survey

Microarchitectural Attacks in Heterogeneous Systems: A Survey

Authors:

Hoda Naghibijouybari,

Esmaeil Mohammadian Koruyeh,

Nael Abu-GhazalehAuthors Info & Claims

ACM Computing Surveys, Volume 55, Issue 7

Article No.: 142, Pages 1 - 40

https://doi.org/10.1145/3544102

Published: 15 December 2022 Publication History

Abstract

With the increasing proliferation of hardware accelerators and the predicted continued increase in the heterogeneity of future computing systems, it is necessary to understand the security properties of such systems. In this survey article, we consider the security of heterogeneous systems against microarchitectural attacks, with a focus on covert- and side-channel attacks, as well as fault injection attacks. We review works that have explored the vulnerability of the individual accelerators (such as Graphical Processing Units, GPUs, and Field Programmable Gate Arrays, FPGAs) against these attacks, as well as efforts to mitigate them. We also consider the vulnerability of other components within a heterogeneous system such as the interconnect and memory component. We believe that this survey is especially timely, as new accelerators and heterogeneous systems are being designed such that these designs understand the security threats and develop systems that are not only performant but also secure.

References

[1]

Google. 2015. Chromium:window.performance.now does not support sub-millisecond precision on Windows. Retrieved from https://bugs.chromium.org/p/chromium/issues/detail?id=158234#c110.

[2]

Intel. 2015. Intel and Micron Produce Breakthrough Memory Technology. Retrieved from https://newsroom.intel.com/news-releases/intel-and-micron-produce-breakthrough-memory-technology/#gs.5irpfz.

[3]

Nvidia. 2016. GRID VIRTUAL GPU. Technical Report. Nvidia. Retrieved from https://docs.nvidia.com/grid/latest/grid-vgpu-user-guide/index.html.

[4]

AMD. 2016. Whitepaper: AMD Multiuser GPU: Hardware-enabled GPU Virtualization for a TrueWorkstation Experience. Technical Report.

[5]

Luke Wagner. 2018. Mitigations landing for new class of timing attack. Retrieved from https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/.

[6]

Nvidia. 2019. Security Notice. Retrieved from https://nvidia.custhelp.com/app/answers/detail/a_id/4738.

[7]

Dzmitry Malyshau. 2021. WebGPU Implementation Status. Retrieved from https://github.com/gpuweb/gpuweb/wiki/Implementation-Status.

[8]

Gary Hilson. 2018. Adesto Touts ReRAM for Automotive. Retrieved from https://www.eetimes.com/adesto-touts-reram-for-automotive/.

[9]

Alibaba. 2021. Super Computing Cluster. Retrieved from https://www.alibabacloud.com/product/scc.

[10]

Alibaba. 2021. FPGA-based compute-optimized instance families. Retrieved from https://www.alibabacloud.com/help/doc-detail/108504.html.

[11]

Arm. 2021. Arm Ethos-N series processors. Retrieved from https://developer.arm.com/ip-products/processors/machine-learning/arm-ethos-n.

[12]

Everspin Technologies. 2015. Automotive Temperature Range MRAM. Retrieved from https://www.everspin.com/file/882/download.

[13]

IEEE Computer Society. 2021. Developing Heterogeneous Cache Coherent SoCs—and More! Retrieved from https://www.computer.org/publications/tech-news/heterogeneous-system-architecture/developing-heterogeneous-cache-coherent-socs-and-more.

[14]

Infineon. 2021. Ferroelectric RAM(FeRAM) - Instant non-volatile memory. Retrieved from https://www.cypress.com/products/f-ram-nonvolatile-ferroelectric-ram.

[15]

Mark Russinovich. 2017. Inside the Microsoft FPGA-based configurable cloud. Retrieved from https://www.slideshare.net/insideHPC/inside-microsofts-fpgabased-configurable-cloud.

[16]

Intel. 2021. Intel Data Direct I/O Technology. Retrieved from https://www.intel.com/content/www/us/en/io/data-direct-i-o-technology.html.

[17]

Nvidia. 2021. Developing a Linux Kernel Module using GPUDirect RDMA. Retrieved from https://docs.nvidia.com/cuda/gpudirect-rdma/index.html.

[18]

Nvidia. 2021. NVIDIA DGX-2. Retrieved from https://www.nvidia.com/en-us/data-center/dgx-2/.

[19]

Nvidia. 2021. Nvidia GPUDirect. Retrieved from https://developer.nvidia.com/gpudirect.

[20]

NVM Express. 2021. NVM Express Moves into The Future. Retrieved from https://nvmexpress.org/wp-content/uploads/NVMe_Over_Fabrics.pdf.

[21]

Intel. 2021. Optane™PMem. Retrieved from https://www.intel.com/content/www/us/en/architecture-and-technology/optane-dc-persistent-memory.html.

[22]

Arm. 2021. Security on ARM Trustzone. Retrieved from https://www.arm.com/products/security-on-arm/trustzone.

[23]

Arm. 2021. The Arm CoreLink CCI-550 Cache Coherent Interconnect. Retrieved from https://www.arm.com/products/silicon-ip-system/corelink-interconnect/cci-550.

[24]

Nvidia. 2021. CUDA. Retrieved from https://developer.nvidia.com/cuda-zone/.

[25]

Nvidia. 2021. MPS. Retrieved from https://docs.nvidia.com/deploy/mps/index.html.

[26]

NVIDIA. 2021. NVIDIA V100 TENSOR CORE GPU. Technical Report. Retrieved from https://www.nvidia.com/en-us/data-center/v100/.

[27]

Khronos Group. 2021. OpenCL Overview. Retrieved from https://www.khronos.org/opencl/.

[28]

Khronos Group. 2021. OpenCL Overview. Retrieved from https://www.khronos.org/opengles/.

[29]

Khronos Group. 2021. OpenGL Overview. Retrieved from https://www.khronos.org/opengl/.

[30]

Khronos Group. 2021. Vulkan Overview. Retrieved from https://www.khronos.org/vulkan/.

[31]

Khronos Group. 2021. OpenGL ES. Retrieved from https://www.khronos.org/webgl/.

[32]

Khronos Group. 2021. WebGL Security. https://www.khronos.org/webgl/security/ Retrieved from https://www.khronos.org/webgl/security/.

[33]

Junwhan Ahn, Sungpack Hong, Sungjoo Yoo, Onur Mutlu, and Kiyoung Choi. 2015. A scalable processing-in-memory accelerator for parallel graph processing. SIGARCH Comput. Archit. News 43, 3S (June2015), 105–117. DOI:

Digital Library

[34]

Jaeguk Ahn, Cheolgyu Jin, Jiho Kim, Minsoo Rhu, Yunsi Fei, David Kaeli, and John Kim. 2021. Trident: A hybrid correlation-collision GPU cache timing attack for AES key recovery. In IEEE International Symposium on High-Performance Computer Architecture (HPCA). 332–344. DOI:

[35]

Jaeguk Ahn, Jiho Kim, Hans Kasan, Leila Delshadtehrani, Wonjun Song, Ajay Joshi, and John Kim. 2021. Network-on-chip microarchitecture-based covert channel in GPUs. InIEEE/ACM International Symposium on Microarchitecture. Association for Computing Machinery, New York, NY, 565–577. DOI:

Digital Library

[36]

Amazon AWS. 2019. Amazon Elastic Graphics. Retrieved from https://aws.amazon.com/ec2/Elastic-GPUs/.

[37]

AMD. 2021. CoreLink Cache Coherent Interconnect Family. Retrieved from https://developer.arm.com/ip-products/system-ip/corelink-interconnect/corelink-cache-coherent-interconnect-family.

