acaces 2018 summer school gpu architectures basic to
play

ACACES 2018 Summer School GPU Architectures: Basic to Advanced - PowerPoint PPT Presentation

Jan 05, 2024 •90 likes •448 views

ACACES 2018 Summer School GPU Architectures: Basic to Advanced Concepts Adwait Jog, Assistant Professor College of William & Mary (http://adwaitjog.github.io/) Course Outline q Lectures 1 and 2: Basics Concepts Basics of GPU

  1. ACACES 2018 Summer School GPU Architectures: Basic to Advanced Concepts Adwait Jog, Assistant Professor College of William & Mary (http://adwaitjog.github.io/)

  2. Course Outline q Lectures 1 and 2: Basics Concepts ● Basics of GPU Programming ● Basics of GPU Architecture q Lecture 3: GPU Performance Bottlenecks ● Memory Bottlenecks ● Compute Bottlenecks ● Possible Software and Hardware Solutions q Lecture 4: GPU Security Concerns ● Timing channels ● Possible Software and Hardware Solutions

  3. Era of Heterogeneous Architectures Intel Coffee Lake and AMD Raven Ridge Kaby Lake

  4. Discrete GPUs

  5. Discrete GPUs + Intel Processors

  6. Security Concerns q GPUs may be accelerating applications that are using user-sensitive data (e.g., genomics, financial) q GPUs may be accelerating cryptographic applications (e.g., AES, RSA etc.) and authentication algorithms on-behalf of CPUs q Given the popularity of GPUs, it is imperative to keep GPUs secure against a variety of side-channel attacks and other security vulnerabilities.

  7. Security Attacks q User’s web activity on GPU can be tracked by the malicious attacker who is co-located on the same card [Oakland’14] q AES private keys can be recovered by correlation timing attacks [HPCA’16] q Accelerating attacks via GPUs [Oakland’18] ● Glitch: Accelerating row hammer attacks

  8. Correlation Timing Attacks Server@GPU Plaintexts Ciphertexts Time duration time 1 Plaintext # 1 Ciphertext # 1 time 2 Plaintext # 2 Ciphertext # 2 time 3 Plaintext # 3 Ciphertext # 3 … … … Correct Key Correct Key?? K 1 , K 2 , … ,K , … i Key guesses time start - time stop = time 1 Outside Attacker

  9. Memory Access Coalescing in GPUs Computing Unit Wavefront pool Wavefront . . . Thread # 1 Thread # 32 Scheduler LD/ST Unit Coalescing Unit Global Memory

  10. Memory Access Coalescing in GPUs Wavefront tid = thread id tid = 0 tid = 1 tid = 2 tid = 3 0x00 0x04 0x07 0x09 0x00 0x01 0x02 0x03 Block Address # 0 Block Address # 1 0x04 0x05 0x06 0x07 Block Address # 1 0x04 0x05 0x06 0x07 Block Address # 2 0x08 0x09 0x0A 0x0B

  11. Memory Access Coalescing in GPUs Wavefront tid = thread id tid = 0 tid = 1 tid = 2 tid = 3 0x00 0x04 0x07 0x09 Coalescing Unit Block Address # 0 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Block Address # 1 Block Address # 2 0x08 0x09 0x0A 0x0B

  12. AES implementation on GPU q Symmetric Encryption with 128-bit key and 10 rounds. q S-box implementation involves table lookups. q [Jiang/Fei/Kaeli, HPCA’16] demonstrated that the last round is vulnerable.

  13. Last Round of AES on GPU #$% = 𝑈 #$% ] ⊕ 𝑙 " 𝑑 ) [𝑢 $ "

  14. Last Round of AES on GPU #$% = 𝑈 #$% ] ⊕ 𝑙 " 𝑑 ) [𝑢 $ " Replies # 1 Request # 1 Thread # 1 t i1 T 4 [t i1 ] ⊕ k j LINE # 1 c j1 Replies # 2 Request # 2 Thread # 2 ⊕ k j LINE # 2 t i2 T 4 [t i2 ] c j2 Coalescing … … … … Unit . . . . . . . . . . . . . . . . . . . . . . . . Replies # 32 Request # 32 Thread # 32 LINE # 32 t i32 T 4 [t i32 ] ⊕ k j c j32 Input text Ciphertext to Last Round

  15. Correlation Timing Attack on GPU q Goal of the attack: Recover the AES Key (byte-by-byte) q Last Round of AES is vulnerable #$% = 𝑈 #$% ] ⊕ 𝑙 " 𝑑 ) [𝑢 $ " q Last Round is invertible #$% = 𝑈 #$% ⊕ 𝑙 " ] Memory access /0 [𝑑 𝑢 $ ) " of thread tid How an attacker can calculate the number of coalesced accesses?

