understanding the security of discrete gpus
play

Understanding The Security of Discrete GPUs Zhiting Zhu 1 , Sangman - PowerPoint PPT Presentation

Feb 15, 2024 •262 likes •869 views

Understanding The Security of Discrete GPUs Zhiting Zhu 1 , Sangman Kim 1 , Yuri Rozhanski 2 , Yige Hu 1 , Emmett Witchel 1 , Mark Silberstein 2 1.The University of Texas at Austin 2.Technion-Israel Institute of Technology Outline Can GPUs

  1. Understanding The Security of Discrete GPUs Zhiting Zhu 1 , Sangman Kim 1 , Yuri Rozhanski 2 , Yige Hu 1 , Emmett Witchel 1 , Mark Silberstein 2 1.The University of Texas at Austin 2.Technion-Israel Institute of Technology

  2. Outline ● Can GPUs improve the security of a computing system? ○ PixelVault ○ Attacking PixelVault ● Can GPUs subvert the security of a computing system? ○ GPU driver attack ○ GPU microcode attack ○ IOMMU mitigation 2

  3. Can GPUs improve the security of a computing system? Motivation: Dedicated hardware resources GPU PCIe Bus SM SM SM ... CPU Register Global memory 3

  4. Can GPUs improve the security of a computing system? Motivation: Dedicated hardware resources Independent computational GPU resources PCIe Bus SM SM SM ... CPU Register Global memory 4

  5. Can GPUs improve the security of a computing system? Motivation: Dedicated hardware resources Independent computational GPU resources PCIe Bus SM SM SM ... CPU Register Independent memory system Global memory 5

  6. Can GPUs improve the security of a computing system? Motivation: Dedicated hardware resources Independent computational GPU resources PCIe Bus SM SM SM ... CPU Register Independent memory system Global memory Physically partitioned from CPU 6

  7. Can discrete GPUs enhance the security of a computing system? GPU PCIe Bus CPU Register Global memory 7

  8. Can discrete GPUs enhance the security of a computing system? GPU PCIe Bus CPU Register Secret Data Global memory Secret Data 8

  9. Can discrete GPUs enhance the security of a computing system? GPU PCIe Bus …... CPU Register Secret Data Global memory Secret Data 9

  10. Can discrete GPUs enhance the security of a computing system? GPU PCIe Bus …... CPU Register Secret Data Global memory Secret Data 10

  11. PixelVault (CCS 14) ● Runs AES/RSA encryption in GPU. GPU Plaintext Register CPU Ciphertext Global memory 11

  12. PixelVault (CCS 14) ● Runs AES/RSA encryption in GPU. GPU ● Encryption(Enc) keys Plaintext are encrypted by a master key and are Register stored in GPU memory. CPU Ciphertext Global memory Enc key 12

  13. PixelVault (CCS 14) ● Runs AES/RSA encryption in GPU. GPU ● Encryption(Enc) keys Plaintext are encrypted by a master key and are Register stored in GPU memory. CPU Master key ● Master key is stored in a Ciphertext GPU register. Global memory Enc key 13

  14. PixelVault (CCS 14) ● Runs AES/RSA GPU encryption in GPU. Plaintext ● Encryption(Enc) keys are encrypted by a master Register key and are stored in Master key CPU GPU memory. Ciphertext Enc key ● Master key is stored in a GPU register. Global memory Enc key 14

  15. PixelVault (CCS 14) ● Runs AES/RSA GPU encryption in GPU. Plaintext ● Encryption(Enc) keys are encrypted by a master Register key and are stored in Master key CPU GPU memory. Ciphertext Enc key ● Master key is stored in a GPU register. Global memory Enc key 15

  16. PixelVault (CCS 14) ● Runs AES/RSA GPU encryption in GPU. Plaintext ● Encryption(Enc) keys are encrypted by a master Register key and are stored in Master key CPU GPU memory. Ciphertext Enc key ● Master key is stored in a GPU register. Global memory ● Prevent any adversarial Enc key from accessing registers. 16

