Modern datacenter infrastructures increasingly integrate bespoke accelerators to offload specific workloads from CPUs. Among them, Intel’s Data Streaming Accelerator (DSA), supported by Intel VT-d, is deployed in the latest Xeon processors. However, its security implications remain unexplored. In this paper, we propose DSASSASSIN, a novel side-channel attack launched from DSA. Although Intel’s scalable I/O virtualization mitigates device-based threats, we show that DSA introduces a new attack surface that bypasses such protections.

By reverse-engineering the Device TLB (DevTLB) introduced by DSA, we find that it is not isolated by different processes. We further analyze DSA’s shared work queue (SWQ) and uncover a timer-free side channel via DMWr transaction. Building on these insights, we develop two attack primitives: a DevTLB-based timing attack and an SWQ-based contention attack. These enable cross-VM covert- and side-channel attacks. First, the cross-VM covert-channel can achieve a true capability of 17.19 Kbps with a 4.64% error rate—5x faster and 4x more accurate than the latest work. Second, we present a website fingerprinting attack on the top 100 websites, and the classification accuracy can reach 85.7%. Finally, we demonstrate a cross-VM keystroke inference attack with F1 scores of 92.0% (DevTLB) and 98.4% (SWQ)—outperforming the state-of-the-art.