Walls Have Ears: Eavesdropping User Behaviors via Graphics-Interrupt-Based Side Channel

Abstract

Graphics Processing Units (GPUs) are now playing a vital role in many devices and systems including computing devices, data centers, and clouds, making them the next target of side-channel attacks. Unlike those targeting CPUs, existing side-channel attacks on GPUs exploited vulnerabilities exposed by application interfaces like OpenGL and CUDA, which can be easily mitigated with software patches. In this paper, we investigate the lower-level and native interface between GPUs and CPUs, i.e., the graphics interrupts, and evaluate the side channel they expose. Being an intrinsic profile in the communication between a GPU and a CPU, the pattern of graphics interrupts typically differs from one GPU workload to another, allowing a spy process to monitor interrupt statistics as a robust side channel to infer behavior of other processes. We demonstrate the practicality of such side-channel exploitations in a variety of attacking scenarios ranging from previously explored tasks of fingerprinting the document opened and the application launched, to distinguishing processes that generate seemingly identical displays. Our attack relies on system-level footprints rather than API-level ones and does not require injecting any payload into the GPU resource space to cause contentions. We evaluate our attacks and demonstrate that they could achieve high accuracy in the assumed attack scenarios. We also present in-depth studies to further analyze the low-level rationale behind such effectiveness.