  17. Threat model ● System boots from a trusted configuration and sets up PixelVault execution environment on GPU. 17

  18. Threat model ● System boots from a trusted configuration and sets up PixelVault execution environment on GPU. ● After setup, attacker can have full control over the platform. ○ Execute code at any privilege. ○ Has access to all platform hardware. ● Attack goal: Steal keys from GPU. 18

  19. Threat model Security guarantees depend on several NVIDIA GPU characteristics. ● Some of these characteristics are well known and confirmed. ● Some are experimentally validated. ● Others are only assumed to correct. ○ Experimentally verify. 19

  20. Assumption about NVIDIA GPU Assumption PixelVault safety property Attack A running GPU kernel cannot be Secure register contents from Debugger API. stopped and debugged. CPU-based debugger. GPU registers can’t be read after Cannot get the master key after Concurrent kernel. kernel termination. kernel termination. Can’t replace code of GPU kernel Cannot replace PixelVault code Flush instruction cache using executing from instruction cache. without stopping the kernel. MMIO registers. 20

  21. Assumption: A running GPU kernel cannot be stopped and debugged. CUDA 4.2 CUDA 5.0 and newer ● Compiled with explicit debug Stop a running kernel and inspect all support. GPU registers via debugger API. ● Insert breakpoints before kernel is running. 21

  22. Assumption: A running GPU kernel cannot be stopped and debugged. CUDA 4.2 CUDA 5.0 and newer ● Compiled with explicit debug Stop a running kernel and inspect all support. GPU registers via debugger API. ● Insert breakpoints before kernel is running. 22

  23. Assumption about NVIDIA GPU Assumption PixelVault safety property Attack A running GPU kernel cannot be Secure register contents from Debugger API. stopped and debugged. CPU-based debugger. GPU registers can’t be read after Cannot get the master key after Concurrent kernel. kernel termination. kernel termination. Can’t replace code of GPU kernel Cannot replace PixelVault code Flush instruction cache using executing from instruction cache. without stopping the kernel. MMIO registers. 23

  24. CUDA Stream ● An operation sequence on a GPU device. ● Every CUDA kernel is invoked on an independent stream. ● Share the same address space. 24

  25. PixelVault GPU Computation Data Transfer Stream Stream CPU Register Register 25

  26. Assumption: GPU registers can’t be read after kernel termination. Attack: Stream A Stream B Register Register 26

  27. Assumption: GPU registers can’t be read after kernel termination. Attack: If GPU kernel B is invoked in parallel with running kernel A, A’s register state can be retrieved using the debugger API even after A terminates, as long as B is still running. Stream A Stream B Stream A Stream B Debugger API Register Register Register Register 27

  28. Loading a program into the GPU GPU Instruction cache GPU global memory CPU GPU Chipset PCIe Bus 28

  29. Loading a program into the GPU GPU Instruction cache GPU global memory Program CPU GPU Chipset PCIe Bus 29

  30. Loading a program into the GPU GPU Instruction cache Program GPU global memory CPU GPU Chipset PCIe Bus 30

  31. Loading a program into the GPU GPU Program Instruction cache Program GPU global memory CPU GPU Chipset PCIe Bus 31

  32. If CPU writes to GPU instructions in memory while the GPU is running GPU …... Program Instruction cache Program GPU global memory Program CPU GPU Chipset PCIe Bus 32

  33. If CPU writes to GPU instructions in memory while the GPU is running GPU …... Program Instruction cache Program GPU global memory CPU GPU Chipset PCIe Bus 33

  34. No public API for flushing the instruction cache. 34

  35. Assumption about NVIDIA GPU Assumption PixelVault safety property Attack A running GPU kernel cannot be Secure register contents from Debugger API. stopped and debugged. CPU-based debugger. GPU registers can’t be read after Cannot get the master key after Concurrent kernel. kernel termination. kernel termination. Can’t replace code of GPU kernel Cannot replace PixelVault code Flush instruction cache using executing from instruction cache. without stopping the kernel. MMIO registers. 35

