sugar secure gpu acceleration in web browsers
play

Sugar: Secure GPU Acceleration in Web Browsers Zhihao Yao , Zongheng - PowerPoint PPT Presentation

Jul 25, 2023 •254 likes •846 views

Sugar: Secure GPU Acceleration in Web Browsers Zhihao Yao , Zongheng Ma, Yingtong Liu, Ardalan Amiri Sani, Aparna Chandramowlishwaran Trustworthy Systems Lab, UC Irvine 1 WebGL was released in 2011 Source: https://www.google.com/map 2 WebGL

  1. Sugar: Secure GPU Acceleration in Web Browsers Zhihao Yao , Zongheng Ma, Yingtong Liu, Ardalan Amiri Sani, Aparna Chandramowlishwaran Trustworthy Systems Lab, UC Irvine 1

  2. WebGL was released in 2011 Source: https://www.google.com/map 2

  3. WebGL is popular WebGL adoption rate by top 100 websites 47.0% 53.0% 3

  4. WebGL is popular Browser support rate (48.8 million visitors) Does not support 4.0% 96.0% Source: http://webglstats.com (2017) 4

  5. https://www.apple.com/macos/sierra/ https://www.google.com/map 5 https://eyes.nasa.gov/curiosity/ http://dlmf.nist.gov

  6. WebGL recap 6

  7. First, a quick recap on OpenGL Native app GL libs user space kernel space Kernel mode GPU driver kernel space hardware GPU hardware 7

  8. First, a quick recap on OpenGL Native app Native app function call GL libs GL libs user space kernel space Kernel mode GPU driver kernel space hardware GPU hardware 8

  9. First, a quick recap on OpenGL Native app Native app GL libs GL libs user space syscall kernel space Kernel mode GPU driver kernel space hardware GPU hardware 9

  10. Use the same design for WebGL? Web app Buggy GL libs user space Malicious kernel space Compromised Kernel mode GPU driver kernel space hardware GPU hardware 10

  11. Web apps are not trusted Web app Buggy GL libs user space Malicious kernel space Compromised Kernel mode GPU driver kernel space hardware GPU hardware 11

  12. GPU driver is buggy Web app Buggy GL libs user space Malicious kernel space Compromised Kernel mode GPU driver kernel space hardware GPU hardware 12

  13. Kernel driver is compromised Web app web app Buggy GL libs GL libs user space Malicious kernel space Compromised Kernel mode GPU driver kernel space hardware GPU hardware 13

  14. Current WebGL design GPU Process Web app Web app Checks Web app GL libs Browser user space kernel space Kernel mode GPU driver kernel space hardware GPU hardware 14

  15. Current WebGL design GPU Process IPC Web app Web app Checks Web app GL libs Browser Browser user space kernel space Kernel mode GPU driver kernel space hardware GPU hardware 15

  16. Security checks in GPU Process GPU Process Web app Web app Checks Web app GL libs Browser user space kernel space Kernel mode GPU driver kernel space hardware GPU hardware 16

  17. TCB of current WebGL Design GPU Process Web app 158,000 LoC Web app Checks Web app (GPU Process) GL libs 457,000 LoC Browser (GL libraries) Kernel mode GPU driver 123,000 LoC (GPU driver) GPU hardware 17

  18. Vulnerabilities in GPU process CVE-2014-1556 GPU Process CVE-2015-7179 Web app CVE-2013-2874 Web app Checks Web app CVE-2017-5031 GL libs CVE-2014-1502 Browser Kernel mode GPU driver GPU hardware 18

  19. Kernel driver is compromised GPU Process Web app Web app Checks Web app GL libs Browser CVE-2011-2601* Chrome 153469 Chrome 483877* Kernel mode GPU driver CVE-2011-2367 CVE-2011-3653 GPU hardware *Not yet fixed 19

