CUDA Leaks: A detailed hack for CUDA and a (partial) fix

Graphics Processing Units (GPUs) are increasingly common on most present desktops, servers and even mobile platforms. A growing number of applications leverage the high parallelism offered by GPU architectures to speed-up general purpose computation. This phenomenon is called GPGPU computing (General Purpose GPU computing). In this paper we report on new security issues related to CUDA, the most widespread platform for GPGPU computing. In particular, details and proof-of-concept are provided about a novel set of vulnerabilities CUDA architectures are subject to. We show how such vulnerabilities can be exploited to cause severe information leakage. In particular, following (detailed) intuitions rooted on sound engineering security, experiments have been performed targeting the last two generations of CUDA devices: Fermi and Kepler. We discovered that these two families suffer from information leakage vulnerabilities; some of them are shared between the two architectures, while others are idiosyncratic of the Kepler architecture. As a case study, we experimentally show how to exploit one of these vulnerabilities on a GPU implementation of the AES encryption algorithm. Finally, we also suggest software patches and alternative approaches to tackle the presented vulnerabilities.