  16. Attacker calculates the # of coalesced accesses #$% = 𝑈 #$% ⊕ 𝑙 " ] /0 [𝑑 𝑢 $ ) " Guessed Table Lookup Indices T 4-1 [c j1 ⊕ k jm ] ⊕ k jm c j1 t i1,m Coalesced Accesses ⊕ k jm c j2 T 4-1 [c j2 ⊕ k jm ] t i2,m Correct value of key byte? ( A jm,n ) . . … . … . . . . . . . . . . . . . . . . . . T 4- c j32 ⊕ k jm t i32,m 1 [c j32 ⊕ k jm ] Ciphertext

  17. Coalesced Accesses and Execution Time Associate the number of coalesced accesses with execution time

  18. Finding the Correct Key Value q Attacker encrypts ‘N’ number of plaintexts over server ● Records Ciphertext and Execution time Recorded # of Coalesced Accesses Execution Time Correlations A j0,1 , A j0,2 , . . . . , A j0,N E 1 ,E 2 ,...,E N Corr j0 Key Guess 0 A j1,1 , A j1,2 , . . . . , A j1,N Corr j1 Key Guess 1 . . . . . . Maximum Correct Key A jα,1 , A jα,2 , . . . . , A jα,N Corr jα Correlation Key Byte Guess α . . . . . . Key Corr j255 A j255,1 , A j255,2 , . . . . ,A j255,N Guess 255

  19. Simulating Timing Attack on our Set-up How to mitigate Correlation Timing Why is Correlation Timing Attack Correct guess Attacks on GPU? possible? • The baseline attack leverages the deterministic nature of Incorrect guesses Answer: By making it harder for the the coalescing mechanism • AES key value affects the coalesced accesses attacker to correctly calculate the number • # coalesced accesses affects the execution time of coalesced accesses

  20. Naïve Solution RCoal to mitigate the correlation timing q Disable coalescing altogether? attacks ● Correlation drops to ~ 0 Correct guess ● Correct key byte is indistinguishable • Targets the deterministic nature of the coalescing mechanism • Fixed number of subwarps (or subwavefronts) • Fixed sizes of subwarp (or subwavefronts) • Deterministic mapping of the thread elements to subwarps (or subwavefronts) q Up to 178% performance degradation ● Degradation increases with plaintext size Naïve solution is Good for Security, Bad for Performance Offers no tradeoff

  21. RCoal: Fixed Sized Subwarp (FSS) DEFAULT: number of subwarps = 1 FSS: number of subwarps = 2 sid = 1 sid = 0 sid = 0 tid = 0 tid = 1 tid = 2 tid = 3 tid = 0 tid = 1 tid = 2 tid = 3 0x00 0x04 0x07 0x09 0x00 0x04 0x07 0x09 Coalescing Unit Coalescing Unit 0x00 0x01 0x02 0x03 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x04 0x05 0x06 0x07 0x04 0x05 0x06 0x07 0x08 0x09 0x0A 0x0B 0x08 0x09 0x0A 0x0B

  22. FSS Security against Baseline Attack • Correlation between the number of coalesced accesses and the execution time drops • Correct key byte is harder to find • Improved security

  23. FSS Performance • Memory accesses increase with number of subwarps • Execution time increases with number of subwarps • Performance degrades as number of subwarp increase Can attacker still recover the AES key?

  24. FSS against FSS attack q Attacker can figure out the number of subwarps

  25. FSS against FSS attack q Attacker can figure out the number of subwarps q Attacker can calculate per subwarp accesses Correct guess

  26. FSS against FSS attack q Attack possible when the attacker can RCoal to mitigate the correlation timing figure out number of subwarps! ● Coalescing still deterministic attacks • Targets the deterministic nature of the coalescing mechanism • Fixed number of subwarps • Fixed sizes of subwarp • Deterministic mapping of the thread elements to subwarps

  27. RCoal: Random Sized Subwarp (RSS) q Size distribution We select RSS with Skewed Distribution RCoal to mitigate the correlation timing RCoal to mitigate the correlation timing attacks attacks • Targets the deterministic nature of the coalescing mechanism û • Fixed number of subwarps ü Skewed Distribution Normal Distribution • Fixed sizes of subwarp • Deterministic mapping of the thread elements to subwarps • Mean of the distribution is different than FSS • Mean of the distribution is same as FSS • Large subwarp offers better coalescing • Security and performance similar to FSS • Improved security compared to FSS • Improved performance compared to FSS