  36. Discussion ● Security guarantees rely on proprietary hardware and software which is poorly (often purposefully) publicly documented. ○ Some MMIO registers that flush the GPU instruction cache are not documented as flushing the cache. ○ Private debugger API. 36

  37. Discussion ● Security guarantees rely on proprietary hardware and software which is poorly (often purposefully) publicly documented. ● Manufacturers are free to change what’s implemented in software and what’s implemented in hardware across generations. ○ Debugger API 37

  38. Discussion ● Security guarantees rely on proprietary hardware and software which is poorly (often purposefully) publicly documented. ● Manufacturers are free to change what’s implemented in software and what’s implemented in hardware across generations. ● Manufacturers can change the architecture that invalidates the security of systems based on GPU. 38

  39. Discussion ● Security guarantees rely on proprietary hardware and software which is poorly (often purposefully) publicly documented. ● Manufacturers are free to change what’s implemented in software and what’s implemented in hardware across generations. ● Manufacturers can change the architecture that invalidates the security of systems based on GPU. ● Discrete GPUs cannot enhance the security of the computing system. 39

  40. GPU as a host for stealthy malware 1. Threat Model 2. GPU driver attack 3. GPU microcode attack 4. IOMMU mitigation 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A large scale discrete element framework for NVIDIA GPUs. Nicolin Govender, Daniel Wilke, Schalk

A large scale discrete element framework for NVIDIA GPUs. Nicolin Govender, Daniel Wilke, Schalk

A large scale discrete element framework for NVIDIA GPUs. Nicolin Govender, Daniel Wilke, Schalk Kok Govender.nicolin@gmail.com GTC 2015 GTC 2015 Outline Particle Transport Discrete Element Method Physical Interaction

503 views • 23 slides
Security Applica.ons of GPUs So.ris Ioannidis Founda.on for

Security Applica.ons of GPUs So.ris Ioannidis Founda.on for

Security Applica.ons of GPUs So.ris Ioannidis Founda.on for Research and Technology Hellas (FORTH) Outline Background and mo-va-on GPU-based,

961 views • 62 slides
Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice

Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice

Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice Scaling up DL 2 What is Deep Learning? 3 DEEP LEARNING EVERYWHERE INTERNET & CLOUD MEDICINE & BIOLOGY SECURITY & DEFENSE MEDIA &

1.45k views • 39 slides
Why use GPUs for graph processing? FOSDEM 2020 2 GPUs and Graphs Graphs GPUs Found

Why use GPUs for graph processing? FOSDEM 2020 2 GPUs and Graphs Graphs GPUs Found

Gunrock High-Performance Graph Analytics for the GPU Muhammad Osama University of California, Davis Why use GPUs for graph processing? FOSDEM 2020 2 GPUs and Graphs Graphs GPUs Found everywhere Found everywhere Road &

560 views • 23 slides
How to Deal with Radiation: Evaluation and Mitigation of GPUs Soft-Errors Paolo Rech

How to Deal with Radiation: Evaluation and Mitigation of GPUs Soft-Errors Paolo Rech

April 6 th 2015 San Jos, CA How to Deal with Radiation: Evaluation and Mitigation of GPUs Soft-Errors Paolo Rech Motivation: Automotive Applications Pedestrian Detection System: embedded GPUs increase cars security Paolo Rech

895 views • 61 slides
Discrete breathers for understanding low temperature reconstructive tranformations JFR Archilla,

Discrete breathers for understanding low temperature reconstructive tranformations JFR Archilla,

NONLINEAR DOUBLE DAY, Sevilla, May 17-18, 2004 Macroscopic effects of anharmonic excitations Discrete breathers for understanding low temperature reconstructive tranformations JFR Archilla, J Cuevas, JM Trillo and F Palmero Nonlinear Physics

386 views • 12 slides
ccTLD Security Understanding the Anxiety and Consequences Barry Raveendran Greene

ccTLD Security Understanding the Anxiety and Consequences Barry Raveendran Greene

ccTLD Security Understanding the Anxiety and Consequences Barry Raveendran Greene bgreene@isc.org Agenda ccTLD Security is not new Cybercriminal Toolkit Understanding why security people are irritated might help to provide