[38]

Aayush Ankit, Izzat El Hajj, Sai Rahul Chalamalasetti, Geoffrey Ndu, Martin Foltin, R. Stanley Williams, Paolo Faraboschi, Wen-Mei W. Hwu, John Paul Strachan, Kaushik Roy, et al. 2019. PUMA: A programmable ultra-efficient memristor-based accelerator for machine learning inference. In 24th International Conference on Architectural Support for Programming Languages and Operating Systems. 715–731.

Digital Library

[39]

Aayush Ankit, Abhronil Sengupta, Priyadarshini Panda, and Kaushik Roy. 2017. RESPARC: A reconfigurable and energy-efficient architecture with memristive crossbars for deep spiking neural networks. In 54th Annual Design Automation Conference. 1–6.

Digital Library

[40]

ARM. 2021. CoreLink Cache Coherent Interconnect Family. Retrieved from https://developer.arm.com/ip-products/system-ip/corelink-interconnect/corelink-cache-coherent-interconnect-family.

[41]

Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, and Daniel Gruss. 2019. A systematic evaluation of transient execution attacks and defenses. In 28th USENIX Security Symposium (USENIX Security’19). USENIX Association, 249–266. Retrieved from https://www.usenix.org/conference/usenixsecurity19/presentation/canella.

[42]

Claudio Canella, Daniel Genkin, Lukas Giner, Daniel Gruss, Moritz Lipp, Marina Minkin, Daniel Moghimi, Frank Piessens, Michael Schwarz, Berk Sunar, Jo Van Bulck, and Yuval Yarom. 2019. Fallout: Leaking data on meltdown-resistant CPUs. In ACM SIGSAC Conference on Computer and Communications Security (CCS’19). Association for Computing Machinery, New York, NY, 769–784. DOI:

Digital Library

[43]

Gaetan Canivet, Paolo Maistri, Regis Leveugle, Jessy Clédière, Florent Valette, and Marc Renaudin. 2010. Glitch and laser fault attacks onto a secure AES implementation on a SRAM-based FPGA. J. Cryptol. 24 (2010), 247–268.

Digital Library

[44]

Yinzhi Cao, Song Li, and Erik Wijmans. 2017. (Cross-)browser fingerprinting via OS and hardware level features. In Network and Distributed System Security Symposium.

[45]

Luis Ceze, Mark Hill, and Thomas Wenisch. 2016. Arch2030: A vision of computer architecture research over the next 15 Years. ArXiv abs/1612.03182 (2016).

[46]

Abhishek Chakraborty, Ankit Mondal, and Ankur Srivastava. 2017. Correlation power analysis attack against STT-MRAM based cyptosystems. In IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 171–171. DOI:

[47]

Jie Chen and Guru Venkataramani. 2014. CC-hunter: Uncovering covert timing channels on shared processor hardware. In 47th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO’14). IEEE, Cambridge UK, 216–228. DOI:

Digital Library

[48]

Tianshi Chen, Zidong Du, Ninghui Sun, Jia Wang, Chengyong Wu, Yunji Chen, and Olivier Temam. 2014. Diannao: A small-footprint high-throughput accelerator for ubiquitous machine-learning. ACM SIGARCH Comput. Archit. News 42, 1 (2014), 269–284.

Digital Library

[49]

Byn Choi, Rakesh Komuravelli, Hyojin Sung, Robert Smolinski, Nima Honarmand, Sarita V. Adve, Vikram S. Adve, Nicholas P. Carter, and Ching-Tsun Chou. 2011. DeNovo: Rethinking the memory hierarchy for disciplined parallelism. In International Conference on Parallel Architectures and Compilation Techniques. 155–166. DOI:

Digital Library

[50]

Alex Christensen. 2015. Reduce resolution of performance.now. Retrieved from https://bugs.webkit.org/show_bug.cgi?id=146531.

[51]

William J. Dally, Yatish Turakhia, and Song Han. 2020. Domain-specific hardware accelerators. Commun. ACM 63, 7 (June2020), 48–57. DOI:

Digital Library

[52]

Finn de Ridder, Pietro Frigo, Emanuele Vannacci, Herbert Bos, Cristiano Giuffrida, and Kaveh Razavi. 2021. SMASH: Synchronized many-sided Rowhammer attacks from JavaScript. In 30th USENIX Security Symposium (USENIX Security’21). USENIX Association, 1001–1018. Retrieved from https://www.usenix.org/conference/usenixsecurity21/presentation/ridder.

[53]

John Demme, Matthew Maycock, Jared Schmitz, Adrian Tang, Adam Waksman, Simha Sethumadhavan, and Salvatore Stolfo. 2013. On the feasibility of online malware detection with performance counters. In International Symposium on Computer Architecture (ISCA).

[54]

Robert H. Dennard, Feritz H. Gaensslen, Hwa-Nien Yu, V. Leo Rideout, Ernest Bassous, and Andre R. LeBlanc. 1974. Design of ion-implanted MOSFET’s with very small physical dimensions. IEEE J. Solid-State Circ. 9, 5 (1974), 256–268. DOI:

[55]

Leonid Domnitser, Aamer Jaleel, Jason Loew, Nael Abu-Ghazaleh, and Dmitry Ponomarev. 2012. Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks. ACM Trans. Archit. Code Optim. 8, 4 (2012). DOI:

Digital Library

[56]

Sankha B. Dutta, Hoda Naghibijouybari, Nael Abu-Ghazaleh, Andres Marquez, and Kevin Barker. 2021. Leaky buddies: Cross-component covert channels on integrated CPU-GPU systems. In International Symposium on Computer Architecture (ISCA).

[57]

Hadi Esmaeilzadeh, Emily Blem, Renée St. Amant, Karthikeyan Sankaralingam, and Doug Burger. 2011. Dark silicon and the end of multicore scaling. In 38th Annual International Symposium on Computer Architecture (ISCA). 365–376.

[58]

Dmitry Evtyushkin and Dmitry Ponomarev. 2016. Covert channels through random number generator: Mechanisms, capacity estimation and mitigations. In ACM Computer and Communications Security Conference.

Digital Library

[59]

Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh. 2016. Understanding and mitigating covert channels through branch predictors. ACM Trans. Archit. Code Optim. 13, 1 (2016), 10.

Digital Library

[60]

Dmitry Evtyushkin, Ryan Riley, Nael C. S. E. Abu-Ghazaleh, E. C. E., and Dmitry Ponomarev. 2018. BranchScope: A new side-channel attack on directional branch predictor. In International Conference on Architecture Support for Operating Systems and Programming Languages (ASPLOS’18).

[61]

Jeremy Fowers, Kalin Ovtcharov, Michael Papamichael, Todd Massengill, Ming Liu, Daniel Lo, Shlomi Alkalay, Michael Haselman, Logan Adams, Mahdi Ghandi, Stephen Heil, Prerak Patel, Adam Sapek, Gabriel Weisz, Lisa Woods, Sitaram Lanka, Stephen K. Reinhardt, Adrian M. Caulfield, Eric S. Chung, and Doug Burger. 2018. A configurable cloud-scale DNN processor for real-time AI. In ACM/IEEE 45th Annual International Symposium on Computer Architecture (ISCA). 1–14.

[62]

Pietro Frigo, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2018. Grand pwning unit: Accelerating microarchitectural attacks with the GPU. In IEEE Symposium on Security and Privacy. 357–372. DOI:

[63]

Pietro Frigo, Emanuele Vannacci, Hasan Hassan, Victor van der Veen, Onur Mutlu, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2020. TRRespass: Exploiting the many sides of target row refresh. In IEEE Symposium on Security and Privacy. Retrieved from https://download.vusec.net/papers/trrespass_sp20.pdfSlides.

[64]

Yiwen Gao, Hailong Zhang, Wei Cheng, Yongbin Zhou, and Yuchen Cao. 2018. Electro-magnetic analysis of GPU-based AES implementation. In 55th Annual Design Automation Conference (DAC’18). Association for Computing Machinery, New York, NY. DOI:

Digital Library

[65]

Yiwen Gao, Yongbin Zhou, and Wei Cheng. 2018. How does strict parallelism affect security? A case study on the side-channel attacks against GPU-based bitsliced AES implementation. IACR Cryptol. ePrint Arch. 2018 (2018), 1080.