  28. RCoal: Random-Threaded Subwarp (RTS) FSS: number of subwarps = 2 FSS+RTS: number of subwarps = 2 tid = 0 tid = 1 tid = 2 tid = 3 tid = 0 tid = 1 tid = 2 tid = 3 0x00 0x01 0x06 0x07 0x00 0x01 0x06 0x07 sid = 0 sid = 0 sid = 1 sid = 1 sid = 0 sid = 0 sid = 1 sid = 1 Coalescing Unit Coalescing Unit 0x00 0x01 0x02 0x03 0x00 0x01 0x02 0x03 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x04 0x05 0x06 0x07 0x04 0x05 0x06 0x07

  29. RCoal: Random-Threaded Subwarp (RTS) RSS: number of subwarps = 2 RSS+RTS: number of subwarps = 2 sid = 1 sid = 1 sid = 0 sid = 0 tid = 2 tid = 0 tid = 1 tid = 3 tid = 0 tid = 1 tid = 2 tid = 3 0x06 0x00 0x01 0x08 0x00 0x01 0x06 0x08 Coalescing Unit Coalescing Unit 0x00 0x01 0x02 0x03 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 0x08 0x09 0x0A 0x0B 0x08 0x09 0x0A 0x0B

  30. Evaluation Set-up q AES-128 q Plaintext with 32 lines q GPGPU-SIM ● 15 SMs, 32 threads/warp, one subwarp per coalescing unit (base case) ● GDDR5 Memory with 6 MCs, 16 DRAM-banks, 4 bank-groups/MC q Enhanced Attack Algorithms ● Corresponding Attacks

  31. Performance/Security Trade-off 2 Correlation 1 Security (Lower the better) 0 1 2 4 8 16 32 Number of Subwarps FSS FSS+RTP RSS RSS+RTP Offers Security/Performance Trade-off 1.5 Execution Time Execution Time (Lower the better) 1 0.5 0 1 2 4 8 16 32 Number of Subwarps FSS FSS+RTS RSS RSS+RTS

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ACACES 2018 Summer School GPU Architectures: Basic to Advanced Concepts Adwait Jog, Assistant

ACACES 2018 Summer School GPU Architectures: Basic to Advanced Concepts Adwait Jog, Assistant

ACACES 2018 Summer School GPU Architectures: Basic to Advanced Concepts Adwait Jog, Assistant Professor College of William & Mary (http://adwaitjog.github.io/) Course Outline q Lectures 1 and 2: Basics Concepts Basics of GPU

644 views • 53 slides
ACACES 2018 Summer School GPU Architectures: Basic to Advanced Concepts Adwait Jog, Assistant

ACACES 2018 Summer School GPU Architectures: Basic to Advanced Concepts Adwait Jog, Assistant

ACACES 2018 Summer School GPU Architectures: Basic to Advanced Concepts Adwait Jog, Assistant Professor College of William & Mary (http://adwaitjog.github.io/) William & Mary - Second oldest-institution of higher education in the

581 views • 43 slides
Do we still care about single thread performance? ACACES

Do we still care about single thread performance? ACACES

Do we still care about single thread performance? ACACES 2008 Dean Tullsen Speedup 1.0 .1 .9 ACACES 2008 Dean Tullsen Speedup 1.0 .1 .9 1/.55 = 1.82 .1 .45 ACACES 2008 Dean

839 views • 42 slides
Learning Deep Architectures Yoshua Bengio, U. Montreal CIFAR NCAP Summer School 2009 August 6th,

Learning Deep Architectures Yoshua Bengio, U. Montreal CIFAR NCAP Summer School 2009 August 6th,

Learning Deep Architectures Yoshua Bengio, U. Montreal CIFAR NCAP Summer School 2009 August 6th, 2009, Montreal Main reference: Learning Deep Architectures for AI, Y. Bengio, to appear in Foundations and Trends in Machine Learning ,

1.09k views • 87 slides
Architectures Architectural styles Software architectures Architectures versus middleware

Architectures Architectural styles Software architectures Architectures versus middleware

Architectures Architectures Architectural styles Software architectures Architectures versus middleware Self-management in distributed systems 1 / 26 Architectures Architectural styles Architectural styles Basic idea Organize into

571 views • 33 slides
N ho! 1 10/05/2019 Basic info 15 point MGMT elective offered in SU2 (summer school) 11

N ho! 1 10/05/2019 Basic info 15 point MGMT elective offered in SU2 (summer school) 11