  20. Vulnerability examples CVE-2014-1556 execute arbitrary code CVE-2015-7179 execute arbitrary code CVE-2013-2874 read browser UI CVE-2017-5031 read GPU process memory CVE-2014-1502 use of cross-origin contents Chrome Issue 593680 browser hang Chrome Issue 83841 leak system username CVE-2011-2601* system UI freeze Chrome issue 153469 kernel panic Chrome issue 483877* system UI freeze CVE-2011-2367 read of GPU memory CVE-2011-3653 read of GPU memory CVE-2014-3173 read of GPU memory *Not yet fixed 20

  21. Our WebGL vulnerability study https://trusslab.github.io/sugar/webgl_bugs 21

  22. Current WebGL design High Known Zero day System UI performance vulnerabilities vulnerabilities freeze 22

  23. CVE-2014-3173, read of GPU graphics memory We type some private notes in terminal: 23

  24. CVE-2014-3173, read of GPU graphics memory 24

  25. Overview of Sugar Key idea: • Use GPU virtualization to give an untrusted web app a separate vGPU 25

  26. Intel GPU virtualization • We build a prototype on Intel GPU virtualization ● Intel GPU virtualization is available since the 4th generation Core processors [1] 26 [1] https://www.usenix.org/conference/atc14/technical-sessions/presentation/tian Photo credit: https://www.intel.com/pressroom/archive/releases/2008/20081117comp_sm.htm

  27. 27

  28. vGPU 2 vGPU 1 GPU GPU 28

  29. Sugar’s design Web app GPU Process GL libs GL libs vGPU driver Browser user space kernel space Kernel mode GPU driver hardware vGPU GPU hardware 29

  30. Sugar’s design Web app GPU Process function call GL libs GL libs vGPU driver Browser user space kernel space Kernel mode GPU driver hardware vGPU GPU hardware 30

  31. Sugar’s design Web app GPU Process GL libs function call GL libs vGPU driver Browser user space kernel space Kernel mode GPU driver hardware vGPU GPU hardware 31

  32. Sugar’s design Web app GPU Process GL libs GL libs vGPU driver Browser user space kernel space Kernel mode GPU driver hardware vGPU GPU hardware 32

  33. Sugar’s design Web app GPU Process GL libs virtual GL libs vGPU driver graphics Browser plane primary Kernel mode graphics GPU driver plane vGPU GPU hardware 33

  34. Why is Sugar secure? 34

  35. Web app process is untrusted Web app GPU Process GL libs GL libs vGPU driver Browser user space kernel space Kernel mode GPU driver hardware vGPU GPU hardware 35

  36. Web app process is sandboxed Web app GPU Process GL libs GL libs vGPU driver Browser user space kernel space Kernel mode GPU driver hardware vGPU GPU hardware 36

  37. vGPU is isolated Web app GPU Process GL libs GL libs vGPU driver Browser user space kernel space Kernel mode GPU driver hardware vGPU GPU hardware 37

  38. Sugar’s TCB is small Web app GPU Process GL libs GL libs vGPU driver Browser user space kernel space 34,400 LoC Kernel mode (GPU virtualization) GPU driver hardware vGPU GPU hardware 38

  39. Vulnerability examples CVE-2014-1556 execute arbitrary code CVE-2015-7179 execute arbitrary code CVE-2013-2874 read browser UI CVE-2017-5031 read GPU process memory CVE-2014-1502 use of cross-origin contents Chrome Issue 593680 browser hang Chrome Issue 83841 leak system username CVE-2011-2601* system UI freeze Chrome issue 153469 kernel panic Chrome issue 483877* system UI freeze CVE-2011-2367 read of GPU memory CVE-2011-3653 read of GPU memory CVE-2014-3173 read of GPU memory *Not yet fixed 39

  40. Limitation of this Sugar design Intel vGPU hang will cause a real GPU hang 40

  41. Dual-GPU Sugar Key idea: Use two GPUs to fully isolate the virtual graphics plane and the primary graphics plane. ● Solves system UI freeze ● Provides better performance isolation 41

  42. Dual-GPU Sugar’s design Web app GPU process GL libs GL libs vGPU driver user space Browser kernel space Kernel mode Kernel mode GPU 1 driver GPU 2 driver hardware vGPU GPU 1 hardware GPU 2 hardware 42 Photo credit: https://www.amd.com/zh-tw/products/graphics/desktop/6000/6990