[66]

Qian Ge, Y. Yarom, David Cock, and G. Heiser. 2016. A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. J. Cryptog. Eng. 8 (2016), 1–27.

[67]

Ilias Giechaskiel, Kasper B. Rasmussen, and Ken Eguro. 2018. Leaky wires: Information leakage and covert communication between FPGA long wires. In Asia Conference on Computer and Communications Security (ASIACCS’18). Association for Computing Machinery, New York, NY, 15–27. DOI:

Digital Library

[68]

Ilias Giechaskiel, Kasper Bonne Rasmussen, and Jakub Szefer. 2020. C<sup>3</sup>APSULe: Cross-FPGA covert-channel attacks through power supply unit leakage. In IEEE Symposium on Security and Privacy (SP). 1728–1741. DOI:

[69]

Ilias Giechaskiel and Jakub Szefer. 2020. Information leakage from FPGA routing and logic elements. In IEEE/ACM International Conference On Computer Aided Design (ICCAD). 1–9.

Digital Library

[70]

Ilias Giechaskiel, Shanquan Tian, and Jakub Szefer. 2021. Cross-VM information leaks in FPGA-accelerated cloud environments. In IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 91–101. DOI:

[71]

Ognjen Glamočanin, Louis Coulon, Francesco Regazzoni, and Mirjana Stojilović. 2020. Are cloud FPGAs really vulnerable to power analysis attacks? In Design, Automation & Test in Europe Conference & Exhibition (DATE). 1007–1010. DOI:

[72]

Dennis R. E. Gnad, Cong Dang Khoa Nguyen, Syed Hashim Gillani, and Mehdi Tahoori. 2019. Voltage-based covert channels in multi-tenant FPGAs. IACR Cryptol. ePrint Arch. 2019 (2019), 1394.

[73]

Ian Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and harnessing adversarial examples. CoRR abs/1412.6572 (2015).

[74]

Google Cloud. 2020. Cloud Tensor Processing Units (TPUs). Retrieved from https://cloud.google.com/tpu/docs/tpus.

[75]

Google Cloud Platform. 2019. Cloud GPUs. Retrieved from https://cloud.google.com/gpu/.

[76]

Joseph Gravellier, Jean-Max Dutertre, Yannick Teglia, Philippe Loubet Moundi, and Francis Olivier. 2020. Remote side-channel attacks on heterogeneous SoC. In Smart Card Research and Advanced Applications, Sonia Belaïd and Tim Güneysu (Eds.). Springer International Publishing, Cham, 109–125.

[77]

Daniel Gruss, David Bidner, and Stefan Mangard. 2015. Practical memory deduplication attacks in sandboxed JavaScript. In European Symposium on Research in Computer Security.

[78]

Daniel Gruss, Moritz Lipp, Michael Schwarz, Daniel Genkin, Jonas Juffinger, Sioli O’Connell, Wolfgang Schoechl, and Yuval Yarom. 2018. Another flip in the wall of Rowhammer defenses. In IEEE Symposium on Security and Privacy (SP). IEEE, 245–261.

[79]

Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2016. Rowhammer.js: A remote software-induced fault attack in JavaScript. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 300–321.

Digital Library

[80]

Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. 2016. Flush+Flush: A fast and stealthy cache attack. In Conference on Detection of Intrusions and Malware & Vulnerability Assessment.

Digital Library

[81]

Amira Guesmi, Ihsen Alouani, Khaled N. Khasawneh, Mouna Baklouti, Tarek Frikha, Mohamed Abid, and Nael Abu-Ghazaleh. 2021. Defensive approximation: Securing CNNs using approximate computing. In 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’21). Association for Computing Machinery, New York, NY, 990–1003. DOI:

Digital Library

[82]

Tae Jun Ham, Lisa Wu, Narayanan Sundaram, Nadathur Satish, and Margaret Martonosi. 2016. Graphicionado: A high-performance and energy-efficient accelerator for graph analytics. In 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, 1–13.

[83]

Rehan Hameed, Wajahat Qadeer, Megan Wachs, Omid Azizi, Alex Solomatnikov, Benjamin C. Lee, Stephen Richardson, Christos Kozyrakis, and Mark Horowitz. 2010. Understanding sources of inefficiency in general-purpose chips. In 37th Annual International Symposium on Computer Architecture (ISCA’10). Association for Computing Machinery, New York, NY, 37–47. DOI:

Digital Library

[84]

John L. Hennessy and David A. Patterson. 2011. Computer Architecture: A Quantitative Approach. Elsevier.

Digital Library

[85]

Morteza Hoseinzadeh, Mohammad Arjomand, and Hamid Sarbazi-Azad. 2014. Reducing access latency of MLC PCMs through line striping. In ACM/IEEE 41st International Symposium on Computer Architecture (ISCA). 277–288. DOI:

[86]

Miao Hu, Hai Li, Qing Wu, and Garrett S. Rose. 2012. Hardware realization of BSB recall function using memristor crossbar arrays. In DAC Design Automation Conference. IEEE, 498–503.

Digital Library

[87]

Xing Hu, Ling Liang, Shuangchen Li, Lei Deng, Pengfei Zuo, Yu Ji, Xinfeng Xie, Yufei Ding, Chang Liu, Timothy Sherwood, and Yuan Xie. 2020. DeepSniffer: A DNN model extraction framework based on learning architectural hints. In 25th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’20). Association for Computing Machinery, New York, NY, 385–399. DOI:

Digital Library

[88]

Jennifer Huffstetler. 2018. Intel processors and FPGAs—Better together. Retrieved from https://itpeernetwork.intel.com/intel-processors-fpga-better-together/.

[89]

Tyler Hunt, Zhipeng Jia, Vance Miller, Ariel Szekely, Yige Hu, Christopher J. Rossbach, and Emmett Witchel. 2020. Telekine: Secure computing with cloud GPUs. In 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI’20). USENIX Association, 817–833. Retrieved from https://www.usenix.org/conference/nsdi20/presentation/hunt.

[90]

Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2015. S$A: A shared cache attack that works across cores and defies VM sandboxing—and its application to AES. In IEEE Symposium on Security and Privacy. 591–604. DOI:

Digital Library

[91]

Anirudh Iyengar, Swaroop Ghosh, Nitin Rathi, and Helia Naeimi. 2016. Side channel attacks on STTRAM and low-overhead countermeasures. In IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT). 141–146. DOI:

[92]

Aamer Jaleel, Eric Borch, Malini Bhandaru, Simon C. Steely Jr., and Joel Emer. 2010. Achieving non-inclusive cache performance with inclusive caches—temporal locality aware (TLA) cache management policies. In International Symposium on Microarchitecture (MICRO).

[93]

Insu Jang, Adrian Tang, Taehoon Kim, Simha Sethumadhavan, and Jaehyuk Huh. 2019. Heterogeneous isolated execution for commodity GPUs. In 24th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’19). Association for Computing Machinery, New York, NY, 455–468. DOI:

Digital Library

[94]

Zhen Hang Jiang, Yunsi Fei, and David Kaeli. 2016. A complete key recovery timing attack on a GPU. In IEEE International Symposium on High Performance Computer Architecture (HPCA’16). IEEE, 394–405. DOI:

[95]

Zhen Hang Jiang, Yunsi Fei, and David Kaeli. 2017. A novel side-channel timing attack on GPUs. In Great Lakes Symposium on VLSI (VLSI’17). 167–172. DOI:

Digital Library

[96]

Zhe Zhou, Zhou Liy, Junyi Wei, Yicheng Zhangy, and Mohammad Abdullah Al Faruque. 2020. Leaky DNN: Stealing deep-learning model secret with GPU context-switching side-channel. In IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[97]

Gurunath Kadam, Danfeng Zhang, and Adwait Jog. 2018. RCoal: Mitigating GPU timing attack via subwarp-based randomized coalescing techniques. In International Symposium on High Performance Computer Architecture (HPCA). Retrieved from http://adwaitjog.github.io/docs/pdf/rcoal-hpca18.pdf.