10/05/2019 MGMT228 Heading Chinese Business Subheading Practices and Culture (study tour) N ho! 1 10/05/2019 Basic info 15 point MGMT elective offered in SU2 (summer school) 11 Nov 15/22 Dec 2019 Prereqs: 120 points

645 views • 25 slides
Academic Summer School June 18 July 13, 2018 Program Features Welcome Curriculum

Academic Summer School June 18 July 13, 2018 Program Features Welcome Curriculum

Saratoga Union School District Academic Summer School June 18 July 13, 2018 Program Features Welcome Curriculum & to SUSDs Assessments English Learner Academic Support Summer Locations School! Schedule

516 views • 18 slides
Summer School 2020 Canterbury Whats a summer school? summer sciool noun [C] /sm

Summer School 2020 Canterbury Whats a summer school? summer sciool noun [C] /sm

Summer School 2020 Canterbury Whats a summer school? summer sciool noun [C] /sm skul/ 1. Classes taken during the summer that make it possible to 2. An academic excursion that allows you to move more quickly towards a

258 views • 13 slides
CSCE 496/896 Lecture 6: Architectures Stephen Scott Recurrent Architectures Introduction Basic

CSCE 496/896 Lecture 6: Architectures Stephen Scott Recurrent Architectures Introduction Basic

CSCE 496/896 Lecture 6: Recurrent CSCE 496/896 Lecture 6: Architectures Stephen Scott Recurrent Architectures Introduction Basic Idea I/O Mappings Stephen Scott Examples Training (Adapted from Vinod Variyam and Ian Goodfellow) Deep

378 views • 35 slides
Tracking 2 Basic Principles of Detectors Jochen Kaminski University of Bonn BND summer

Tracking 2 Basic Principles of Detectors Jochen Kaminski University of Bonn BND summer

Tracking 2 Basic Principles of Detectors Jochen Kaminski University of Bonn BND summer school Callantsoog, Netherlands 4.-6.9.2017 Overview Course Lecture 1: Tracking - Basics and Reconstruction Lecture 2: Basic Principle of

1.18k views • 54 slides
COMPUTER SOCIETY OF ZIMBABWE SUMMER SCHOOL 2018: VIC FALLS 07-10 November 2018 EVERYTHING ICT

COMPUTER SOCIETY OF ZIMBABWE SUMMER SCHOOL 2018: VIC FALLS 07-10 November 2018 EVERYTHING ICT

COMPUTER SOCIETY OF ZIMBABWE SUMMER SCHOOL 2018: VIC FALLS 07-10 November 2018 EVERYTHING ICT THE DIGITAL AGE & CYBER SECURITY RUFARO E. MHANDU SENIOR ASSOCIATE CRIMINAL LAW & CYBERLAW SPECIALIST MUVINGI AND MUGADZA LEGAL

1.37k views • 45 slides
Basic Income Citizens Basic Income Day 20 th February 2018 London School of Economics Dr.

Basic Income Citizens Basic Income Day 20 th February 2018 London School of Economics Dr.

The definition of a Citizens Basic Income Citizens Basic Income Day 20 th February 2018 London School of Economics Dr. Malcolm Torry, Director, Citizens Basic Income Trust, and Senior Visiting Fellow, London School of Economics The

314 views • 13 slides
Jesuit Basic Education Commission PHILIPPINES SCHOOL YEAR 2018 - 2019 BASIC DATA FOR EACH

Jesuit Basic Education Commission PHILIPPINES SCHOOL YEAR 2018 - 2019 BASIC DATA FOR EACH

Jesuit Basic Education Commission PHILIPPINES SCHOOL YEAR 2018 - 2019 BASIC DATA FOR EACH SCHOOL Summary of Data for Jesuit Basic Education Schools in the Philippines Primary Student % of Jesuit School JHS SHS Involved Total Sta ff

488 views • 31 slides
Symbolic Execution and Fuzz Testing ISSISP Summer School 2018 Prof. Abhik Roychoudhury National

Symbolic Execution and Fuzz Testing ISSISP Summer School 2018 Prof. Abhik Roychoudhury National

Symbolic Execution and Fuzz Testing ISSISP Summer School 2018 Prof. Abhik Roychoudhury National University of Singapore 1 Thanks to organizers and ISSISP Steve Blackburn Adrian Herrera ISSISP Summer School 2018 Tony Hosking

1.17k views • 99 slides
Warwick Summer School 2018 in London in collaboration with St Marys University 15 July 3

Warwick Summer School 2018 in London in collaboration with St Marys University 15 July 3

