understanding the security of discrete gpus
play

Understanding The Security of Discrete GPUs Zhiting Zhu 1 , Sangman - PowerPoint PPT Presentation

Feb 15, 2024 •262 likes •869 views

Understanding The Security of Discrete GPUs Zhiting Zhu 1 , Sangman Kim 1 , Yuri Rozhanski 2 , Yige Hu 1 , Emmett Witchel 1 , Mark Silberstein 2 1.The University of Texas at Austin 2.Technion-Israel Institute of Technology Outline Can GPUs

  1. Understanding The Security of Discrete GPUs Zhiting Zhu 1 , Sangman Kim 1 , Yuri Rozhanski 2 , Yige Hu 1 , Emmett Witchel 1 , Mark Silberstein 2 1.The University of Texas at Austin 2.Technion-Israel Institute of Technology

  2. Outline ● Can GPUs improve the security of a computing system? ○ PixelVault ○ Attacking PixelVault ● Can GPUs subvert the security of a computing system? ○ GPU driver attack ○ GPU microcode attack ○ IOMMU mitigation 2

  3. Can GPUs improve the security of a computing system? Motivation: Dedicated hardware resources GPU PCIe Bus SM SM SM ... CPU Register Global memory 3

  4. Can GPUs improve the security of a computing system? Motivation: Dedicated hardware resources Independent computational GPU resources PCIe Bus SM SM SM ... CPU Register Global memory 4

  5. Can GPUs improve the security of a computing system? Motivation: Dedicated hardware resources Independent computational GPU resources PCIe Bus SM SM SM ... CPU Register Independent memory system Global memory 5

  6. Can GPUs improve the security of a computing system? Motivation: Dedicated hardware resources Independent computational GPU resources PCIe Bus SM SM SM ... CPU Register Independent memory system Global memory Physically partitioned from CPU 6

  7. Can discrete GPUs enhance the security of a computing system? GPU PCIe Bus CPU Register Global memory 7

  8. Can discrete GPUs enhance the security of a computing system? GPU PCIe Bus CPU Register Secret Data Global memory Secret Data 8

  9. Can discrete GPUs enhance the security of a computing system? GPU PCIe Bus …... CPU Register Secret Data Global memory Secret Data 9

  10. Can discrete GPUs enhance the security of a computing system? GPU PCIe Bus …... CPU Register Secret Data Global memory Secret Data 10

  11. PixelVault (CCS 14) ● Runs AES/RSA encryption in GPU. GPU Plaintext Register CPU Ciphertext Global memory 11

  12. PixelVault (CCS 14) ● Runs AES/RSA encryption in GPU. GPU ● Encryption(Enc) keys Plaintext are encrypted by a master key and are Register stored in GPU memory. CPU Ciphertext Global memory Enc key 12

  13. PixelVault (CCS 14) ● Runs AES/RSA encryption in GPU. GPU ● Encryption(Enc) keys Plaintext are encrypted by a master key and are Register stored in GPU memory. CPU Master key ● Master key is stored in a Ciphertext GPU register. Global memory Enc key 13

  14. PixelVault (CCS 14) ● Runs AES/RSA GPU encryption in GPU. Plaintext ● Encryption(Enc) keys are encrypted by a master Register key and are stored in Master key CPU GPU memory. Ciphertext Enc key ● Master key is stored in a GPU register. Global memory Enc key 14

  15. PixelVault (CCS 14) ● Runs AES/RSA GPU encryption in GPU. Plaintext ● Encryption(Enc) keys are encrypted by a master Register key and are stored in Master key CPU GPU memory. Ciphertext Enc key ● Master key is stored in a GPU register. Global memory Enc key 15

  16. PixelVault (CCS 14) ● Runs AES/RSA GPU encryption in GPU. Plaintext ● Encryption(Enc) keys are encrypted by a master Register key and are stored in Master key CPU GPU memory. Ciphertext Enc key ● Master key is stored in a GPU register. Global memory ● Prevent any adversarial Enc key from accessing registers. 16