[98]

Gurunath Kadam, Danfeng Zhang, and Adwait Jog. 2020. BCoal: Bucketing-based memory coalescing for efficient and secure GPUs. In IEEE International Symposium on High Performance Computer Architecture (HPCA). 570–581.

[99]

Tejas Karmarkar. 2021. Availability of Linux RDMA on Microsoft Azure. Retrieved from https://azure.microsoft.com/en-us/blog/azure-linux-rdma-hpc-available/.

[100]

Mehmet Kayaalp, Dmitry Ponomarev, Nael Abu-Ghazaleh, and Aamer Jaleel. 2016. A high-resolution side-channel attack on last-level cache. In 53th Annual Design Automation Conference.

Digital Library

[101]

Mikhail Kazdagli, Vijay Janapa Reddi, and Mohit Tiwari. 2016. Quantifying and improving the efficiency of hardware-based mobile malware detectors. In International Symposium on Microarchitecture (MICRO).

[102]

Zijo Kenjar, Tommaso Frassetto, David Gens, Michael Franz, and Ahmad-Reza Sadeghi. 2020. V0LTpwn: Attacking x86 processor integrity from software. In 29th USENIX Security Symposium (USENIX Security’20). USENIX Association, 1445–1461. Retrieved from https://www.usenix.org/conference/usenixsecurity20/presentation/kenjar.

[103]

Mohammad Nasim Imtiaz Khan and Swaroop Ghosh. 2018. Analysis of Rowhammer attack on STTRAM. In IEEE 36th International Conference on Computer Design (ICCD). 75–82. DOI:

[104]

Mohammad Nasim, Imtiaz Khan, and Swaroop Ghosh. 2018. Fault injection attacks on emerging non-volatile memory and countermeasures. In 7th International Workshop on Hardware and Architectural Support for Security and Privacy (HASP’18). Association for Computing Machinery, New York, NY. DOI:

Digital Library

[105]

S. Karen Khatamifard, Longfei Wang, Selcuk Köse, and Ulya R. Karpuzcu. 2018. A new class of covert channels exploiting power management vulnerabilities. IEEE Comput. Archit. Lett. 17, 2 (2018), 201–204.

Digital Library

[106]

Khronos. 2016. WebGL timer. (2016). Retrieved from https://www.khronos.org/registry/webgl/extensions/EXT_disjoint_timer_query/.

[107]

Joonyoung Kim and Younsu Kim. 2014. HBM: Memory solution for bandwidth-hungry processors. In IEEE Hot Chips 26 Symposium (HCS). IEEE, 1–24.

[108]

Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. In ACM/IEEE 41st International Symposium on Computer Architecture (ISCA). 361–372.

[109]

Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre attacks: Exploiting speculative execution. In 40th IEEE Symposium on Security and Privacy (S&P’19).

[110]

David Kohlbrenner and Hovav Shacham. 2016. Trusted browsers for uncertain times. In 25th USENIX Security Symposium (USENIX Security’16). USENIX Association, 463–480. Retrieved from https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/kohlbrenner.

[111]

Esmaeil Mohammadian Koruyeh, Khaled N. Khasawneh, Chengyu Song, and Nael Abu-Ghazaleh. 2018. Spectre returns! Speculation attacks using the return stack buffer. In 12th USENIX Workshop on Offensive Technologies (WOOT’18).

[112]

Jonas Krautter, Dennis R. E. Gnad, and M. Tahoori. 2018. FPGAhammer: Remote voltage fault attacks on shared FPGAs, suitable for DFA on AES. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018 (2018), 44–68.

[113]

Snehasish Kumar, Arrvindh Shriraman, and Naveen Vedula. 2015. Fusion: Design tradeoffs in coherent cache hierarchies for accelerators. In ACM/IEEE 42nd Annual International Symposium on Computer Architecture (ISCA). 733–745. DOI:

Digital Library

[114]

Michael Kurth, Ben Gras, Dennis Andriesse, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2020. NetCAT: Practical cache attacks from the network. In IEEE Symposium on Security and Privacy (SP). 20–38. DOI:

[115]

Emre Kültürsay, Mahmut Kandemir, Anand Sivasubramaniam, and Onur Mutlu. 2013. Evaluating STT-RAM as an energy-efficient main memory alternative. In IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS). 256–267. DOI:

[116]

J.-B. Lee. 2014. Green Memory Solution. In Samsung Electronics, Investor’s Forum. Retrieved from http://aod.teletogether.com/sec/20140519/SAMSUNG_Investors_Forum_2014_session_1.pdf

[117]

Zhen Lin, Utkarsh Mathur, and Huiyang Zhou. 2019. Scatter-and-gather revisited: High-performance side-channel-resistant AES on GPUs. In 12th Workshop on General Purpose Processing Using GPUs (GPGPU’19). Association for Computing Machinery, New York, NY, 2–11. DOI:

Digital Library

[118]

Moritz Lipp, Andreas Kogler, David Oswald, Michael Schwarz, Catherine Easdon, Claudio Canella, and Daniel Gruss. 2021. PLATYPUS: Software-based power side-channel attacks on x86. In IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 355–371. DOI:

[119]

Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading kernel memory from user space. In 27th USENIX Security Symposium (USENIX Security’18).

[120]

Moritz Lipp, Michael Schwarz, Lukas Raab, Lukas Lamster, Misiker Tadesse Aga, Clémentine Maurice, and Daniel Gruss. 2020. Nethammer: Inducing Rowhammer faults through network requests. In IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). 710–719. DOI:

[121]

Fangfei Liu, Qian Ge, Yuval Yarom, Frank McKeen, Carlos Rozas, Gernot Heiser, and Ruby B. Lee. 2016. Catalyst: Defeating last-level cache side channel attacks in cloud computing. In IEEE International Symposium on High Performance Computer Architecture (HPCA’16). 406–418. DOI:

[122]

Fangfei Liu and Ruby B. Lee. 2014. Random fill cache architecture. In International Symposium on Microarchitecture (MICRO).

[123]

Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-level cache side-channel attacks are practical. In IEEE Symposium on Security and Privacy (SP’15). DOI:

Digital Library

[124]

Sihang Liu, Yizhou Wei, Jianfeng Chi, Faysal H. Shezan, and Yuan Tian. 2019. Side channel attacks in computation offloading systems with GPU virtualization. In IEEE Security and Privacy Workshops (SPW). 156–161.

[125]

Xiao Liu, David Roberts, Rachata Ausavarungnirun, Onur Mutlu, and Jishen Zhao. 2019. Binary star: Coordinated reliability in heterogeneous memory systems for high performance and scalability. In 52nd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO’19). Association for Computing Machinery, New York, NY, 807–820. DOI:

Digital Library

[126]

Yannan Liu, Lingxiao Wei, Bo Luo, and Qiang Xu. 2017. Fault injection attack on deep neural network. In IEEE/ACM International Conference on Computer-Aided Design (ICCAD). IEEE, 131–138.

