sugar secure gpu acceleration in web browsers
play

Sugar: Secure GPU Acceleration in Web Browsers Zhihao Yao , Zongheng - PowerPoint PPT Presentation

Jul 25, 2023 •254 likes •846 views

Sugar: Secure GPU Acceleration in Web Browsers Zhihao Yao , Zongheng Ma, Yingtong Liu, Ardalan Amiri Sani, Aparna Chandramowlishwaran Trustworthy Systems Lab, UC Irvine 1 WebGL was released in 2011 Source: https://www.google.com/map 2 WebGL

  1. Sugar: Secure GPU Acceleration in Web Browsers Zhihao Yao , Zongheng Ma, Yingtong Liu, Ardalan Amiri Sani, Aparna Chandramowlishwaran Trustworthy Systems Lab, UC Irvine 1

  2. WebGL was released in 2011 Source: https://www.google.com/map 2

  3. WebGL is popular WebGL adoption rate by top 100 websites 47.0% 53.0% 3

  4. WebGL is popular Browser support rate (48.8 million visitors) Does not support 4.0% 96.0% Source: http://webglstats.com (2017) 4

  5. https://www.apple.com/macos/sierra/ https://www.google.com/map 5 https://eyes.nasa.gov/curiosity/ http://dlmf.nist.gov

  6. WebGL recap 6

  7. First, a quick recap on OpenGL Native app GL libs user space kernel space Kernel mode GPU driver kernel space hardware GPU hardware 7

  8. First, a quick recap on OpenGL Native app Native app function call GL libs GL libs user space kernel space Kernel mode GPU driver kernel space hardware GPU hardware 8

  9. First, a quick recap on OpenGL Native app Native app GL libs GL libs user space syscall kernel space Kernel mode GPU driver kernel space hardware GPU hardware 9

  10. Use the same design for WebGL? Web app Buggy GL libs user space Malicious kernel space Compromised Kernel mode GPU driver kernel space hardware GPU hardware 10

  11. Web apps are not trusted Web app Buggy GL libs user space Malicious kernel space Compromised Kernel mode GPU driver kernel space hardware GPU hardware 11

  12. GPU driver is buggy Web app Buggy GL libs user space Malicious kernel space Compromised Kernel mode GPU driver kernel space hardware GPU hardware 12

  13. Kernel driver is compromised Web app web app Buggy GL libs GL libs user space Malicious kernel space Compromised Kernel mode GPU driver kernel space hardware GPU hardware 13

  14. Current WebGL design GPU Process Web app Web app Checks Web app GL libs Browser user space kernel space Kernel mode GPU driver kernel space hardware GPU hardware 14

  15. Current WebGL design GPU Process IPC Web app Web app Checks Web app GL libs Browser Browser user space kernel space Kernel mode GPU driver kernel space hardware GPU hardware 15

  16. Security checks in GPU Process GPU Process Web app Web app Checks Web app GL libs Browser user space kernel space Kernel mode GPU driver kernel space hardware GPU hardware 16

  17. TCB of current WebGL Design GPU Process Web app 158,000 LoC Web app Checks Web app (GPU Process) GL libs 457,000 LoC Browser (GL libraries) Kernel mode GPU driver 123,000 LoC (GPU driver) GPU hardware 17

  18. Vulnerabilities in GPU process CVE-2014-1556 GPU Process CVE-2015-7179 Web app CVE-2013-2874 Web app Checks Web app CVE-2017-5031 GL libs CVE-2014-1502 Browser Kernel mode GPU driver GPU hardware 18

  19. Kernel driver is compromised GPU Process Web app Web app Checks Web app GL libs Browser CVE-2011-2601* Chrome 153469 Chrome 483877* Kernel mode GPU driver CVE-2011-2367 CVE-2011-3653 GPU hardware *Not yet fixed 19

