This work addresses the security risks posed by tampering with participation metadata—such as thread masks and role assignments—in CUDA collective operations, which can subvert authorization logic and compromise security decisions. It presents the first systematic analysis of non-control data threats in GPU collective operations, introducing the Collective Semantic Corruption (CSC) attack model. To mitigate such threats, the paper proposes the Collective Integrity Contract (CIC) mechanism, which binds participation metadata prior to execution to preserve decision authority. Built upon CUDA collective primitives—including vote, reduce, shuffle, and barrier—CIC integrates contract verification, hardened encapsulation, and synchronization sensitivity analysis. Evaluated on 102 test cases, CIC successfully resolves all trust-reference mismatches in original implementations and identifies 13 synchronization-sensitive instances.

CUDA collective operations often sit on security decision paths: votes accept batches, reductions aggregate evidence, shuffles select representatives, and barriers order checked state before use. Such decisions depend not only on computed values, but also on which lanes are represented, what evidence they contribute, which lane speaks for the group, and which checked state reaches commit. We identify this participation metadata as decision-making non-control data. We define Collective Semantic Corruption (CSC), a non-control-data attack family in which range-valid masks, predicates, source lanes, descriptors, group labels, or epochs cause a CUDA-conforming collective to authorize a decision over the wrong membership, contribution, role, or validation-to-use state. The kernel reaches the intended collective site and executes the expected primitive; the primitive represents the wrong authority set. We model CSC with a site-local participation-authority contract. A protected collective derives, recomputes, checks, or freezes membership, contribution, role, and temporal state before authorization. We evaluate CSC across NVIDIA CUDA collective primitives, trigger channels, compact workload-style kernels, reduced idiom bridges, and admission-guard harnesses. In a CUDA-defined contract-conformance suite spanning the four authority dimensions, corrupted participation metadata causes a trusted-reference mismatch in 102/102 instances, while hardened variants preserve that reference in 102/102. We report 13 synchronization-sensitive instances separately. We then introduce Collective Integrity Contracts (CIC), a wrapper discipline that binds participation metadata before collective use. For CUDA collective decisions, security depends on both the values computed and the participants represented.