GPU research log

Initial research objective

In order to enhance security of GPU, I first had to examine various types of attack made on GPU.

However, this process was quite challenging as there were numerous attacks that can be used on different scenario.

For example, side channel attack utilized meta data of the system such as time took for program to get executed and energy consumption to reverse engineer memory architecture and encryption key.

On the other hand, attack such as row hammering opt for more direct approach. By incessantly accessing row of data in the memory, it changed data stored inside of memory and manipulated the system.

As such, it was impossible to come up with design that can be used as overarching umbrella that protect system from all type of attack.

Thus, I decided to focus on attack via browser that aims to insert malignant data into the system.

 

Initial Security Design candidate : Sugar: Secure GPU Acceleration in Web Browsers – UCI

Among various articles I read about GPU security, one paper seemed very compelling to me.

The author of “SUGAR” article argued most browser and web page has enormous trusted computing base in user’s GPU.

Consequently, it is very easy for malignant attacker to create faulty web page, insert malignant data/code through browser into GPU and create window of attack.

In order to prevent this approach, the author of SUGAR proposed isolating browser from GPU by running all graphics plane sent from browser in virtualized GPU and then after data has proven secure send it to actual GPU for rendering.

Based on the article, this methodology indeed prevent various type of attack through browser and decrease in performance was quite tolerable.

However, the isolation and virtualization of the GPU is very costly and virtualized GPU is mainly used in server environment, not in individual computer.

As such, I plan to examine further into actual overhead introduced by virtualization and how it can be improved.