  20. Vulnerability examples CVE-2014-1556 execute arbitrary code CVE-2015-7179 execute arbitrary code CVE-2013-2874 read browser UI CVE-2017-5031 read GPU process memory CVE-2014-1502 use of cross-origin contents Chrome Issue 593680 browser hang Chrome Issue 83841 leak system username CVE-2011-2601* system UI freeze Chrome issue 153469 kernel panic Chrome issue 483877* system UI freeze CVE-2011-2367 read of GPU memory CVE-2011-3653 read of GPU memory CVE-2014-3173 read of GPU memory *Not yet fixed 20

  21. Our WebGL vulnerability study https://trusslab.github.io/sugar/webgl_bugs 21

  22. Current WebGL design High Known Zero day System UI performance vulnerabilities vulnerabilities freeze 22

  23. CVE-2014-3173, read of GPU graphics memory We type some private notes in terminal: 23

  24. CVE-2014-3173, read of GPU graphics memory 24

  25. Overview of Sugar Key idea: • Use GPU virtualization to give an untrusted web app a separate vGPU 25

  26. Intel GPU virtualization • We build a prototype on Intel GPU virtualization ● Intel GPU virtualization is available since the 4th generation Core processors [1] 26 [1] https://www.usenix.org/conference/atc14/technical-sessions/presentation/tian Photo credit: https://www.intel.com/pressroom/archive/releases/2008/20081117comp_sm.htm

  27. 27

  28. vGPU 2 vGPU 1 GPU GPU 28

  29. Sugar’s design Web app GPU Process GL libs GL libs vGPU driver Browser user space kernel space Kernel mode GPU driver hardware vGPU GPU hardware 29

  30. Sugar’s design Web app GPU Process function call GL libs GL libs vGPU driver Browser user space kernel space Kernel mode GPU driver hardware vGPU GPU hardware 30

  31. Sugar’s design Web app GPU Process GL libs function call GL libs vGPU driver Browser user space kernel space Kernel mode GPU driver hardware vGPU GPU hardware 31

  32. Sugar’s design Web app GPU Process GL libs GL libs vGPU driver Browser user space kernel space Kernel mode GPU driver hardware vGPU GPU hardware 32

  33. Sugar’s design Web app GPU Process GL libs virtual GL libs vGPU driver graphics Browser plane primary Kernel mode graphics GPU driver plane vGPU GPU hardware 33

  34. Why is Sugar secure? 34

  35. Web app process is untrusted Web app GPU Process GL libs GL libs vGPU driver Browser user space kernel space Kernel mode GPU driver hardware vGPU GPU hardware 35

  36. Web app process is sandboxed Web app GPU Process GL libs GL libs vGPU driver Browser user space kernel space Kernel mode GPU driver hardware vGPU GPU hardware 36

  37. vGPU is isolated Web app GPU Process GL libs GL libs vGPU driver Browser user space kernel space Kernel mode GPU driver hardware vGPU GPU hardware 37

  38. Sugar’s TCB is small Web app GPU Process GL libs GL libs vGPU driver Browser user space kernel space 34,400 LoC Kernel mode (GPU virtualization) GPU driver hardware vGPU GPU hardware 38

  39. Vulnerability examples CVE-2014-1556 execute arbitrary code CVE-2015-7179 execute arbitrary code CVE-2013-2874 read browser UI CVE-2017-5031 read GPU process memory CVE-2014-1502 use of cross-origin contents Chrome Issue 593680 browser hang Chrome Issue 83841 leak system username CVE-2011-2601* system UI freeze Chrome issue 153469 kernel panic Chrome issue 483877* system UI freeze CVE-2011-2367 read of GPU memory CVE-2011-3653 read of GPU memory CVE-2014-3173 read of GPU memory *Not yet fixed 39

  40. Limitation of this Sugar design Intel vGPU hang will cause a real GPU hang 40

  41. Dual-GPU Sugar Key idea: Use two GPUs to fully isolate the virtual graphics plane and the primary graphics plane. ● Solves system UI freeze ● Provides better performance isolation 41

  42. Dual-GPU Sugar’s design Web app GPU process GL libs GL libs vGPU driver user space Browser kernel space Kernel mode Kernel mode GPU 1 driver GPU 2 driver hardware vGPU GPU 1 hardware GPU 2 hardware 42 Photo credit: https://www.amd.com/zh-tw/products/graphics/desktop/6000/6990