Digital Library

[127]

Heiko Lohrke, Shahin Tajik, Thilo Krachenfels, Christian Boit, and Jean-Pierre Seifert. 2018. Key extraction using thermal laser stimulation: A case study on Xilinx ultrascale FPGAs. IACR Trans. Cryptog. Hardw. Embed. Syst. (82018), 573–595. DOI:

[128]

Chao Luo, Yunsi Fei, and David Kaeli. 2019. Side-channel timing attack of RSA on a GPU. ACM Trans. Archit. Code Optim. 16, 3 (Aug.2019). DOI:

Digital Library

[129]

Chao Luo, Yunsi Fei, Pei Luo, Saoni Mukherjee, and David Kaeli. 2015. Side-channel power analysis of a GPU AES implementation. In 33rd IEEE International Conference on Computer Design (ICCD’15). DOI:

Digital Library

[130]

Dina G. Mahmoud, Samah Hussein, Vincent Lenders, and Mirjana Stojilovic. 2022. FPGA-to-CPU undervolting attacks. In Design, Automation & Test in Europe Conference & Exhibition (DATE). 999–1004. DOI:

[131]

Giorgi Maisuradze and Christian Rossow. 2018. Ret2spec: Speculative execution using return stack buffers. InACM Conference on Computer and Communications Security. Association for Computing Machinery, New York, NY, 2109–2122. DOI:

Digital Library

[132]

Robert Martin, John Demme, and Simha Sethumadhavan. 2012. TimeWarp: Rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks. In 39th Annual International Symposium on Computer Architecture (ISCA’12). 118–129. DOI:

[133]

Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In 2nd International Workshop on Hardware and Architectural Support for Security and Privacy (HASP’13). Association for Computing Machinery, New York, NY. DOI:

Digital Library

[134]

Wen Mei Hwu. 2011. GPU Computing Gems (1st. ed.). Elsevier.

[135]

Micron. 2016. DDR4 SDRAM Datasheet. Retrieved from https://www.micron.com/-/media/client/global/documents/products/data-sheet/dram/ddr4/16gb_ddr4_sdram.pdf.

[136]

Microsoft Azure. 2019. GPU-Accelerated Microsoft Azure. Retrieved from http://www.nvidia.com/object/gpu-accelerated-microsoft-azure.html.

[137]

Amir Moradi, Alessandro Barenghi, Timo Kasper, and Christof Paar. 2011. On the vulnerability of FPGA bitstream encryption against power analysis attacks: Extracting keys from Xilinx Virtex-II FPGAs. In 18th ACM Conference on Computer and Communications Security (CCS’11). Association for Computing Machinery, New York, NY, 111–124. DOI:

Digital Library

[138]

Mozilla. 2020. WebGL timer extension. Retrieved from https://developer.mozilla.org/en-US/docs/Web/API/EXT_disjoint_timer_query.

[139]

Kit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, and Frank Piessens. 2020. Plundervolt: Software-based fault injection attacks against Intel SGX. In 41st IEEE Symposium on Security and Privacy (S&P’20).

[140]

Onur Mutlu, Saugata Ghose, Juan Gómez-Luna, and Rachata Ausavarungnirun. 2020. A Modern Primer on Processing in Memory. arxiv:cs.AR/2012.03112.

[141]

Hoda Naghibijouybari, Khaled Khasawneh, and Nael Abu-Ghazaleh. 2017. Constructing and characterizing covert channels on GPGPUs. In International Symposium on Microarchitecture (MICRO).

[142]

Hoda Naghibijouybari, Ajaya Neupane, Zhiyun Qian, and Nael Abu-Ghazaleh. 2018. Rendered insecure: GPU side channel attacks are practical. In Conference on Computer and Communications Security (CCS). 2139–2153.

Digital Library

[143]

Ajay Nayak, Pratheek B., Vinod Ganapathy, and Arkaprava Basu. 2021. (Mis)Managed: A novel TLB-based covert channel on GPUs. In ACM Asia Conference on Computer and Communications Security (ASIA CCS’21). Association for Computing Machinery, New York, NY, 872–885. DOI:

Digital Library

[144]

Hamid Nejatollahi, Nikil D. Dutt, Indranil Banerjee, and Rosario Cammarota. 2018. Domain-specific accelerators for ideal lattice-based public key protocols. IACR Cryptol. ePrint Arch. 2018 (2018), 608.

[145]

NVIDIA. 2020. NVLink and NVSwitch. Retrieved from https://www.nvidia.com/en-us/data-center/nvlink/.

[146]

Nvidia. 2022. Nvidia Multi-Instance GPU. Retrieved from https://www.nvidia.com/en-us/technologies/multi-instance-gpu/.

[147]

Lena E. Olson, Jason Power, Mark D. Hill, and David A. Wood. 2015. Border control: Sandboxing accelerators. In 48th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO’15). 470–481. DOI:

Digital Library

[148]

Lena E. Olson, Simha Sethumadhavan, and Mark D. Hill. 2015. Security implication of third-party accelerator. IEEE Comput. Archit. Lett. 15, 1 (2015), 50–53. DOI:

Digital Library

[149]

Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan, and Angelos D. Keromytis. 2015. The spy in the sandbox: Practical cache attacks in JavaScript and their implications. In 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS’15). Association for Computing Machinery, New York, NY, 1406–1418. DOI:

Digital Library

[150]

Meltem Ozsoy, Caleb Donovick, Iakov Gorelik, Nael Abu-Ghazaleh, and Dmitry Ponomarev. 2015. Malware-aware processors: A framework for efficient online malware detection. In International Symposium on High Performance Computer Architecture (HPCA).

[151]

Riccardo Paccagnella, Licheng Luo, and Christopher W. Fletcher. 2021. Lord of the ring(s): Side channel attacks on the CPU on-chip ring interconnect are practical. In 30th USENIX Security Symposium (USENIX Security’21). USENIX Association. Retrieved from https://www.usenix.org/conference/usenixsecurity21/presentation/paccagnella.

[152]

Dan Page. 2005. Partitioned cache architecture as a side-channel defense mechanism. In Crypt. ePrint Arch. Retrieved from https://eprint.iacr.org/2005/280.

[153]

Neil Parris. 2021. Exploring how Cache Coherency Accelerates Heterogeneous Compute. Retrieved from https://www.computer.org/publications/tech-news/heterogeneous-system-architecture/exploring-how-cache-coherency-accelerates-heterogeneous-compute.

[154]

J. Thomas Pawlowski. 2011. Hybrid memory cube (HMC). In IEEE Hot Chips Symposium (HCS). IEEE, 1–24.

[155]

Colin Percival. 2005. Cache missing for fun and profit. In BSDCan.

[156]

Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, and Stefan Mangard. 2016. DRAMA: Exploiting DRAM addressing for Cross-CPU attacks. In 25th USENIX Security Symposium (USENIX Security’16). USENIX Association, 565–581. Retrieved from https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/pessl.

[157]

Benoit Baudry, Gildas Avoine, Pierre Laperdrix, and Nataliia Bielova. 2019. Browser fingerprinting: A survey. In arXiv. arXiv:1905.01051.

[158]

Antoon Purnal, Lukas Giner, Daniel Gruss, and Ingrid Verbauwhede. 2021. Systematic analysis of randomization-based protected cache architectures. In IEEE Symposium on Security and Privacy (SP). 987–1002. DOI:

[159]

Wajahat Qadeer, Rehan Hameed, Ofer Shacham, Preethi Venkatesan, Christos Kozyrakis, and Mark Horowitz. 2015. Convolution engine: Balancing efficiency and flexibility in specialized computing. Commun. ACM 58, 4 (Mar.2015), 85–93. DOI:

Digital Library

[160]

Pengfei Qiu, Dongsheng Wang, Yongqiang Lyu, and Gang Qu. 2019. VoltJockey: Breaking SGX by software-controlled voltage-induced hardware faults. In Asian Hardware Oriented Security and Trust Symposium (AsianHOST). 1–6. DOI:

[161]

Moinuddin K. Qureshi. 2018. CEASER: Mitigating conflict-based cache attacks via encrypted-address and remapping. In 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). 775–787. DOI:

Digital Library

[162]

Moinuddin K. Qureshi and Yale N. Patt. 2006. Utility-based partitioning: A low-overhead, high-performance, runtime mechanism to partition shared caches. In International Symposium on Microarchitecture (MICRO).

