【打印本页】      【下载PDF全文】   View/Add Comment  Download reader   Close
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 4082次   下载 5681 本文二维码信息
码上扫一扫!
GPU虚拟化技术及其安全问题综述
吴再龙,王利明,徐震,李宏佳,杨婧
分享到: 微信 更多
(中国科学院信息工程研究所 北京 中国 100093;中国科学院大学 网络空间安全学院 北京 中国 100049)
摘要:
人工智能与各行业全面融合的浪潮方兴未艾, 促使传统云平台拥抱以图形处理器(GPU)为代表的众核体系架构。为满足不同租户对于机器学习、深度学习等高密度计算的需求, 使得传统云平台大力发展 GPU 虚拟化技术。安全作为云平台 GPU 虚拟化应用的关键环节, 目前鲜有系统性的论述。因此, 本文围绕云平台 GPU 虚拟化安全基本问题——典型 GPU 虚拟化技术给云平台引入的潜在安全威胁和 GPU 虚拟化的安全需求及安全防护技术演进趋势——展开。首先, 深入分析了典型 GPU 虚拟化方法及其安全机制, 并介绍了针对现有 GPU 虚拟化方法的侧信道、隐秘信道与内存溢出等攻击方法; 其次, 深入剖析了云平台GPU 虚拟化所带来的潜在安全威胁, 并总结了相应的安全需求; 最后, 提出了 GPU 上计算与内存资源协同隔离以确保多租户任务间的性能隔离、 GPU 任务行为特征感知以发现恶意程序、 GPU 任务安全调度、多层联合攻击阻断、 GPU 伴生信息脱敏等五大安全技术研究方向。本文希望为云平台 GPU 虚拟化安全技术发展与应用提供有益的参考。
关键词:  GPU 虚拟化安全  GPU 安全  GPU 虚拟化  云计算安全  安全需求
DOI:10.19363/J.cnki.cn10-1380/tn.2022.03.03
Received:September 19, 2019Revised:November 21, 2019
基金项目:本课题得到国家重点研发计划(No.2017YFB101000)资助。
GPU Virtualization Technology and Security Issues: A Survey
Wu Zailong,Wang Liming,Xu Zhen,Li hongjia,Yang Jing
Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
Abstract:
The wave of the integration of artificial intelligence and various industries is emerging, prompting the traditional public cloud provider to embrace the Heterogeneous Computing System, especially Graphics Processing Unit (GPU), a many-core computing architecture who can provides several times floating point computing power of the Central Processing Unit(CPU). Meanwhile, to meet the demands of multi-tenant scenario for high-density computing, such as machine learning and deep learning, GPU virtualization technology can make multi-tenant sharing GPU possible, which has attracted great attention from academia and industries. However, there is still lack of a systematic exposition on the security of GPU virtualization that is the key to pratical applications. Thus motivated, we raise two fundemetnal questions of GPU virtualization security in public cloud: the potential security threats brought by typical GPU virtualization technology, as well as the security requirements of GPU virtualization and the evolution trends of security protection technology. To answer these two questions, we first illustrate the typical GPU architecture, the virtualization methods of GPU and their security mechanisms, and introduce the attack methods of side channel, covert channel and memory spill for existing GPU virtualization methods. Then, we digest the potential security threats to public cloud brought by GPU virtualization, and summarize the corresponding security requirements for GPU virtualization. Finally, we propose five research directions of the security of GPU virtualization, namely, collaborative isolation of computing and memory resources which can make sure the performance isolation between GPU tasks of mutliple tenants, GPU task behavior perception which can inspect the running malware on the GPU, secure scheduling of GPU tasks to ensure program and resource correspondence, multi-layer joint attack blocking, and GPU associated information desensitization. We hope this survey can provide some helpful references for the progress and application of the security technology of GPU virtualization in public cloud.
Key words:  GPU virtualization security  GPU virtualization  GPU security  cloud computing security  security requirements