  43. Many computers have two GPUs dell.com/Inspiron15 apple.com/macbook-pro store.hp.com/envy 43

  44. Intel’s 8th Generation Core Processors with Radeon RX Vega M Graphics Source: https://newsroom.intel.com/news/8th-gen-intel-core-radeon-rx-vega-m-graphics 44

  45. Sugar’s implementation 45

  46. WebGL in web app process Reuse most of GPU process code WebKit / Blink GPU Process Ported from GPU process WebGL frontend WebGL backend WebGL backend GL libs GL libs vGPU driver 46

  47. vGPU driver as a library We modify GL libs to issue function calls instead of syscalls WebKit / Blink WebGL frontend WebGL backend GL libs function call vGPU driver 47

  48. Register: trap and emulate Web app GPU Process GL libs GL libs vGPU driver Mapped Browser user space registers kernel space Kernel mode GPU driver hardware vGPU GPU hardware 48

  49. Register: trap and emulate Web app GPU Process GL libs GL libs vGPU driver Mapped Browser user space registers kernel space Kernel mode GPU virtualization GPU driver layer will emulate hardware vGPU GPU hardware 49

  50. Interrupt: deliver as signal Web app GPU Process GL libs GL libs vGPU driver Browser user space kernel space Kernel mode GPU driver Interrupt hardware vGPU GPU hardware 50

  51. Interrupt: deliver as signal Web app GPU Process GL libs GL libs vGPU driver Browser user space kernel space The virtualization layer Kernel mode delivers as a signal GPU driver Interrupt hardware vGPU GPU hardware 51

  52. Interrupt: deliver as signal Web app GPU Process GL libs GL libs vGPU driver Signal Browser user space kernel space Kernel mode GPU driver Interrupt hardware vGPU GPU hardware 52

  53. DMA overview Main GPU DMA memory 53

  54. DMA overview Page Main vGPU DMA table memory 54

  55. Evaluations 55

  56. Sugar’s performance is good under the same WebGL benchmarks that Chrome uses 56

  57. Sugar’s performance is good under the same WebGL benchmarks that Chrome uses 60 FPS 57

  58. Sugar’s CPU overhead is low Sugar is better than CPU rendering by 375% on average 58

Recommend

Understanding Hardware Acceleration on Mobile Browsers Ariya Hidayat Magical Advice Use

Understanding Hardware Acceleration on Mobile Browsers Ariya Hidayat Magical Advice Use

Understanding Hardware Acceleration on Mobile Browsers Ariya Hidayat Magical Advice Use translate3d for hardware acceleration Challenges Game vs Web Game Text Textured objects Animation Physics Transformation Large but Still Bounded

715 views • 71 slides
Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr)

Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr)

Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr) Digital Publishing Summit May 26, 2019 Automated typesetting and pagination for print Make PDF outputs of HTML contents from browsers Flux

823 views • 67 slides
The Sugar Factory Inc. A pinch of sugar The Sweet Science Of Boxing About us The Sugar Factory

The Sugar Factory Inc. A pinch of sugar The Sweet Science Of Boxing About us The Sugar Factory

The Sugar Factory Inc. A pinch of sugar The Sweet Science Of Boxing About us The Sugar Factory will provide physical fitness and conditioning in every area of sports. With the disciplines of boxing training being the primary tools to

315 views • 7 slides
Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce supported by almost all transactions browsers, web

570 views • 21 slides
Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce transactions supported by almost all browsers,

609 views • 21 slides
Future of Mackay Sugar Mac Mackay ay Sugar ar L Ltd Nordzucker Proposal Shareh eholder er

Future of Mackay Sugar Mac Mackay ay Sugar ar L Ltd Nordzucker Proposal Shareh eholder er

Future of Mackay Sugar Mac Mackay ay Sugar ar L Ltd Nordzucker Proposal Shareh eholder er Briefing ng 19 9 February 201 2019 Strictly Private and Confidential Nordzucker - Mackay Sugar Comparison Mackay Sugar Unlisted Public

649 views • 50 slides
CSR Sugar SUGAR MARKET OUTLOOK PRESENTATION January 2006 Presentation compiled with the