751 views • 46 slides
Scott Le Grand Some Things Never Change (GPUs vs the World) How Best to Exploit GPUs

Scott Le Grand Some Things Never Change (GPUs vs the World) How Best to Exploit GPUs

Scott Le Grand Some Things Never Change (GPUs vs the World) How Best to Exploit GPUs Molecular Dynamics or Matrix Factorization? Determinism and Numerical Stability Dynamic Range for both MD and NNs Latest AMBER PME Numbers

1.18k views • 90 slides
Android Security Security Philosophy Humans have difficulty understanding risk Safer to

Android Security Security Philosophy Humans have difficulty understanding risk Safer to

Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy cornerstones Need to

582 views • 37 slides
Unleashing the Power of GPUs over the Web Vishal Vaidyanathan Royal Caliber LLC GPUs are

Unleashing the Power of GPUs over the Web Vishal Vaidyanathan Royal Caliber LLC GPUs are

Unleashing the Power of GPUs over the Web Vishal Vaidyanathan Royal Caliber LLC GPUs are great... high compute throughput increasingly energy efficient high density but? http://onu.io

639 views • 16 slides
Plan Discrete paths as Heyting algebras Discrete paths as categories Discrete paths as quantales

Plan Discrete paths as Heyting algebras Discrete paths as categories Discrete paths as quantales

Discrete paths as Heyting algebras Discrete paths as categories Discrete paths as quantales Counting idempotents Conclusions Algebra and logic of discrete paths 1 Luigi Santocanale LIS (team LIRICA), Aix-Marseille Universit e, France S

1.31k views • 108 slides
Understanding the Security of ARM Debugging Features Zhenyu Ning and Fengwei Zhang COMPASS Lab

Understanding the Security of ARM Debugging Features Zhenyu Ning and Fengwei Zhang COMPASS Lab

Understanding the Security of ARM Debugging Features Zhenyu Ning and Fengwei Zhang COMPASS Lab Wayne State University May 21, 2019 Understanding the Security of ARM Debugging Features, S&P 19 1 Outline Introduction Obstacles in

1.03k views • 63 slides
Understanding the Security of ARM Debugging Features Zhenyu Ning and Fengwei Zhang COMPASS Lab

Understanding the Security of ARM Debugging Features Zhenyu Ning and Fengwei Zhang COMPASS Lab

Understanding the Security of ARM Debugging Features Zhenyu Ning and Fengwei Zhang COMPASS Lab Wayne State University May 21, 2019 Understanding the Security of ARM Debugging Features, S&P 19 1 Outline Introduction Obstacles for

679 views • 65 slides
Co-Evaluation of Pattern Matching Algorithms on IoT Devices with Embedded GPUs Charalampos

Co-Evaluation of Pattern Matching Algorithms on IoT Devices with Embedded GPUs Charalampos

Co-Evaluation of Pattern Matching Algorithms on IoT Devices with Embedded GPUs Charalampos Stylianopoulos Simon Kindstrm Magnus Almgren Olaf Landsiedel Marina Papatriantafilou Distributed Computing and Systems Motivation IoT security

908 views • 31 slides
Understanding the Coronavirus Aid id, , Reli lief, and Economic Security (C (CARES) ) Act

Understanding the Coronavirus Aid id, , Reli lief, and Economic Security (C (CARES) ) Act

Understanding the Coronavirus Aid id, , Reli lief, and Economic Security (C (CARES) ) Act and What it it Means for Your Community UNDERSTANDING THE CARES ACT Int Introductions Shelby y Fie iegel Je Jenn Gre regory Director,

860 views • 44 slides
Learning from Shadow Security: Why understanding non-compliant behaviors provides the basis

Learning from Shadow Security: Why understanding non-compliant behaviors provides the basis

Learning from Shadow Security: Why understanding non-compliant behaviors provides the basis for effective security USEC 2014, San Diego, USA February 23 rd , 2014 Iacovos Kirlappos Simon Parkin M. Angela Sasse University College London

