Security isolation in GPU multitasking

Establish mechanisms that fully eliminate security vulnerabilities, particularly side-channel attacks, in GPU multitasking systems that enforce separate virtual address spaces per task via GPU virtual memory, so that legitimate tasks are protected from malicious or buggy co-running tasks.

Background

The paper proposes a GPU resource management layer for multitasking and discusses security considerations when multiple tasks share a GPU. While their virtual memory design enforces separate virtual address spaces to provide basic memory safety, they acknowledge that broader security threats remain.

Specifically, the authors highlight that preventing attacks such as side-channel leakage in co-located GPU workloads is unresolved, indicating the need for stronger isolation and defense mechanisms beyond virtual address space separation.

References

However, it remains as an open problem to fully eliminate other security vulnerabilities, such as side-channel attacks.

Towards Efficient and Practical GPU Multitasking in the Era of LLM  (2508.08448 - Xing et al., 11 Aug 2025) in Section 4: Open Problems — Security isolation