[163]

Hany Ragab, Alyssa Milburn, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2021. CrossTalk: Speculative data leaks across cores are real. In IEEE Symposium on Security and Privacy (SP). 1852–1867. DOI:

[164]

Shafiur Rahman, Nael Abu-Ghazaleh, and Rajiv Gupta. 2020. GraphPulse: An event-driven hardware accelerator for asynchronous graph processing. In 53rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, 908–921.

[165]

Adnan Siraj Rakin, Yukui Luo, Xiaolin Xu, and Deliang Fan. 2021. Deep-Dup: An adversarial weight duplication attack framework to crush deep neural network in multi-tenant FPGA. In 30th USENIX Security Symposium (USENIX Security’21). USENIX Association, 1919–1936. Retrieved from https://www.usenix.org/conference/usenixsecurity21/presentation/rakin.

[166]

Chethan Ramesh, Shivukumar B. Patil, Siva Nishok Dhanuskodi, George Provelengios, Sebastien Pillement, Daniel Holcomb, and Russell Tessier. 2018. FPGA side channel attacks without physical access. In IEEE 26th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM). 45–52. DOI:

[167]

Kaveh Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, and Herbert Bos. 2016. Flip feng shui: Hammering a needle in the software stack. In 25th USENIX Security Symposium (USENIX Security’16). 1–18.

[168]

Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In 16th ACM Conference on Computer and Communications Security (CCS’09). Association for Computing Machinery, New York, NY, 199–212. DOI:

Digital Library

[169]

Majid Sabbagh, Yunsi Fei, and David Kaeli. 2020. A novel GPU overdrive fault attack. In 57th ACM/IEEE Design Automation Conference (DAC). 1–6. DOI:

[170]

Gururaj Saileshwar and Moinuddin Qureshi. 2021. MIRAGE: Mitigating conflict-based cache attacks with a practical fully-associative design. In 30th USENIX Security Symposium (USENIX Security’21). USENIX Association, 1379–1396. Retrieved from https://www.usenix.org/conference/usenixsecurity21/presentation/saileshwar.

[171]

Mohammad Hossein Samavatian, Saikat Majumdar, Kristin Barber, and R. Teodorescu. 2021. HASI: Hardware-accelerated stochastic inference, a defense against adversarial machine learning attacks. ArXiv abs/2106.05825 (2021).

[172]

Ingo Schmädecke and Holger Blume. 2013. Hardware-accelerator design for energy-efficient acoustic feature extraction. In IEEE 2nd Global Conference on Consumer Electronics (GCCE). 135–139. DOI:

[173]

Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, and Daniel Gruss. 2019. ZombieLoad: Cross-privilege-boundary data sampling. In ACM Conference on Computer and Communications Security.

Digital Library

[174]

Michael Schwarz, Clémentine Maurice, Daniel Gruss, and Stefan Mangard. 2017. Fantastic timers and where to find them: High-resolution microarchitectural attacks in JavaScript. In Financial Cryptography and Data Security, Aggelos Kiayias (Ed.). Springer International Publishing, Cham, 247–267.

[175]

James F. Scott and Carlos A. Paz De Araujo. 1989. Ferroelectric memories. Science 246, 4936 (1989), 1400–1405.

[176]

Amazon Web Services. 2021. Amazon EC2 F1 instances. Retrieved from https://aws.amazon.com/ec2/instance-types/f1/.

[177]

Ali Shafiee, Akhila Gundu, Manjunath Shevgoor, Rajeev Balasubramonian, and Mohit Tiwari. 2015. Avoiding information leakage in the memory controller with fixed service policies. In International Symposium on Microarchitecture (MICRO).

[178]

Ali Shafiee, Anirban Nag, Naveen Muralimanohar, Rajeev Balasubramonian, John Paul Strachan, Miao Hu, R. Stanley Williams, and Vivek Srikumar. 2016. ISAAC: A convolutional neural network accelerator with in-situ analog arithmetic in crossbars. ACM SIGARCH Comput. Archit. News 44, 3 (2016), 14–26.

Digital Library

[179]

Yizhou Shan, Yutong Huang, Yilun Chen, and Yiying Zhang. 2018. LegoOS: A disseminated, distributed OS for hardware resource disaggregation. In 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI’18). USENIX Association, 69–87. Retrieved from https://www.usenix.org/conference/osdi18/presentation/shan.

[180]

Anatoly Shusterman, Ayush Agarwal, Sioli O’Connell, Daniel Genkin, Yossi Oren, and Yuval Yarom. 2021. Prime+Probe 1, JavaScript 0: Overcoming browser-based side-channel defenses. In 30th USENIX Security Symposium (USENIX Security’21). USENIX Association, 2863–2880. Retrieved from https://www.usenix.org/conference/usenixsecurity21/presentation/shusterman.

[181]

Anatoly Shusterman, Lachlan Kang, Yarden Haskal, Yosef Meltser, Prateek Mittal, Yossi Oren, and Yuval Yarom. 2019. Robust website fingerprinting through the cache occupancy channel. In 28th USENIX Security Symposium (USENIX Security’19). USENIX Association, 639–656. Retrieved from https://www.usenix.org/conference/usenixsecurity19/presentation/shusterman.

[182]

Manish Reddy, Sparsh Mittal, S. B. Abhinaya, and Irfan Ali. 2018. A survey of techniques for improving security of GPUs. J. Hardw. Syst. Secur. 2 (2018), 266–285.

[183]

Paul Stone. 2013. Pixel Perfect Timing Attacks with HTML5. Retrieved from https://www.contextis.com/media/downloads/Pixel_Perfect_Timing_Attacks_with_HTML5_Whitepaper.pdf.

[184]

Jakub Szefer. 2019. Survey of Microarchitectural Side and Covert Channels, Attacks, and Defenses. J. Hardw Syst Secur. 3 (2019), 219–234.

[185]

Mingtian Tan, Junpeng Wan, Zhe Zhou, and Zhou Li. 2021. Invisible probe: Timing attacks with PCIe congestion side-channel. In IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 1016–1032. DOI:

[186]

Adrian Tang, Simha Sethumadhavan, and Salvatore Stolfo. 2017. CLKSCREW: Exposing the perils of security-oblivious energy management. In 26th USENIX Security Symposium (USENIX Security’17). USENIX Association, 1057–1074. Retrieved from https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/tang.

[187]

Mohammadkazem Taram, Ashish Venkat, and Dean Tullsen. 2020. Packet chasing: Spying on network packets over a cache side-channel. In ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA). 721–734. DOI:

Digital Library

[188]

Andrei Tatar, Radhesh Krishnan Konoth, Elias Athanasopoulos, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2018. Throwhammer: Rowhammer attacks over the network and defenses. In Annual Technical Conference (USENIX’18). USENIX Association, 213–226. Retrieved from https://www.usenix.org/conference/atc18/presentation/tatar.

[189]

Mohammad Tehranipoor and Farinaz Koushanfar. 2010. A survey of hardware trojan taxonomy and detection. IEEE Des. Test Comput. 27, 1 (2010), 10–25. DOI:

Digital Library

[190]

Adam Thompson and C. J. Newburn. 2021. GPUDirect Storage: A Direct Path Between Storage and GPU Memory. Retrieved from https://developer.nvidia.com/blog/gpudirect-storage/.

[191]

Shanquan Tian, Ilias Giechaskiel, Wenjie Xiong, and Jakub Szefer. 2021. Cloud FPGA cartography using PCIe contention. In IEEE 29th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM). 224–232. DOI:

[192]

Shanquan Tian and Jakub Szefer. 2019. Temporal thermal covert channels in cloud FPGAs. In ACM/SIGDA International Symposium on Field-Programmable Gate Arrays (FPGA’19). Association for Computing Machinery, New York, NY, 298–303. DOI:

Digital Library

[193]

Antonin Durey Vitaly Dyadyuk Pierre Laperdrix Clémentine Maurice Yossi Oren Romain Rouvoy Walter Rudametkin Tomer Laor, Naif Mehanna and Yuval Yarom. 2022. DRAWNAPART: A device identification technique based on remote GPU fingerprinting. In Network and Distributed Systems Security Symposium. DOI:

[194]

Stephen M. Trimberger and Jason J. Moore. 2014. FPGA security: Motivations, features, and applications. Proc. IEEE 102, 8 (2014), 1248–1265.

