GPU computational integrity is threatened by both memory-safety vulnerabilities (e.g., buffer overflows) and microarchitectural attacks (e.g., Rowhammer). Existing side-channel verification approaches—relying on a single monolithic golden model—suffer from poor robustness, high sensitivity to noise, and limited adaptability to diverse GPU scheduling behaviors. This paper proposes ShadowScope, a novel runtime verification framework. First, it decomposes trusted kernel execution into composable, modular golden models to enhance adaptability across heterogeneous GPU workloads. Second, it introduces ShadowScope+, a hardware-assisted mechanism that embeds lightweight checkpoints within the GPU pipeline to minimize software monitoring overhead. Third, it integrates fine-grained side-channel signal analysis with modular behavioral modeling for high-accuracy, low-interference integrity verification. Evaluation shows that ShadowScope incurs only 4.6% average runtime overhead, achieves significantly higher accuracy than prior methods, and demonstrates strong robustness against noise and dynamic workload variations.

As modern systems increasingly rely on GPUs for computationally intensive tasks such as machine learning acceleration, ensuring the integrity of GPU computation has become critically important. Recent studies have shown that GPU kernels are vulnerable to both traditional memory safety issues (e.g., buffer overflow attacks) and emerging microarchitectural threats (e.g., Rowhammer attacks), many of which manifest as anomalous execution behaviors observable through side-channel signals. However, existing golden model based validation approaches that rely on such signals are fragile, highly sensitive to interference, and do not scale well across GPU workloads with diverse scheduling behaviors. To address these challenges, we propose ShadowScope, a monitoring and validation framework that leverages a composable golden model. Instead of building a single monolithic reference, ShadowScope decomposes trusted kernel execution into modular, repeatable functions that encode key behavioral features. This composable design captures execution patterns at finer granularity, enabling robust validation that is resilient to noise, workload variation, and interference across GPU workloads. To further reduce reliance on noisy software-only monitoring, we introduce ShadowScope+, a hardware-assisted validation mechanism that integrates lightweight on-chip checks into the GPU pipeline. ShadowScope+ achieves high validation accuracy with an average runtime overhead of just 4.6%, while incurring minimal hardware and design complexity. Together, these contributions demonstrate that side-channel observability can be systematically repurposed into a practical defense for GPU kernel integrity.