  17. Threat model ● System boots from a trusted configuration and sets up PixelVault execution environment on GPU. 17

  18. Threat model ● System boots from a trusted configuration and sets up PixelVault execution environment on GPU. ● After setup, attacker can have full control over the platform. ○ Execute code at any privilege. ○ Has access to all platform hardware. ● Attack goal: Steal keys from GPU. 18

  19. Threat model Security guarantees depend on several NVIDIA GPU characteristics. ● Some of these characteristics are well known and confirmed. ● Some are experimentally validated. ● Others are only assumed to correct. ○ Experimentally verify. 19

  20. Assumption about NVIDIA GPU Assumption PixelVault safety property Attack A running GPU kernel cannot be Secure register contents from Debugger API. stopped and debugged. CPU-based debugger. GPU registers can’t be read after Cannot get the master key after Concurrent kernel. kernel termination. kernel termination. Can’t replace code of GPU kernel Cannot replace PixelVault code Flush instruction cache using executing from instruction cache. without stopping the kernel. MMIO registers. 20

  21. Assumption: A running GPU kernel cannot be stopped and debugged. CUDA 4.2 CUDA 5.0 and newer ● Compiled with explicit debug Stop a running kernel and inspect all support. GPU registers via debugger API. ● Insert breakpoints before kernel is running. 21

  22. Assumption: A running GPU kernel cannot be stopped and debugged. CUDA 4.2 CUDA 5.0 and newer ● Compiled with explicit debug Stop a running kernel and inspect all support. GPU registers via debugger API. ● Insert breakpoints before kernel is running. 22

  23. Assumption about NVIDIA GPU Assumption PixelVault safety property Attack A running GPU kernel cannot be Secure register contents from Debugger API. stopped and debugged. CPU-based debugger. GPU registers can’t be read after Cannot get the master key after Concurrent kernel. kernel termination. kernel termination. Can’t replace code of GPU kernel Cannot replace PixelVault code Flush instruction cache using executing from instruction cache. without stopping the kernel. MMIO registers. 23

  24. CUDA Stream ● An operation sequence on a GPU device. ● Every CUDA kernel is invoked on an independent stream. ● Share the same address space. 24

  25. PixelVault GPU Computation Data Transfer Stream Stream CPU Register Register 25

  26. Assumption: GPU registers can’t be read after kernel termination. Attack: Stream A Stream B Register Register 26

  27. Assumption: GPU registers can’t be read after kernel termination. Attack: If GPU kernel B is invoked in parallel with running kernel A, A’s register state can be retrieved using the debugger API even after A terminates, as long as B is still running. Stream A Stream B Stream A Stream B Debugger API Register Register Register Register 27

  28. Loading a program into the GPU GPU Instruction cache GPU global memory CPU GPU Chipset PCIe Bus 28

  29. Loading a program into the GPU GPU Instruction cache GPU global memory Program CPU GPU Chipset PCIe Bus 29

  30. Loading a program into the GPU GPU Instruction cache Program GPU global memory CPU GPU Chipset PCIe Bus 30

  31. Loading a program into the GPU GPU Program Instruction cache Program GPU global memory CPU GPU Chipset PCIe Bus 31

  32. If CPU writes to GPU instructions in memory while the GPU is running GPU …... Program Instruction cache Program GPU global memory Program CPU GPU Chipset PCIe Bus 32

  33. If CPU writes to GPU instructions in memory while the GPU is running GPU …... Program Instruction cache Program GPU global memory CPU GPU Chipset PCIe Bus 33

  34. No public API for flushing the instruction cache. 34

  35. Assumption about NVIDIA GPU Assumption PixelVault safety property Attack A running GPU kernel cannot be Secure register contents from Debugger API. stopped and debugged. CPU-based debugger. GPU registers can’t be read after Cannot get the master key after Concurrent kernel. kernel termination. kernel termination. Can’t replace code of GPU kernel Cannot replace PixelVault code Flush instruction cache using executing from instruction cache. without stopping the kernel. MMIO registers. 35

