Uncategorized

A Survey of Techniques for Improving Security of GPUs

Graphics processing unit (GPU), although a powerful performance-booster, also has many security vulnerabilities. Due to these, the GPU can act as a safe-haven for stealthy malware and the weakest `link’ in the security `chain’. In this paper, we present a survey of techniques for analyzing and improving GPU security. We classify the works on key attributes to highlight their similarities and differences. More than informing users and researchers about GPU security techniques, this survey aims to increase their awareness about GPU security vulnerabilities and potential countermeasures.

https://arxiv.org/abs/1804.00114

 

Standard
Uncategorized

Intel Security Essentials: A Built-in Foundation with Security at the Core

Intel Threat Detection Technology (TDT) announced at RSA. Includes GPU-powered antivirus code.

https://newsroom.intel.com/editorials/securing-digital-world-intel-announces-silicon-level-security-technologies-industry-adoption-rsa-2018/

https://software.intel.com/en-us/blogs/2018/04/16/intel-security-essentials-a-built-in-foundation-with-security-at-the-core

https://www.intel.com/content/www/us/en/security/hardware/hardware-security-overview.html

https://www.engadget.com/2018/04/17/intel-malware-scanner-gpu-processor-cpu-speed/

https://arstechnica.com/gadgets/2018/04/intel-microsoft-to-use-gpu-to-scan-memory-for-malware/

Intel Security Essentials

 

Standard
Uncategorized

AMD Vega Pro GPU contains a Security Processor

https://www.heise.de/newsticker/meldung/AMD-Treiber-Radeon-Pro-17-8-fuer-Vega-Hardware-Sicherheit-und-On-the-Fly-Treiberwechsel-3784816.html

http://www.phoronix.com/scan.php?page=news_item&px=Vega-Pro-Secure-Processor

 

 

 

 

Standard
Uncategorized

A Study of Overflow Vulnerabilities on GPUs

A Study of Overflow Vulnerabilities on GPUs
Bang Di, Jianhua Sun, Hao Chen

GPU-accelerated computing gains rapidly-growing popularity in many areas such as scientific computing, database systems, and cloud environments. However, there are less investigations on the security implications of concurrently running GPU applications. In this paper, we explore security vulnerabilities of CUDA from multiple dimensions. In particular, we first present a study on GPU stack, and reveal that stack overflow of CUDA can affect the execution of other threads by manipulating different memory spaces. Then, we show that the heap of CUDA is organized in a way that allows threads from the same warp or different blocks or even kernels to overwrite each other’s content, which indicates a high risk of corrupting data or steering the execution flow by overwriting function pointers. Furthermore, we verify that integer overflow and function pointer overflow in struct also can be exploited on GPUs. But other attacks against format string and exception handler seems not feasible due to the design choices of CUDA runtime and programming language features. Finally, we propose potential solutions of preventing the presented vulnerabilities for CUDA.

https://www.aimlab.org/haochen/papers/npc16-overflow.pdf

Standard
Uncategorized

Google on fuzzing PCIe

Fuzzing PCI express: security in plaintext
By Julia Hansbrough, Software Engineer

Google recently launched GPUs on Google Cloud Platform (GCP), which will allow customers to leverage this hardware for highly parallel workloads. These GPUs are connected to our cloud machines via a variety of PCIe switches, and that required us to have a deep understanding of PCIe security. Securing PCIe devices requires overcoming some inherent challenges. For instance, GPUs have become far more complex in the past few decades, opening up new avenues for attack. Since GPUs are designed to directly access system memory, and since hardware has historically been considered trusted, it’s difficult to ensure all the settings to keep it contained are set accurately, and difficult to ensure whether such settings even work. And since GPU manufacturers don’t make the source code or binaries available for the GPU’s main processes, we can’t examine those to gain more confidence. You can read more about the challenges presented by the PCI and PCIe specs here. With the risk of malicious behavior from compromised PCIe devices, Google needed to have a plan for combating these types of attacks, especially in a world of cloud services and publicly available virtual machines. Our approach has been to focus on mitigation: ensuring that compromised PCIe devices can’t jeopardize the security of the rest of the computer. Fuzzing to the rescue[…]

https://cloudplatform.googleblog.com/2017/02/fuzzing-PCI-Express-security-in-plaintext.html

Standard