704 views • 27 slides
STUDENT HOUSING MASTER PLAN in Association With S u b jEc T Sub Title CORNELLS RESIDENTIAL

STUDENT HOUSING MASTER PLAN in Association With S u b jEc T Sub Title CORNELLS RESIDENTIAL

STUDENT HOUSING MASTER PLAN in Association With S u b jEc T Sub Title CORNELLS RESIDENTIAL EXPERIENCE 2 CORNELLS RESIDENTIAL EXPERIENCE Principles Provide a broad range of on-campus housing options Prioritize and provide a

161 views • 14 slides
Deferred Maintenance Update CU-Boulder and UCCS February 2014 Office of the Vice President for

Deferred Maintenance Update CU-Boulder and UCCS February 2014 Office of the Vice President for

Deferred Maintenance Update CU-Boulder and UCCS February 2014 Office of the Vice President for Budget and Finance Boulder - Update on Deferred Maintenance Office of the Vice President for Budget and Finance 2 Boulder - Deferred Maintenance

433 views • 6 slides
Clinton Township School District Relationship of School Budget and Clinton Township Municipal

Clinton Township School District Relationship of School Budget and Clinton Township Municipal

Clinton Township School District Relationship of School Budget and Clinton Township Municipal Finances Property Tax Funding of Local Governments- Township, County and Schools Clinton Township School District (CTSD) and Clinton

288 views • 10 slides
ENVIRONMENT & TRANSPORT LRALC May 2020 Parish Clerks Quarterly Meeting Virtual

ENVIRONMENT & TRANSPORT LRALC May 2020 Parish Clerks Quarterly Meeting Virtual

ENVIRONMENT & TRANSPORT LRALC May 2020 Parish Clerks Quarterly Meeting Virtual Presentation Introduction As the quarterly meeting was cancelled due to COVID 19 we felt it would be valuable to provide an update for the Parish

781 views • 11 slides
2015 16 DEFERRED MAINTENANCES COLLEGE REQUESTED ITEMS Pr e se nte d by Distr ic t F ac

2015 16 DEFERRED MAINTENANCES COLLEGE REQUESTED ITEMS Pr e se nte d by Distr ic t F ac

2015 16 DEFERRED MAINTENANCES COLLEGE REQUESTED ITEMS Pr e se nte d by Distr ic t F ac ilitie s Committe e to Planning & Budge t Counc il F e br uar y 27, 2015 Introduction As par t of its institutional maste r planning pr oc e

467 views • 24 slides
457 Deferred Compensation Plan Todays Discussion Sources of retirement income SCERS

457 Deferred Compensation Plan Todays Discussion Sources of retirement income SCERS

457 Deferred Compensation Plan Todays Discussion Sources of retirement income SCERS vs. DC How does DC work? Deferred Why enroll? Compensation How much can I contribute? How do I enroll? Todays Discussion

1.12k views • 30 slides
2 nd EMA Workshop on Biosimilar Monoclonal Antibodies, 24 October 2011 Session 5.1:

2 nd EMA Workshop on Biosimilar Monoclonal Antibodies, 24 October 2011 Session 5.1:

2 nd EMA Workshop on Biosimilar Monoclonal Antibodies, 24 October 2011 Session 5.1: Pharmacovigilance What data/studies could be deferred to the post-authorisation phase? Innovator Industry Presentation John J. Orloff, Novartis Pharma

252 views • 6 slides
2 nd EMA Workshop on Biosimilar Monoclonal Antibodies, 24 October 2011 Session 1.4:

2 nd EMA Workshop on Biosimilar Monoclonal Antibodies, 24 October 2011 Session 1.4:

2 nd EMA Workshop on Biosimilar Monoclonal Antibodies, 24 October 2011 Session 1.4: Non-Clinical Issues Risk-based approach rationale and decision points Innovator Industry Presentation Sven Kronenberg, F. Hoffmann-La Roche Ltd.

489 views • 6 slides

More recommend