Poster: LockedApart: Faster GPU Fingerprinting Through the Compute API

Authors

  • Tomer Laor Ben-Gurion University of the Negev Author
  • Yossi Oren Ben-Gurion University of the Negev Author

DOI:

https://doi.org/10.46586/uasc.2025.204

Abstract

WebGL offers website direct access to the GPU, allowing beautiful graphics. The direct hardware access offered by WebGL was also shown to expose multiple security vulnerabilities. In particular, DrawnApart showed that by performing graphical micro-benchmarks on the GPU, it is possible to fingerprint the underlying hardware. Recently, the access of websites to the GPU was extended with the introduction of the WebGPU API, a new low-level API that allows websites to perform general-purpose computations on the GPU. Our research question was: Does this additional access to the GPU expose additional avenues for fingerprinting? Our initial results show that this is true. Our new attack, which we call LockedApart, uses WebGPU to directly measure contention between GPU threads. Compared to DrawnApart, LockedApart is up to 310x faster and up to 1.8x more accurate. These preliminary results show that it is important to consider the security implications of this new API. The code for LockedApart is available at https://github.com/LockedApart/LockedApart

Downloads

Published

2025-03-01

Issue

2025: Proceeding of the 1st Microarchitecture Security Conference (uASC '25)

Section

Poster Abstracts