  36. Discussion ● Security guarantees rely on proprietary hardware and software which is poorly (often purposefully) publicly documented. ○ Some MMIO registers that flush the GPU instruction cache are not documented as flushing the cache. ○ Private debugger API. 36

  37. Discussion ● Security guarantees rely on proprietary hardware and software which is poorly (often purposefully) publicly documented. ● Manufacturers are free to change what’s implemented in software and what’s implemented in hardware across generations. ○ Debugger API 37

  38. Discussion ● Security guarantees rely on proprietary hardware and software which is poorly (often purposefully) publicly documented. ● Manufacturers are free to change what’s implemented in software and what’s implemented in hardware across generations. ● Manufacturers can change the architecture that invalidates the security of systems based on GPU. 38

  39. Discussion ● Security guarantees rely on proprietary hardware and software which is poorly (often purposefully) publicly documented. ● Manufacturers are free to change what’s implemented in software and what’s implemented in hardware across generations. ● Manufacturers can change the architecture that invalidates the security of systems based on GPU. ● Discrete GPUs cannot enhance the security of the computing system. 39

  40. GPU as a host for stealthy malware 1. Threat Model 2. GPU driver attack 3. GPU microcode attack 4. IOMMU mitigation 40

Recommend

A large scale discrete element framework for NVIDIA GPUs. Nicolin Govender, Daniel Wilke, Schalk

A large scale discrete element framework for NVIDIA GPUs. Nicolin Govender, Daniel Wilke, Schalk

A large scale discrete element framework for NVIDIA GPUs. Nicolin Govender, Daniel Wilke, Schalk Kok Govender.nicolin@gmail.com GTC 2015 GTC 2015 Outline Particle Transport Discrete Element Method Physical Interaction

503 views • 23 slides
Security Applica.ons of GPUs So.ris Ioannidis Founda.on for

Security Applica.ons of GPUs So.ris Ioannidis Founda.on for

Security Applica.ons of GPUs So.ris Ioannidis Founda.on for Research and Technology Hellas (FORTH) Outline Background and mo-va-on GPU-based,

961 views • 62 slides
Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice

Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice

Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice Scaling up DL 2 What is Deep Learning? 3 DEEP LEARNING EVERYWHERE INTERNET & CLOUD MEDICINE & BIOLOGY SECURITY & DEFENSE MEDIA &

1.45k views • 39 slides
Why use GPUs for graph processing? FOSDEM 2020 2 GPUs and Graphs Graphs GPUs Found

Why use GPUs for graph processing? FOSDEM 2020 2 GPUs and Graphs Graphs GPUs Found

Gunrock High-Performance Graph Analytics for the GPU Muhammad Osama University of California, Davis Why use GPUs for graph processing? FOSDEM 2020 2 GPUs and Graphs Graphs GPUs Found everywhere Found everywhere Road &

560 views • 23 slides
How to Deal with Radiation: Evaluation and Mitigation of GPUs Soft-Errors Paolo Rech

How to Deal with Radiation: Evaluation and Mitigation of GPUs Soft-Errors Paolo Rech

April 6 th 2015 San Jos, CA How to Deal with Radiation: Evaluation and Mitigation of GPUs Soft-Errors Paolo Rech Motivation: Automotive Applications Pedestrian Detection System: embedded GPUs increase cars security Paolo Rech

895 views • 61 slides
Discrete breathers for understanding low temperature reconstructive tranformations JFR Archilla,

Discrete breathers for understanding low temperature reconstructive tranformations JFR Archilla,

NONLINEAR DOUBLE DAY, Sevilla, May 17-18, 2004 Macroscopic effects of anharmonic excitations Discrete breathers for understanding low temperature reconstructive tranformations JFR Archilla, J Cuevas, JM Trillo and F Palmero Nonlinear Physics