  43. Many computers have two GPUs dell.com/Inspiron15 apple.com/macbook-pro store.hp.com/envy 43

  44. Intel’s 8th Generation Core Processors with Radeon RX Vega M Graphics Source: https://newsroom.intel.com/news/8th-gen-intel-core-radeon-rx-vega-m-graphics 44

  45. Sugar’s implementation 45

  46. WebGL in web app process Reuse most of GPU process code WebKit / Blink GPU Process Ported from GPU process WebGL frontend WebGL backend WebGL backend GL libs GL libs vGPU driver 46

  47. vGPU driver as a library We modify GL libs to issue function calls instead of syscalls WebKit / Blink WebGL frontend WebGL backend GL libs function call vGPU driver 47

  48. Register: trap and emulate Web app GPU Process GL libs GL libs vGPU driver Mapped Browser user space registers kernel space Kernel mode GPU driver hardware vGPU GPU hardware 48

  49. Register: trap and emulate Web app GPU Process GL libs GL libs vGPU driver Mapped Browser user space registers kernel space Kernel mode GPU virtualization GPU driver layer will emulate hardware vGPU GPU hardware 49

  50. Interrupt: deliver as signal Web app GPU Process GL libs GL libs vGPU driver Browser user space kernel space Kernel mode GPU driver Interrupt hardware vGPU GPU hardware 50

  51. Interrupt: deliver as signal Web app GPU Process GL libs GL libs vGPU driver Browser user space kernel space The virtualization layer Kernel mode delivers as a signal GPU driver Interrupt hardware vGPU GPU hardware 51

  52. Interrupt: deliver as signal Web app GPU Process GL libs GL libs vGPU driver Signal Browser user space kernel space Kernel mode GPU driver Interrupt hardware vGPU GPU hardware 52

  53. DMA overview Main GPU DMA memory 53

  54. DMA overview Page Main vGPU DMA table memory 54

  55. Evaluations 55

  56. Sugar’s performance is good under the same WebGL benchmarks that Chrome uses 56

  57. Sugar’s performance is good under the same WebGL benchmarks that Chrome uses 60 FPS 57

  58. Sugar’s CPU overhead is low Sugar is better than CPU rendering by 375% on average 58

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Understanding Hardware Acceleration on Mobile Browsers Ariya Hidayat Magical Advice Use

Understanding Hardware Acceleration on Mobile Browsers Ariya Hidayat Magical Advice Use

Understanding Hardware Acceleration on Mobile Browsers Ariya Hidayat Magical Advice Use translate3d for hardware acceleration Challenges Game vs Web Game Text Textured objects Animation Physics Transformation Large but Still Bounded

715 views • 71 slides
Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr)

Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr)

Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr) Digital Publishing Summit May 26, 2019 Automated typesetting and pagination for print Make PDF outputs of HTML contents from browsers Flux

823 views • 67 slides
The Sugar Factory Inc. A pinch of sugar The Sweet Science Of Boxing About us The Sugar Factory

The Sugar Factory Inc. A pinch of sugar The Sweet Science Of Boxing About us The Sugar Factory

The Sugar Factory Inc. A pinch of sugar The Sweet Science Of Boxing About us The Sugar Factory will provide physical fitness and conditioning in every area of sports. With the disciplines of boxing training being the primary tools to

315 views • 7 slides
Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce supported by almost all transactions browsers, web

570 views • 21 slides
Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce transactions supported by almost all browsers,

609 views • 21 slides
Future of Mackay Sugar Mac Mackay ay Sugar ar L Ltd Nordzucker Proposal Shareh eholder er

Future of Mackay Sugar Mac Mackay ay Sugar ar L Ltd Nordzucker Proposal Shareh eholder er

Future of Mackay Sugar Mac Mackay ay Sugar ar L Ltd Nordzucker Proposal Shareh eholder er Briefing ng 19 9 February 201 2019 Strictly Private and Confidential Nordzucker - Mackay Sugar Comparison Mackay Sugar Unlisted Public

649 views • 50 slides
CSR Sugar SUGAR MARKET OUTLOOK PRESENTATION January 2006 Presentation compiled with the