[195]

Caroline Trippel, Daniel Lustig, and Margaret Martonosi. 2018. MeltdownPrime and SpectrePrime: Automatically-synthesized attacks exploiting invalidation-based coherence protocols. CoRR abs/1802.03802 (2018).

[196]

Shin-Yeh Tsai, Mathias Payer, and Yiying Zhang. 2019. Pythia: Remote oracles for the masses. In 28th USENIX Security Symposium (USENIX Security’19). USENIX Association, 693–710. Retrieved from https://www.usenix.org/conference/usenixsecurity19/presentation/tsai.

[197]

Yatish Turakhia, Gill Bejerano, and William J. Dally. 2018. Darwin: A Genomics Co-Processor Provides up to 15,000X Acceleration on Long Read Assembly. Association for Computing Machinery, New York, NY, 199–213. DOI:

Digital Library

[198]

Furkan Turan and Ingrid Verbauwhede. 2020. Trust in FPGA-accelerated cloud computing. ACM Comput. Surv. 53, 6 (Dec.2020). DOI:

Digital Library

[199]

Dmitrii Ustiugov, Plamen Petrov, M. R. Siavash Katebzadeh, and Boris Grot. 2020. Bankrupt covert channel: Turning network predictability into vulnerability. In 14th USENIX Workshop on Offensive Technologies. USENIX Association. Retrieved from https://www.usenix.org/conference/woot20/presentation/ustiugov.

[200]

Anuj Vaishnav, Khoa Dang Pham, and Dirk Koch. 2018. A survey on FPGA virtualization. In 28th International Conference on Field Programmable Logic and Applications (FPL). 131–1317. DOI:

[201]

Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In 27th USENIX Security Symposium. USENIX Association.

[202]

Victor Van Der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clémentine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, and Cristiano Giuffrida. 2016. Drammer: Deterministic Rowhammer attacks on mobile platforms. In ACM SIGSAC Conference on Computer and Communications Security. 1675–1689.

[203]

Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2019. RIDL: Rogue in-flight data load. In IEEE Symposium on Security and Privacy.

[204]

Shreyas Kolala Venkataramanaiah, Yufei Ma, Shihui Yin, Eriko Nurvithadhi, Aravind Dasu, Yu Cao, and Jae-Sun Seo. 2019. Automatic compiler based FPGA accelerator for CNN training. In 29th International Conference on Field Programmable Logic and Applications (FPL). IEEE, 166–172.

[205]

Stavros Volos, Kapil Vaswani, and Rodrigo Bruno. 2018. Graviton: Trusted execution environments on GPUs. In 13th USENIX Symposium on Operating Systems Design and Implementation. USENIX Association, 681–696. Retrieved from https://www.usenix.org/conference/osdi18/presentation/volos.

[206]

Junpeng Wan, Yanxiang Bi, Zhe Zhou, and Zhou Li. 2021. Volcano: Stateless cache side-channel attack by exploiting mesh interconnect. ArXiv abs/2103.04533 (2021).

[207]

Xingbin Wang, Rui Hou, Boyan Zhao, Fengkai Yuan, Jun Zhang, Dan Meng, and Xuehai Qian. 2020. DNNGuard: An elastic heterogeneous DNN accelerator architecture against adversarial attacks. In 25th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS’20). Association for Computing Machinery, New York, NY, 19–34. DOI:

Digital Library

[208]

Xin Wang and Wei Zhang. 2019. Cracking randomized coalescing techniques with an efficient profiling-based side-channel attack to GPU. In 8th International Workshop on Hardware and Architectural Support for Security and Privacy (HASP’19). Association for Computing Machinery, New York, NY. DOI:

Digital Library

[209]

Xin Wang and Wei Zhang. 2020. An efficient profiling-based side-channel attack on graphics processing units. In National Cyber Summit (NCS) Research Track, Kim-Kwang Raymond Choo, Thomas H. Morris, and Gilbert L. Peterson (Eds.). Springer International Publishing, Cham, 126–139.

[210]

Yao Wang and G. Edward Suh. 2014. Timing channel protection for a shared memory controller. In International Symposium on High Performance Computer Architecture (HPCA).

[211]

Zhenghong Wang and Ruby B. Lee. 2006. Covert and side channels due to processor architecture. In Computer Security Applications Conference (ACSAC).

Digital Library

[212]

Zhenghong Wang and Ruby B. Lee. 2008. A novel cache architecture with enhanced performance and security. In International Symposium on Microarchitecture (MICRO).

[213]

Ofir Weisse, Jo Van Bulck, Marina Minkin, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Raoul Strackx, Thomas F. Wenisch, and Yuval Yarom. 2018. Foreshadow-NG: Breaking the Virtual Memory Abstraction with Transient Out-of-order Execution. Technical Report. Lirias, KU Leuven.

[214]

Zane Weissman, Thore Tiemann, D. Moghimi, Evan Custodio, T. Eisenbarth, and B. Sunar. 2020. JackHammer: Efficient Rowhammer on heterogeneous FPGA-CPU platforms. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020 (2020), 169–195.

[215]

Mario Werner, Thomas Unterluggauer, Lukas Giner, Michael Schwarz, Daniel Gruss, and Stefan Mangard. 2019. ScatterCache: Thwarting cache attacks via cache set randomization. In 28th USENIX Security Symposium (USENIX Security’19). USENIX Association, 675–692. Retrieved from https://www.usenix.org/conference/usenixsecurity19/presentation/werner.

[216]

H.-S. Philip Wong, Heng-Yuan Lee, Shimeng Yu, Yu-Sheng Chen, Yi Wu, Pang-Shiu Chen, Byoungil Lee, Frederick T. Chen, and Ming-Jinn Tsai. 2012. Metal-oxide RRAM. Proc. IEEE 100, 6 (2012), 1951–1970. DOI:

[217]

H.-S. Philip Wong, Simone Raoux, SangBum Kim, Jiale Liang, John P. Reifenberg, Bipin Rajendran, Mehdi Asheghi, and Kenneth E. Goodson. 2010. Phase change memory. Proc. IEEE 98, 12 (2010), 2201–2227.

[218]

Shujiang Wu, Song Li, Yinzhi Cao, and Ningfei Wang. 2019. Rendered private: Making GLSL execution uniform to prevent WebGL-based browser fingerprinting. In 28th USENIX Security Symposium (USENIX Security’19). USENIX Association, 1645–1660. Retrieved from https://www.usenix.org/conference/usenixsecurity19/presentation/wu.

[219]

Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, and Radu Teodorescu. 2016. One bit flips, one cloud flops: Cross-VM row hammer attacks and privilege escalation. In 25th USENIX Security Symposium (USENIX Security’16). 19–35.

[220]

Guozhu Xin, Jun Han, Tianyu Yin, Yuchao Zhou, Jianwei Yang, Xu Cheng, and Xiaoyang Zeng. 2020. VPQC: A domain-specific vector processor for post-quantum cryptography based on RISC-V architecture. IEEE Trans. Circ. Syst. I: Reg. Pap. 67, 8 (2020), 2672–2684. DOI:

[221]

Wenjie Xiong and Jakub Szefer. 2021. Survey of transient execution attacks and their mitigations. ACM Comput. Surv. 54, 3 (May2021). DOI:

Digital Library

[222]

Qiumin Xu, Hoda Naghibijouybari, Shibo Wang, Nael Abu-Ghazaleh, and Murali Annavaram. 2019. GPUGuard: Mitigating contention based side and covert channel attacks on GPUs. In ACM International Conference on Supercomputing (ICS’19). ACM, New York, NY, 497–509. DOI:

Digital Library

[223]

Mengjia Yan, Yasser Shalabi, and Josep Torrellas. 2016. ReplayConfusion: Detecting cache-based covert channel attacks using record and replay. In International Symposium on Microarchitecture (MICRO).

