Vulnerabilities in LLMs stemming from a leak in GPU local memory

​Our speaker, Tyler Sorensen, a security researcher and an Assistant Professor at UC Santa Cruz, will discuss LeftoverLocals: a recent GPU vulnerability that allows a co-resident attacker to listen to interactive LLM responses through GPU memory leaks.

​His research showed that this vulnerability impacted a wide variety of GPUs, including devices from Apple, AMD, and Qualcomm.

​To fully understand the attack, Tyler will overview the GPU computation stack, including the basic architecture and execution model.

​He will emphasize various approaches to how GPU frameworks support multi-processing, whether on your local machine or in the cloud, and discuss the associated security considerations.

​The talk will conclude with a discussion on how we might work towards providing a more secure future for GPU systems.

About the guest: Tyler Sorensen is a security researcher at Trail of Bits. He is also an Assistant Professor at UC Santa Cruz.

He works on testing and specifying GPU programming models with an emphasis on memory behaviors.

​His work has received distinguished paper awards at many of the top academic venues for programming languages and architecture, including ASPLOS and PLDI.