CSR Sugar SUGAR MARKET OUTLOOK PRESENTATION January 2006 Presentation compiled with the

CSR Sugar SUGAR MARKET OUTLOOK PRESENTATION January 2006 Presentation compiled with the assistance of Czarnikow Sugar. For further information on the global sugar industry, please refer to the Czarnikow website www.czarnikow.com. Sugar Market

580 views • 22 slides
Refined Sugar Conditioning Presentation to Thai Sugar Millers Co., Ltd. 0 November 07, 2014 By

Refined Sugar Conditioning Presentation to Thai Sugar Millers Co., Ltd. 0 November 07, 2014 By

Refined Sugar Conditioning Presentation to Thai Sugar Millers Co., Ltd. 0 November 07, 2014 By Saovapun Suputtitada Project Development Manager 1 Why is it important? If sugar is not conditioned, it can lead to caking- sometimes very

624 views • 37 slides
A GPU-Inspired Soft Processor for High- Throughput Acceleration Throughput Acceleration Jeffrey

A GPU-Inspired Soft Processor for High- Throughput Acceleration Throughput Acceleration Jeffrey

A GPU-Inspired Soft Processor for High- Throughput Acceleration Throughput Acceleration Jeffrey Kingyens and J. Gregory Steffan Electrical and Computer Engineering University of Toronto 1 FGPA-Based Acceleration In-socket acceleration

342 views • 22 slides
EU Sugar Balance AGRI G 4 Economic Board of the Sugar Market Observatory May 2020 update EU

EU Sugar Balance AGRI G 4 Economic Board of the Sugar Market Observatory May 2020 update EU

EU Sugar Balance AGRI G 4 Economic Board of the Sugar Market Observatory May 2020 update EU Sugar production by Marketing Year 2019/20 (provisional) compared to 2018/19 Area - 5.5% Production - 1.6% EU Sugar production by

112 views • 10 slides
acceleration Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada NSS acceleration

acceleration Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada NSS acceleration

IPQ806x Hardware acceleration Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada NSS acceleration model Features Designed for Home Gateways (CPE) Flow detection based All -or- nothing offload Acceleration

248 views • 8 slides
THE SUGAR FACTORY INC. The Sweet Science of Boxing Presents Two Teaspoons of Sugar About Our

THE SUGAR FACTORY INC. The Sweet Science of Boxing Presents Two Teaspoons of Sugar About Our

THE SUGAR FACTORY INC. The Sweet Science of Boxing Presents Two Teaspoons of Sugar About Our head Coach Bilal S. Ali 01.2003 - 05.2004 The Urban Youth Development Corp. East Orange, NJ 05.1997 - 11.2002 Family Outreach Coordinator/Bus

419 views • 10 slides
British Sugar and the IED CEA/CRF/RSC Seminar London 22 nd September 2011 Parent company:

British Sugar and the IED CEA/CRF/RSC Seminar London 22 nd September 2011 Parent company:

British Sugar and the IED CEA/CRF/RSC Seminar London 22 nd September 2011 Parent company: Associated British Foods plc Operating structure British Sugar British Sugar Azucarera Illovo Sugar Other UK & Ireland Ebro Overseas (51%)

255 views • 14 slides
AGENDA I. BRR in Brief II. Operating Results Q 3 /2018 III. Sugar Situations IV.

AGENDA I. BRR in Brief II. Operating Results Q 3 /2018 III. Sugar Situations IV.

AGENDA I. BRR in Brief II. Operating Results Q 3 /2018 III. Sugar Situations IV. Investment Update V. Q&A Sugar ar Made de in the Field BRR IN BRIEF Pioneer of sugar factory

750 views • 34 slides
New World Economies: Sugar and the Atlantic Slave T rade I do not know if coffee and sugar

New World Economies: Sugar and the Atlantic Slave T rade I do not know if coffee and sugar

New World Economies: Sugar and the Atlantic Slave T rade I do not know if coffee and sugar are essential to the happiness of Europe, but I know well that these two products have accounted for the unhappiness of two great regions of the