386 views • 12 slides
ccTLD Security Understanding the Anxiety and Consequences Barry Raveendran Greene

ccTLD Security Understanding the Anxiety and Consequences Barry Raveendran Greene

ccTLD Security Understanding the Anxiety and Consequences Barry Raveendran Greene bgreene@isc.org Agenda ccTLD Security is not new Cybercriminal Toolkit Understanding why security people are irritated might help to provide

751 views • 46 slides
Scott Le Grand Some Things Never Change (GPUs vs the World) How Best to Exploit GPUs

Scott Le Grand Some Things Never Change (GPUs vs the World) How Best to Exploit GPUs

Scott Le Grand Some Things Never Change (GPUs vs the World) How Best to Exploit GPUs Molecular Dynamics or Matrix Factorization? Determinism and Numerical Stability Dynamic Range for both MD and NNs Latest AMBER PME Numbers

1.18k views • 90 slides
Android Security Security Philosophy Humans have difficulty understanding risk Safer to

Android Security Security Philosophy Humans have difficulty understanding risk Safer to

Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy cornerstones Need to

582 views • 37 slides
Unleashing the Power of GPUs over the Web Vishal Vaidyanathan Royal Caliber LLC GPUs are

Unleashing the Power of GPUs over the Web Vishal Vaidyanathan Royal Caliber LLC GPUs are

Unleashing the Power of GPUs over the Web Vishal Vaidyanathan Royal Caliber LLC GPUs are great... high compute throughput increasingly energy efficient high density but? http://onu.io

639 views • 16 slides
Plan Discrete paths as Heyting algebras Discrete paths as categories Discrete paths as quantales

Plan Discrete paths as Heyting algebras Discrete paths as categories Discrete paths as quantales

Discrete paths as Heyting algebras Discrete paths as categories Discrete paths as quantales Counting idempotents Conclusions Algebra and logic of discrete paths 1 Luigi Santocanale LIS (team LIRICA), Aix-Marseille Universit e, France S

1.31k views • 108 slides
Understanding the Security of ARM Debugging Features Zhenyu Ning and Fengwei Zhang COMPASS Lab

Understanding the Security of ARM Debugging Features Zhenyu Ning and Fengwei Zhang COMPASS Lab

Understanding the Security of ARM Debugging Features Zhenyu Ning and Fengwei Zhang COMPASS Lab Wayne State University May 21, 2019 Understanding the Security of ARM Debugging Features, S&P 19 1 Outline Introduction Obstacles in

1.03k views • 63 slides
Understanding the Security of ARM Debugging Features Zhenyu Ning and Fengwei Zhang COMPASS Lab

Understanding the Security of ARM Debugging Features Zhenyu Ning and Fengwei Zhang COMPASS Lab

Understanding the Security of ARM Debugging Features Zhenyu Ning and Fengwei Zhang COMPASS Lab Wayne State University May 21, 2019 Understanding the Security of ARM Debugging Features, S&P 19 1 Outline Introduction Obstacles for

679 views • 65 slides
Co-Evaluation of Pattern Matching Algorithms on IoT Devices with Embedded GPUs Charalampos

Co-Evaluation of Pattern Matching Algorithms on IoT Devices with Embedded GPUs Charalampos

Co-Evaluation of Pattern Matching Algorithms on IoT Devices with Embedded GPUs Charalampos Stylianopoulos Simon Kindstrm Magnus Almgren Olaf Landsiedel Marina Papatriantafilou Distributed Computing and Systems Motivation IoT security

908 views • 31 slides
Understanding the Coronavirus Aid id, , Reli lief, and Economic Security (C (CARES) ) Act

Understanding the Coronavirus Aid id, , Reli lief, and Economic Security (C (CARES) ) Act

Understanding the Coronavirus Aid id, , Reli lief, and Economic Security (C (CARES) ) Act and What it it Means for Your Community UNDERSTANDING THE CARES ACT Int Introductions Shelby y Fie iegel Je Jenn Gre regory Director,

