Abstract:Microarchitectural attacks on CPU structures have been studied in native applications, as well as in web browsers. These attacks continue to be a substantial threat to computing systems at all scales.
What problem does this paper attempt to address?
The problem that this paper attempts to solve is: in modern web browsers, use emerging GPU - acceleration APIs such as WebGPU to carry out micro - architecture side - channel attacks, thereby stealing users' sensitive information (such as website fingerprinting). Specifically, the authors have studied how to launch attacks on the GPU's computing stack through the WebGPU API to monitor and steal users' activities on the GPU's graphics stack. This includes developing high - resolution timers, low - noise cache - occupancy channels, and using the parallelism of the GPU to improve the accuracy of the attacks.
### Core Problems of the Paper
1. **New Attack Vectors**: Traditional micro - architecture side - channel attacks mainly focus on the CPU structure, while this paper proposes a new attack vector, that is, launching side - channel attacks on the GPU through the WebGPU API.
2. **High - Resolution Timers**: Existing JavaScript timers, due to browser limitations, cannot provide sufficient precision to distinguish between cache hits and misses. Therefore, the authors have developed a high - resolution timer based on GPU hardware resources, which can bypass the existing browser's protection measures against micro - architecture attacks.
3. **Cross - Stack Attacks**: The authors have shown how to use the L3 cache inside the GPU as the highest - level cache, where computing and rendering accesses interfere with each other. They launched attacks through the computing stack, monitored the activities of the graphics stack, and achieved "cross - stack" attacks.
4. **Parallel Attacks**: By using the parallelism of the GPU, the authors have improved the resolution of the cache - occupancy channels, so that they can more accurately capture users' activities.
### Formula Representation
- **Prime + Probe Attack Formula**:
\[
\text{Latency} =
\begin{cases}
\text{High Latency} & \text{if Cache Miss} \\
\text{Low Latency} & \text{if Cache Hit}
\end{cases}
\]
### Main Contributions
1. **High - Resolution Timers**: A high - resolution timer that does not rely on any JavaScript software interfaces has been implemented using GPU hardware resources, which can bypass the existing browser's protection measures against micro - architecture attacks.
2. **Low - Noise Leakage Vectors**: The L3 cache inside the GPU has been identified as the highest - level cache for developing cache attacks, and it is not affected by CPU application noise.
3. **Remote Cache - Occupancy Channels**: A remote cache - occupancy channel has been developed on Intel systems through the WebGPU API, and an end - to - end website fingerprinting attack has been demonstrated.
4. **Parallel Attacks**: Parallel attacks have been developed by using the multi - level parallelism of the GPU, improving the resolution of the cache - occupancy channels.
### Summary
This paper aims to reveal the security vulnerabilities of emerging GPU - acceleration APIs such as WebGPU in modern browsers, especially how to use these APIs to carry out micro - architecture side - channel attacks. By showing specific attack methods and effects, the authors emphasize that before these standards are widely deployed, corresponding defense measures need to be taken to ensure the security of the system.