IOTLB-SC: An Accelerator-Independent Leakage Source in Modern Cloud Systems

Recent research in micro-architectural attacks has uncovered a variety of vulnerabilities on shared compute devices like CPUs and GPUs which pose a substantial thread to cloud service providers and customers alike. Cloud service providers have therefore moved towards flexible systems that prioritize re-arrangeable hardware components that are not shared between users to minimize attack surfaces while retaining scalability. In this work, we show that for the sake of system security it is necessary to consider not only the security of the processors and peripherals of a system but also the security of the subsystems that connect them. In particular, we investigate the side-channel leakage potential of the I/O translation look-aside buffer (IOTLB) used in I/O memory management units (IOMMUs) to cache address translations. To exploit the IOTLB, we design a hardware module deployed to an FPGA to help us perform precise timing measurements. For the first time, we prove that the IOTLB is the source of a timing-based side-channel leakage and use it to create two covert channels from CPU to peripheral and between peripherals. While the first channel easily achieves an error rate of only 30%, the latter proved to be very reliable as nearly no errors occur. We present a close look at web fingerprints collected through this side-channel, and we examine the I/O operation of a GPU-accelerated SQL database. We then discuss several methods to remedy the observed side-channel leakages, including application design techniques, peripheral layout within existing systems, and micro-architectural features that could harden future IOMMUs.