Papers
Topics
Authors
Recent
Search
2000 character limit reached

LeftoverLocals: Listening to LLM Responses Through Leaked GPU Local Memory

Published 29 Jan 2024 in cs.CR and cs.DC | (2401.16603v1)

Abstract: This paper describes LeftoverLocals: a vulnerability that allows data recovery from GPU memory created by another process on Apple, Qualcomm, and AMD GPUs. LeftoverLocals impacts the security posture of GPU applications, with particular significance to LLMs and ML models that run on impacted GPUs. By recovering local memory, an optimized GPU memory region, we built a PoC where an attacker can listen into another user's interactive LLM session (e.g., llama.cpp) across process or container boundaries.

Authors (2)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (8)
  1. GPU Concurrency: Weak Behaviours and Programming Assumptions. In Architectural Support for Programming Languages and Operating Systems (ASPLOS). ACM. https://doi.org/10.1145/2694344.2694391
  2. Stealing Webpages Rendered on Your Browser by Exploiting GPU Vulnerabilities. In 2014 IEEE Symposium on Security and Privacy. https://doi.org/10.1109/SP.2014.9
  3. Many-core compiler fuzzing. In Programming Language Design and Implementation (PLDI ’15). ACM. https://doi.org/10.1145/2737924.2737986
  4. Confidentiality Issues on a GPU in a Virtualized Environment. In Financial Cryptography and Data Security, Nicolas Christin and Reihaneh Safavi-Naini (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg.
  5. A Survey of Techniques for Improving Security of GPUs. CoRR abs/1804.00114 (2018). arXiv:1804.00114 http://arxiv.org/abs/1804.00114
  6. CUDA Leaks: A Detailed Hack for CUDA and a (Partial) Fix. ACM Transactions on Embedded Computing Systems 15, 1 (Jan. 2016), 1–25. https://doi.org/10.1145/2801153
  7. GPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data Compression. In 2024 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 84–84. https://doi.org/10.1109/SP54263.2024.00084
  8. Vulnerable GPU Memory Management: Towards Recovering Raw Data from GPU. CoRR abs/1605.06610 (2016). arXiv:1605.06610 http://arxiv.org/abs/1605.06610
Citations (3)
View on Semantic Scholar

Summary

No one has generated a summary of this paper yet.

Sign Up to Summarize

Paper to Video (Beta)

No one has generated a video about this paper yet.

Sign Up to Generate All Videos Subscribe on YouTube

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Generate Now

Collections

Sign up for free to add this paper to one or more collections.

Sign Up

Tweets

Sign up for free to view the 2 tweets with 13 likes about this paper.

Sign Up for Free