Hongyue Jin (Clemson University), Yanan Guo (University of Rochester), Zhenkai Zhang (Clemson University)
With the growing adoption of virtualized GPUs in cloud computing, the potential security implications associated with GPU sharing among multiple tenants have largely been overlooked. This paper takes a foundational step in revealing these risks by investigating information leakage through GPU microarchitectural components. Specifically, we develop a texttt{Prime+Probe} attack primitive tailored to the translation lookaside buffers (TLBs) in virtualized NVIDIA GPUs. We discuss several unique challenges posed by the GPU virtualization environment and demonstrate how our design effectively overcomes them. Leveraging this primitive, we conduct two cross-VM side-channel attack case studies in a cloud setting: a cheating exploit in the game Counter-Strike 2 that reveals hidden opponents and a website fingerprinting attack that identifies web pages browsed by users of virtual desktops. To the best of our knowledge, these are the first side-channel attacks demonstrated against virtualized GPUs in cloud settings, highlighting previously unknown security risks that warrant further investigation.