860 views • 44 slides
Learning from Shadow Security: Why understanding non-compliant behaviors provides the basis

Learning from Shadow Security: Why understanding non-compliant behaviors provides the basis

Learning from Shadow Security: Why understanding non-compliant behaviors provides the basis for effective security USEC 2014, San Diego, USA February 23 rd , 2014 Iacovos Kirlappos Simon Parkin M. Angela Sasse University College London

704 views • 27 slides
Understanding the Security of Traffic Signal Infrastructure Zhenyu Ning , Fengwei Zhang, and

Understanding the Security of Traffic Signal Infrastructure Zhenyu Ning , Fengwei Zhang, and

Understanding the Security of Traffic Signal Infrastructure Zhenyu Ning , Fengwei Zhang, and Stephen Remias COMPASS Lab Wayne State University DIMVA, June 19, 2019 Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 1

906 views • 51 slides
Understanding the Security of Traffic Signal Infrastructure Zhenyu Ning , Fengwei Zhang, and

Understanding the Security of Traffic Signal Infrastructure Zhenyu Ning , Fengwei Zhang, and

Understanding the Security of Traffic Signal Infrastructure Zhenyu Ning , Fengwei Zhang, and Stephen Remias COMPASS Lab Wayne State University DIMVA, June 19, 2019 Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 1

952 views • 53 slides
Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla

Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla

Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla ekr@rtfm.com EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 1 WARNING This talk contains no research content.

284 views • 15 slides
Clusters of GPUs Michael LeBeane mlebeane@utexas.edu Advisor : Lizy K. John Problem Statement

Clusters of GPUs Michael LeBeane mlebeane@utexas.edu Advisor : Lizy K. John Problem Statement

PhD Defense Optimizing Communication for Clusters of GPUs Michael LeBeane mlebeane@utexas.edu Advisor : Lizy K. John Problem Statement GPUs and Networks in the Wild GPUs are everywhere in HPC, Big Data, Machine Learning, and beyond

1.07k views • 61 slides
MD5 Chosen-Prefix Collisions on GPUs Marc Bevand m.bevand@gmail.com marc.bevand@rapid7.com

MD5 Chosen-Prefix Collisions on GPUs Marc Bevand m.bevand@gmail.com marc.bevand@rapid7.com

MD5 Chosen-Prefix Collisions on GPUs Marc Bevand m.bevand@gmail.com marc.bevand@rapid7.com Agenda MD5 on GPUs Dec 2008: rogue CA certificate on PS3 cluster MD5 birthday search Results & performance MD5 on GPUs MD5 is

448 views • 18 slides
(Toward) Radiative transfer on AMR with GPUs Dominique Aubert Universit de Strasbourg

(Toward) Radiative transfer on AMR with GPUs Dominique Aubert Universit de Strasbourg

(Toward) Radiative transfer on AMR with GPUs Dominique Aubert Universit de Strasbourg Austin, TX, 14.12.12 jeudi 13 dcembre 2012 A few words about GPUs Cache and control replaced by calculation units Large number of

500 views • 31 slides
Discrete Structures of Computer Science Amanda Watson What is Discrete Mathematics?

Discrete Structures of Computer Science Amanda Watson What is Discrete Mathematics?

Discrete Structures of Computer Science Amanda Watson What is Discrete Mathematics? Discrete Mathematics: part of math devoted to the study of discrete (as opposed to continuous) objects. Examples: integers, steps taken by a computer

353 views • 7 slides
Understanding and preventing common attacks Romain Wartel 7th March 2010, ISGC Security

Understanding and preventing common attacks Romain Wartel 7th March 2010, ISGC Security

WLCG Group Understanding and preventing common attacks Romain Wartel 7th March 2010, ISGC Security Workshop, Taiwan. 1 Overview Underground market The main motive behind most security attacks: money. 3 Exposure and motivation Grids

434 views • 25 slides

More recommend