SideLink: Exposing NVLink to Covert and Side-Channel Attacks Official Work-in-Progress Paper
Abstract: For the past decades, covert and side channels have posed significant threats to user privacy in computing systems, targeting almost every component. In this paper, we present SideLink, a novel attack that exploits the NVLink bus for covert communication and information leakage. NVLink is a recent bus in the NVIDIA GPU systems known for its high bandwidth, which became a necessity for AI applications in data centers. Despite the extremely high bandwidth, we investigated its contention characteristics and built the first contention-based covert channel, and observed the presence of a side channel on the NVLink interconnect bus for the first time. We evaluated SideLink against NVIDIA DGX A100, a widely used system in data centers and cloud environments nowadays. The covert channel reached a bandwidth of 8.8 Kbps with a negligible error rate. Moreover, we demonstrated the side channel through an application fingerprinting attack using a deep learning FCN model, achieving an accuracy of 93.1%, which involved collecting the first dataset consisting of latency traces of the NVLink bus from applications running on dual-GPU systems.
Loading