[224]

Mengjia Yan, Read Sprabery, Bhargava Gopireddy, Christopher W. Fletcher, R. Campbell, and J. Torrellas. 2019. Attack directories, not caches: Side channel attacks in a non-inclusive world. In IEEE Symposium on Security and Privacy (SP) (2019), 888–904.

[225]

Fan Yao, Milos Doroslovacki, and Guru Venkataramani. 2018. Are coherence protocol states vulnerable to information leakage? In International Symposium on High Performance Computer Architecture (HPCA).

[226]

Fan Yao, Adnan Siraj Rakin, and Deliang Fan. 2020. DeepHammer: Depleting the intelligence of deep neural networks through targeted chain of bit flips. In 29th USENIX Security Symposium (USENIX Security’20). USENIX Association, 1463–1480. Retrieved from https://www.usenix.org/conference/usenixsecurity20/presentation/yao.

[227]

Zhihao Yao, Zongheng Ma, Ardalan Sani, and Aparna Chandramowlishwaran. 2018. Sugar: Secure GPU acceleration in web browsers. In International Conference on Architecture Support for Operating Systems and Programming Languages (ASPLOS).

Digital Library

[228]

Zhihao Yao, Saeed Mirzamohammadi, Ardalan Amiri Sani, and Mathias Payer. 2018. Milkomeda: Safeguarding the mobile GPU interface using WebGL security checks. In ACM SIGSAC Conference on Computer and Communications Security (CCS’18). Association for Computing Machinery, New York, NY, 1455–1469. DOI:

Digital Library

[229]

Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In 23rd USENIX Security Symposium (USENIX Security’14). USENIX Association, 719–732. Retrieved from https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/yarom.

[230]

Mengmei Ye, Xianglong Feng, and Sheng Wei. 2018. HISA: Hardware isolation-based secure architecture for CPU-FPGA embedded systems. In IEEE/ACM International Conference on Computer-Aided Design (ICCAD). 1–8. DOI:

Digital Library

[231]

Miao Yu, Virgil D. Gligor, and Zongwei Zhou. 2015. Trusted display on untrusted commodity platforms. In 22nd ACM SIGSAC Conference on Computer and Communications Security (CC’15). Association for Computing Machinery, New York, NY, 989–1003. DOI:

Digital Library

[232]

Bilgiday Yuce, Patrick Schaumont, and Marc Witteman. 2018. Fault attacks on secure embedded software: Threats, design, and evaluation. J. Hardw. Syst. Secur. 2, 2 (2018), 111–130.

[233]

Boris Zbarsky. 2015. Reduce resolution of performance.now. Retrieved from https://hg.mozilla.org/integration/mozilla-inbound/rev/48ae8b5e62ab.

[234]

Shaza Zeitouni, Ghada Dessouky, and Ahmad-Reza Sadeghi. 2020. SoK: On the security challenges and risks of multi-tenant FPGAs in the cloud. CoRR abs/2009.13914 (2020).

[235]

Mark Zhao and G. Edward Suh. 2018. FPGA-based remote power side-channel attacks. In IEEE Symposium on Security and Privacy (SP). 229–244.

[236]

Yuankun Zhu, Yueqiang Cheng, Husheng Zhou, and Yantao Lu. 2021. Hermes attack: Steal DNN models with lossless inference accuracy. In 30th USENIX Security Symposium (USENIX Security’21). USENIX Association, 1973–1988. Retrieved from https://www.usenix.org/conference/usenixsecurity21/presentation/zhu.

[237]

Pengfei Zou, Ang Li, Kevin Barker, and Rong Ge. 2019. Fingerprinting anomalous computation with RNN for GPU-accelerated HPC machines. In IEEE International Symposium on Workload Characterization (IISWC). 253–256.

Cited By

Mack JKrishnakumar AOgras UAkoglu A(2024)Tutorial: A Novel Runtime Environment for Accelerator-Rich Heterogeneous ArchitecturesACM Transactions on Embedded Computing Systems10.1145/368746324:1(1-24)Online publication date: 8-Aug-2024
https://dl.acm.org/doi/10.1145/3687463
Hirner FStreibl MKrieger FMert ARoy SLuo BLiao XXu JKirda ELie D(2024)Whipping the Multivariate-based MAYO Signature Scheme using Hardware PlatformsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690258(3421-3435)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690258
Madabhushi BMummidi CKundu SHolcomb D(2024)Resurrection Attack: Defeating Xilinx MPU's Memory Protection2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545396(394-403)Online publication date: 6-May-2024
https://doi.org/10.1109/HOST55342.2024.10545396
Show More Cited By

Index Terms

Microarchitectural Attacks in Heterogeneous Systems: A Survey
1. Computer systems organization
  1. Architectures
    1. Other architectures
      1. Heterogeneous (hybrid) systems
2. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures

Recommendations

A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks, and Defenses in Cryptography
Invited Tutorial

Side-channel attacks have become a severe threat to the confidentiality of computer applications and systems. One popular type of such attacks is the microarchitectural attack, where the adversary exploits the hardware features to break the protection ...
Are Timing-Based Side-Channel Attacks Feasible in Shared, Modern Computing Hardware?

This article describes how there exist various vulnerabilities in computing hardware that adversaries can exploit to mount attacks against the users of such hardware. Microarchitectural attacks, the result of these vulnerabilities, take advantage of ...
Hardware-based cyber threats: attack vectors and defence techniques

There are certain vulnerabilities associated with computing hardware that attackers can exploit to launch destructive attacks which often go undetected by the existing hardware and software countermeasures. Side channel attacks (SCAs) and Rowhammer ...

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 55, Issue 7

July 2023

813 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3567472

Editor:
Albert Zomaya
University of Sydney, Australia

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 December 2022

Online AM: 15 June 2022

Accepted: 29 May 2022

Revised: 21 March 2022

Received: 26 July 2021

Published in CSUR Volume 55, Issue 7

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Survey
Refereed

Funding Sources

National Science Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
2,072
Total Downloads

Downloads (Last 12 months)617
Downloads (Last 6 weeks)38

Reflects downloads up to 06 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mack JKrishnakumar AOgras UAkoglu A(2024)Tutorial: A Novel Runtime Environment for Accelerator-Rich Heterogeneous ArchitecturesACM Transactions on Embedded Computing Systems10.1145/368746324:1(1-24)Online publication date: 8-Aug-2024
https://dl.acm.org/doi/10.1145/3687463
Hirner FStreibl MKrieger FMert ARoy SLuo BLiao XXu JKirda ELie D(2024)Whipping the Multivariate-based MAYO Signature Scheme using Hardware PlatformsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690258(3421-3435)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690258
Madabhushi BMummidi CKundu SHolcomb D(2024)Resurrection Attack: Defeating Xilinx MPU's Memory Protection2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545396(394-403)Online publication date: 6-May-2024
https://doi.org/10.1109/HOST55342.2024.10545396
Rosa LFoschini LCorradi A(2024)Empowering Cloud Computing With Network Acceleration: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2024.337753126:4(2729-2768)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1109/COMST.2024.3377531
El-Zoghby ASaid Elsayed MJurcut AAzer M(2023)NG-MVEE: A New Proposed Hybrid Technique for Enhanced Mitigation of Code Re-Use AttackIEEE Access10.1109/ACCESS.2023.326988111(48169-48191)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3269881

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Full Text

View this article in Full Text.

HTML Format

View this article in HTML Format.

Figures

Tables

Media

View full text|Download PDF

View Issue’s Table of Contents