09-06T17:53:31Z)
• FusionAI: Decentralized Training and Deploying LLMs with Massive Consumer-Level GPUs [57.12856172329322]
  We envision a decentralized system unlocking the potential vast untapped consumer-level GPU. This system faces critical challenges, including limited CPU and GPU memory, low network bandwidth, the variability of peer and device heterogeneity.
  arXiv  Detail & Related papers  (2023-09-03T13:27:56Z)
• Secure Deep Learning-based Distributed Intelligence on Pocket-sized Drones [75.80952211739185]
  Palm-sized nano-drones are an appealing class of edge nodes, but their limited computational resources prevent running large deep-learning models onboard. Adopting an edge-fog computational paradigm, we can offload part of the computation to the fog; however, this poses security concerns if the fog node, or the communication link, can not be trusted. We propose a novel distributed edge-fog execution scheme that validates fog computation by redundantly executing a random subnetwork aboard our nano-drone.
  arXiv  Detail & Related papers  (2023-07-04T08:29:41Z)
• Visor: Privacy-Preserving Video Analytics as a Cloud Service [22.967107819620548]
  We present Visor, a system that provides confidentiality for the user's video stream as well as the ML models. Visor executes video pipelines in a hybrid TEE that spans both the CPU and GPU. It protects the pipeline against side-channel attacks induced by data-dependent access patterns of video modules.
  arXiv  Detail & Related papers  (2020-06-17T03:25:11Z)
• Serdab: An IoT Framework for Partitioning Neural Networks Computation across Multiple Enclaves [8.550865312110911]
  Serdab is a distributed orchestration framework for deploying deep neural network across multiple secure enclaves. Our partitioning strategy achieves up to 4.7x speedup compared to executing the entire neural network in one enclave.
  arXiv  Detail & Related papers  (2020-05-12T20:51:47Z)
• Decentralized Learning for Channel Allocation in IoT Networks over Unlicensed Bandwidth as a Contextual Multi-player Multi-armed Bandit Game [134.88020946767404]
  We study a decentralized channel allocation problem in an ad-hoc Internet of Things network underlaying on the spectrum licensed to a primary cellular network. Our study maps this problem into a contextual multi-player, multi-armed bandit game, and proposes a purely decentralized, three-stage policy learning algorithm through trial-and-error.
  arXiv  Detail & Related papers  (2020-03-30T10:05:35Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.