TIMESLICE-SANDWICH: A GPU Side-Channel Attack Exploiting Time-Sliced Scheduling

Modern GPUs support resource sharing among concurrent applications, introducing the risk of side-channel attacks. While prior research has explored GPU side channels that exploit shared GPU resources, the security implications of time-sliced scheduling, a standard feature for resource sharing in today's GPUs, remain largely unexplored concerning side-channel attacks. In this study, we analyze timing variations caused by concurrent execution under the GPU's time-sliced scheduling mechanism. We begin by identifying the upper bound of a time slice and then leverage this bound to estimate the duration of a concurrent program's time slice, ultimately enabling us to infer the program's overall GPU utilization patterns. Building on this finding, we introduce TIMESLICE-SANDWICH, a novel GPU side-channel attack that leverages variations in time-slice duration to infer and distinguish victim execution patterns. Unlike prior GPU side-channel attacks, TIMESLICE-SANDWICH does not require contention on specific shared resources. In our experiments, TIMESLICE-SANDWICH achieves an F1 score of 94.40% in neural network recovery attack; and a Top-1 accuracy of 92.84% in website fingerprinting attack on Google Chrome, both on average, demonstrating its effectiveness. Even in the presence of noise, our attack achieves an average F1 score of 73.74% for neural network recovery. Finally, we discuss potential mitigations to address side-channel risks arising from time-slice patterns in modern GPU resource-sharing architectures.