Beyond the Bridge: Contention-Based Covert and Side Channel Attacks on Multi-GPU Interconnect
Yicheng Zhang, Ravan Nazaraliyev, Sankha Baran Dutta, Nael Abu-Ghazaleh, Andres Marquez, Kevin Barker
TL;DR
The study reveals that NVLink interconnects between GPUs are vulnerable to congestion-based timing leaks, enabling covert communication and application fingerprinting without special privileges. It experimentally demonstrates a cross-GPU covert channel achieving $45.5$ kbps with a $3.22$% error and a side-channel capable of distinguishing OpenMM benchmarks based on NVLink latency patterns. These results establish a tangible security risk for multi-GPU HPC workloads and motivate mitigations to harden NVLink interconnects. Overall, the work highlights the need for architecture- and system-level protections against timing-based leakage in high-speed GPU interconnects.
Abstract
High-speed interconnects, such as NVLink, are integral to modern multi-GPU systems, acting as a vital link between CPUs and GPUs. This study highlights the vulnerability of multi-GPU systems to covert and side channel attacks due to congestion on interconnects. An adversary can infer private information about a victim's activities by monitoring NVLink congestion without needing special permissions. Leveraging this insight, we develop a covert channel attack across two GPUs with a bandwidth of 45.5 kbps and a low error rate, and introduce a side channel attack enabling attackers to fingerprint applications through the shared NVLink interconnect.