391 views • 20 slides
What Sugar Does to Your Brain: The New Science of Sugar Addiction TODAYS AGENDA:

What Sugar Does to Your Brain: The New Science of Sugar Addiction TODAYS AGENDA:

What Sugar Does to Your Brain: The New Science of Sugar Addiction TODAYS AGENDA: Introduction & Housekeeping Become an Orgain Speaker Introduction Presentation Ambassador Today! Q&A Closing Request an

680 views • 47 slides
Chess 101 The pieces (http://en.lichess.org/analysis) Chess can be artsy The smothered mate

Chess 101 The pieces (http://en.lichess.org/analysis) Chess can be artsy The smothered mate

Chess 101 The pieces (http://en.lichess.org/analysis) Chess can be artsy The smothered mate white to play and win rr4k1/6pp/2Q5/3KN3/8/q7/8/8 w - - 0 1 Reti problem White to play and draw 7K/8/k1P5/7p/8/8/8/8 w - - 0 1 Top players

793 views • 14 slides
Challenges & Opportunities Nicolas Fournel Principal Audio Programmer Sony Computer

Challenges & Opportunities Nicolas Fournel Principal Audio Programmer Sony Computer

Procedural Audio Challenges & Opportunities Nicolas Fournel Principal Audio Programmer Sony Computer Entertainment Europe Overview What is it ? What are the opportunities ? What are the challenges ? How can we deal with

488 views • 26 slides
Link Prediction 1 Motivation Recommending new friends in online

Link Prediction 1 Motivation Recommending new friends in online

14 Link Prediction 1 Motivation Recommending new friends in online social networks. Predicting the participation of actors in events Suggesting interactions

1.24k views • 101 slides
Evolution of GitHub Repositories Aseel Awdeh Kalonji Kalala School of Computer Science School

Evolution of GitHub Repositories Aseel Awdeh Kalonji Kalala School of Computer Science School

Evolution of GitHub Repositories Aseel Awdeh Kalonji Kalala School of Computer Science School of Computer Science University of Ottawa, Ottawa, Canada University of Ottawa, Ottawa, Canada araed104@uottawa.ca hkalo081@uottawa.ca COMP 5900

296 views • 28 slides
Vizir: High-order mesh and solution visualization using OpenGL 4.0 graphic pipeline Adrien

Vizir: High-order mesh and solution visualization using OpenGL 4.0 graphic pipeline Adrien

Vizir: High-order mesh and solution visualization using OpenGL 4.0 graphic pipeline Adrien Loseille 1 and R emi Feuillet 2 GAMMA3 Team, INRIA Saclay-Ile-de-France, Palaiseau, France AIAA SciTech Forum, January 2018 1 Researcher,

512 views • 28 slides
Tutorial: A brief survey on tensor rank and tensor decomposition, from a geometric perspective.

Tutorial: A brief survey on tensor rank and tensor decomposition, from a geometric perspective.

Tutorial: A brief survey on tensor rank and tensor decomposition, from a geometric perspective. Workshop Computational nonlinear Algebra (June 2-6, 2014) ICERM, Providence Giorgio Ottaviani Universit` a di Firenze Giorgio Ottaviani

791 views • 76 slides
Introduction to Lie Groups, Lie Algebra, and Representation Theory Dennica Mitev University of

Introduction to Lie Groups, Lie Algebra, and Representation Theory Dennica Mitev University of

Introduction to Lie Groups, Lie Algebra, and Representation Theory Dennica Mitev University of Pennsylvania April 30th, 2020 Key Definitions, Matrix Lie Group Matrix Lie Group : Any subgroup G of GL ( n ; C ) with the property that if A m

227 views • 11 slides
Construction/AE Opportunities Iron Mountain, MI & Tomah, WI Director of Contracting: VA

Construction/AE Opportunities Iron Mountain, MI & Tomah, WI Director of Contracting: VA

VA Great Lakes Industry Day Construction/AE Opportunities Iron Mountain, MI & Tomah, WI Director of Contracting: VA Great Lakes Paul Lauro Division Chief, Construction: VA Great Lakes Ricky Bond Branch Chief,

340 views • 21 slides

More recommend