CSR Sugar SUGAR MARKET OUTLOOK PRESENTATION January 2006 Presentation compiled with the

CSR Sugar SUGAR MARKET OUTLOOK PRESENTATION January 2006 Presentation compiled with the assistance of Czarnikow Sugar. For further information on the global sugar industry, please refer to the Czarnikow website www.czarnikow.com. Sugar Market

580 views • 22 slides
Refined Sugar Conditioning Presentation to Thai Sugar Millers Co., Ltd. 0 November 07, 2014 By

Refined Sugar Conditioning Presentation to Thai Sugar Millers Co., Ltd. 0 November 07, 2014 By

Refined Sugar Conditioning Presentation to Thai Sugar Millers Co., Ltd. 0 November 07, 2014 By Saovapun Suputtitada Project Development Manager 1 Why is it important? If sugar is not conditioned, it can lead to caking- sometimes very

624 views • 37 slides
A GPU-Inspired Soft Processor for High- Throughput Acceleration Throughput Acceleration Jeffrey

A GPU-Inspired Soft Processor for High- Throughput Acceleration Throughput Acceleration Jeffrey

A GPU-Inspired Soft Processor for High- Throughput Acceleration Throughput Acceleration Jeffrey Kingyens and J. Gregory Steffan Electrical and Computer Engineering University of Toronto 1 FGPA-Based Acceleration In-socket acceleration

342 views • 22 slides
EU Sugar Balance AGRI G 4 Economic Board of the Sugar Market Observatory May 2020 update EU

EU Sugar Balance AGRI G 4 Economic Board of the Sugar Market Observatory May 2020 update EU

EU Sugar Balance AGRI G 4 Economic Board of the Sugar Market Observatory May 2020 update EU Sugar production by Marketing Year 2019/20 (provisional) compared to 2018/19 Area - 5.5% Production - 1.6% EU Sugar production by

112 views • 10 slides
acceleration Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada NSS acceleration

acceleration Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada NSS acceleration

IPQ806x Hardware acceleration Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada NSS acceleration model Features Designed for Home Gateways (CPE) Flow detection based All -or- nothing offload Acceleration

248 views • 8 slides
THE SUGAR FACTORY INC. The Sweet Science of Boxing Presents Two Teaspoons of Sugar About Our

THE SUGAR FACTORY INC. The Sweet Science of Boxing Presents Two Teaspoons of Sugar About Our

THE SUGAR FACTORY INC. The Sweet Science of Boxing Presents Two Teaspoons of Sugar About Our head Coach Bilal S. Ali 01.2003 - 05.2004 The Urban Youth Development Corp. East Orange, NJ 05.1997 - 11.2002 Family Outreach Coordinator/Bus

419 views • 10 slides
British Sugar and the IED CEA/CRF/RSC Seminar London 22 nd September 2011 Parent company:

British Sugar and the IED CEA/CRF/RSC Seminar London 22 nd September 2011 Parent company:

British Sugar and the IED CEA/CRF/RSC Seminar London 22 nd September 2011 Parent company: Associated British Foods plc Operating structure British Sugar British Sugar Azucarera Illovo Sugar Other UK & Ireland Ebro Overseas (51%)

255 views • 14 slides
AGENDA I. BRR in Brief II. Operating Results Q 3 /2018 III. Sugar Situations IV.

AGENDA I. BRR in Brief II. Operating Results Q 3 /2018 III. Sugar Situations IV.

AGENDA I. BRR in Brief II. Operating Results Q 3 /2018 III. Sugar Situations IV. Investment Update V. Q&A Sugar ar Made de in the Field BRR IN BRIEF Pioneer of sugar factory

750 views • 34 slides
New World Economies: Sugar and the Atlantic Slave T rade I do not know if coffee and sugar

New World Economies: Sugar and the Atlantic Slave T rade I do not know if coffee and sugar

New World Economies: Sugar and the Atlantic Slave T rade I do not know if coffee and sugar are essential to the happiness of Europe, but I know well that these two products have accounted for the unhappiness of two great regions of the

