4

We have Nvidia GPU cards that can be used by different users in an OpenStack environment. A first user creates a VM with access to a GPU card, then deletes the VM when done. Another user then creates a VM which is given access to the same card. He/She may access elements stored in memory by previous user, or some malicious code could be left. For security purposes, we want to be able to erase the graphic card memory between two users.

According to this research publication Confidentiality Issues on a GPU in a Virtualized Environment, the most general way to do so is to reboot the host machine. This is unpractical in our case.

However the paper was released in 2014, and thus, may differ from the current state.

Is there any other way to prevent information leak through GPU memory between two following VMs? Or do the current drivers and/or the newer cards perform this security operation themselves?

Also according to the publication, simply creating a program that overwrites everything is also not feasible, as the CUDA memory manager may not give access to the whole memory.

We use Nvidia cards with the Pascal architecture.

J. Chorin
  • 41
  • 3
  • Can't you use [nvidia-smi](https://developer.nvidia.com/nvidia-system-management-interface) and reset the card or erase the memory? – Lenniey Aug 08 '18 at 15:17
  • @Lenniey according to the paper, resetting using nvidia-smi does also not prevent a leak. – J. Chorin Aug 08 '18 at 15:36

0 Answers0