Warwick Summer School 2018 in London in collaboration with St Marys University 15 July 3 August Excellence in the Capital Students on the Warwick Summer School in London will be taught by academics from one of the UKs leading

451 views • 3 slides
Summer School In In Antimicrobial Resistance (A (AMR) and Stewardship (A (AMS) Our University

Summer School In In Antimicrobial Resistance (A (AMR) and Stewardship (A (AMS) Our University

Universitas 21 Health Scie iences Summer School In In Antimicrobial Resistance (A (AMR) and Stewardship (A (AMS) Our University Our City Summer School Obje jectives After the completion of the summer school students should be able to:

305 views • 11 slides
Live Green Eric Frew and Sriram Sankaranarayanan University of Colorado, Boulder FMCAD18

Live Green Eric Frew and Sriram Sankaranarayanan University of Colorado, Boulder FMCAD18

Run-time Assurance for UAVs using Stochastic Modeling and Reachability Analysis Hansol Yoon, Yi Chou, Live Green Eric Frew and Sriram Sankaranarayanan University of Colorado, Boulder FMCAD18 Student Forum October 31, 2018 * Unmanned

479 views • 4 slides
Metaphor (and Metonymy) March 6, 2017 Next Assignments FST regression test suite FST

Metaphor (and Metonymy) March 6, 2017 Next Assignments FST regression test suite FST

Metaphor (and Metonymy) March 6, 2017 Next Assignments FST regression test suite FST Chat Bot Movie Scene/Narrative For Chat Bot and Movie Scene/Narrative, move beyond morpho-syntax (how language is formed) to look at how

667 views • 31 slides
Time-to-Live TLV for LSP-Ping draft-ietf-mpls-lsp-ping-ttl-tlv-01 Sami Boutros

Time-to-Live TLV for LSP-Ping draft-ietf-mpls-lsp-ping-ttl-tlv-01 Sami Boutros

Time-to-Live TLV for LSP-Ping draft-ietf-mpls-lsp-ping-ttl-tlv-01 Sami Boutros Siva Sivabalan George Swallow Vishwas Manral Shaleen Saxena Sam Aldrin Michael Wildt Background The draft

329 views • 5 slides
CS 528 Mobile and Ubiquitous Computing Lecture 6: Maps, Sensors, Widget Catalog and Presentations

CS 528 Mobile and Ubiquitous Computing Lecture 6: Maps, Sensors, Widget Catalog and Presentations

CS 528 Mobile and Ubiquitous Computing Lecture 6: Maps, Sensors, Widget Catalog and Presentations Emmanuel Agu Using Maps Introducing MapView and Map Activity MapView: UI widget that displays maps MapActivity: java class (extends

987 views • 74 slides
Skiplist Timing Attack Vulnerability Eyal Nussbaum PhD Student, Communication Systems Engineering

Skiplist Timing Attack Vulnerability Eyal Nussbaum PhD Student, Communication Systems Engineering

Skiplist Timing Attack Vulnerability Eyal Nussbaum PhD Student, Communication Systems Engineering School of Electrical and Computer Engineering Ben-Gurion University of the Negev Advisor: Professor Michael Segal Talk Overview Introduction

203 views • 19 slides
Exclusive Exponent Blinding May Not Suffice Attacks on RSA to Prevent Timing Attacks on RSA

Exclusive Exponent Blinding May Not Suffice Attacks on RSA to Prevent Timing Attacks on RSA

Exclusive Exponent Blinding May Not Suffice to Prevent Timing Exclusive Exponent Blinding May Not Suffice Attacks on RSA to Prevent Timing Attacks on RSA Werner Schindler Bundesamt f ur Sicherheit in der Werner Schindler

553 views • 23 slides
Cache-Timing Attacks Matteo BOCCHI System Research & Applications STMicroelectronics S.r.l.

Cache-Timing Attacks Matteo BOCCHI System Research & Applications STMicroelectronics S.r.l.

Cache-Timing Attacks Matteo BOCCHI System Research & Applications STMicroelectronics S.r.l. 2018/12/06 Agenda 2 STM32 Nucleo Boards STM32 Firewall Cache-Timing Attack Evict&Time vs. MbedTLS AES on STM32

477 views • 20 slides
RSA: More about attacks Need to take care with the implementation, e.g.: - Do not take p or q

RSA: More about attacks Need to take care with the implementation, e.g.: - Do not take p or q

RSA: More about attacks Need to take care with the implementation, e.g.: - Do not take p or q very small. - Difference of p and q should not be very small. More subtle, e.g.: Thm: If 3d < n and q<p<2q, then d can be found in

206 views • 8 slides

More recommend