391 views • 20 slides
What Sugar Does to Your Brain: The New Science of Sugar Addiction TODAYS AGENDA:

What Sugar Does to Your Brain: The New Science of Sugar Addiction TODAYS AGENDA:

What Sugar Does to Your Brain: The New Science of Sugar Addiction TODAYS AGENDA: Introduction & Housekeeping Become an Orgain Speaker Introduction Presentation Ambassador Today! Q&A Closing Request an

680 views • 47 slides
WORLD SUGAR MARKET Jos Orive Executive Director International Sugar Organization A year ago

WORLD SUGAR MARKET Jos Orive Executive Director International Sugar Organization A year ago

WORLD SUGAR MARKET Jos Orive Executive Director International Sugar Organization A year ago world prices hit bottom 26.00 25.00 24.00 23.00 22.00 21.00 20.00 ISO White Sugar Price Index US cents/lb 19.00 18.00 17.00 16.00 15.00

559 views • 20 slides
in the Village of Sugar Grove and Sugar Grove Township Sections, 21, 28, 33 Paul M. Schuch, P.E.,

in the Village of Sugar Grove and Sugar Grove Township Sections, 21, 28, 33 Paul M. Schuch, P.E.,

in the Village of Sugar Grove and Sugar Grove Township Sections, 21, 28, 33 Paul M. Schuch, P.E., CFM Director Water Resources June 21, 2011 Flooded Farm Field south of Mallard Point Subdivision Constant

331 views • 11 slides
and Inclusion Package 1 Sugar sweetened beverage tax As of August 30, 2017 4:54 PM DRAFT FOR

and Inclusion Package 1 Sugar sweetened beverage tax As of August 30, 2017 4:54 PM DRAFT FOR

DRAFT FOR DISCUSSION. SUBJECT TO CHANGE. Tax Reform for Acceleration and Inclusion Package 1 Sugar sweetened beverage tax As of August 30, 2017 4:54 PM DRAFT FOR DISCUSSION. SUBJECT TO CHANGE. Table of contents 1. Key messages and

2.36k views • 198 slides
COMPANY PRESENTATION I. BRR in Brief II. 9M19 Operating Results III. Sugar Situations IV .

COMPANY PRESENTATION I. BRR in Brief II. 9M19 Operating Results III. Sugar Situations IV .

COMPANY PRESENTATION I. BRR in Brief II. 9M19 Operating Results III. Sugar Situations IV . Investment Update V . Q&A Sugar gar Made in the Field ld Main Business Raw and brown sugar

466 views • 27 slides
chromozoom.org rethinking the UI of genome browsers Ted Pak Roth Laboratory Donnelly Centre,

chromozoom.org rethinking the UI of genome browsers Ted Pak Roth Laboratory Donnelly Centre,

chromozoom.org rethinking the UI of genome browsers Ted Pak Roth Laboratory Donnelly Centre, University of Toronto Samuel Lunenfeld Research Institute, Mt. Sinai Hospital genome browsers: lots of data small viewable area UCSC, GBrowse,

418 views • 24 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
Trusted Browsers for Uncertain Times David Kohlbrenner and Hovav Shacham UC San Diego Building

Trusted Browsers for Uncertain Times David Kohlbrenner and Hovav Shacham UC San Diego Building

Trusted Browsers for Uncertain Times David Kohlbrenner and Hovav Shacham UC San Diego Building a browser that can provably mitigate timing attacks Trusted Browsers Time and web browsers Mitigating attacks for A trusted browser

1.39k views • 85 slides
Kilombero 2005 Kilombero 2005 AGENDA AGENDA Kilombero Sugar Company Kilombero Sugar Company

Kilombero 2005 Kilombero 2005 AGENDA AGENDA Kilombero Sugar Company Kilombero Sugar Company

Kilombero 2005 Kilombero 2005 AGENDA AGENDA Kilombero Sugar Company Kilombero Sugar Company Kilombero Business Linkages Project Kilombero Community Trust Kilombero Sugar Company Kilombero Sugar Company Kilombero Sugar Company Ltd (KSCL)

586 views • 31 slides

More recommend