TWC: Small: Enhancing the Security and Performance of GPU Access in Web Browsers

TWC：小型：增强 Web 浏览器中 GPU 访问的安全性和性能

• 批准号: 1617513
• 负责人: Ardalan Amiri Sani
• 金额: $ 49.98万
• 依托单位: University of California-Irvine
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-06-15 至 2020-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1617513&HistoricalAwards=false
• 关键词: TWC; Small; Enhancing; Security; Performance

Modern personal computers have embraced increasingly powerful Graphics Processing Units (GPUs), hardware components that enable high performance graphics. The software that controls the programming of these GPUs in today's computers (i.e., the graphics stack) was designed to be used by applications acquired from trustworthy developers and installed directly by the user. However, web applications (i.e., applications running inside a web browser) are gaining in popularity and WebGL is a recent industry effort to provide GPU-based graphics for web applications. However, WebGL has posed serious security concerns as malicious web applications have used WebGL to accomplish attacks on user's systems. Unfortunately, web browser-based protection techniques have not solved the security concerns and have significantly worsened WebGL performance. This project is developing techniques to improve the security of GPU-based graphics for web applications, without worsening performance.The project is proceeding in two research thrusts. In the first thrust, the researchers are using GPU virtualization technology to sandbox a web application's access to the GPU, providing hardware-level isolation for sharing a GPU. In this design, each web application uses a dedicated virtual GPU (or vGPU) allowing the web application to achieve high graphics performance, while isolating it from the rest of the system. The project is developing a new operating system compositor to control and schedule the shared resources between the vGPUs. Unfortunately, the vGPU-based architecture cannot prevent all possible GPU-based security attacks, including some forms of information leakage, denials-of-service, and memory integrity attacks. In the second thrust, the researchers are studying these remaining attack vectors and developing complementary solutions.

现代的个人计算机已经采用了越来越强大的图形处理单元（GPU），即启用高性能图形的硬件组件。在当今的计算机（即图形堆栈）中控制这些GPU的编程的软件旨在由从可信赖的开发人员那里获得的应用程序使用，并直接由用户安装。但是，Web应用程序（即，在Web浏览器内运行的应用程序）正在流行，WebGL是最近为Web应用程序提供基于GPU的图形的行业努力。但是，由于恶意Web应用程序已使用WebGL来完成对用户系统的攻击，因此WebGL提出了严重的安全问题。不幸的是，基于Web浏览器的保护技术尚未解决安全性问题，并显着恶化了WebGL性能。该项目正在开发技术来提高基于GPU的图形在Web应用程序中的安全性，而不会加剧性能。在第一个推力中，研究人员正在使用GPU虚拟化技术来打磨Web应用程序对GPU的访问，从而提供了共享GPU的硬件级别隔离。在此设计中，每个Web应用程序都使用专用的虚拟GPU（或VGPU），允许Web应用程序实现高图形性能，同时将其与系统的其余部分隔离。该项目正在开发一个新的操作系统合并器，以控制和安排VGPU之间的共享资源。不幸的是，基于VGPU的体系结构无法防止所有可能的基于GPU的安全攻击，包括某些形式的信息泄漏，拒绝服务和内存完整性攻击。在第二个推力中，研究人员正在研究这些剩余的攻击载体并开发互补的解决方案。

项目成果

Tabellion: secure legal contracts on mobile devices

Tabellion：移动设备上的安全法律合同

• DOI: 10.1145/3386901.3389027
• 发表时间: 2020
• 期刊: and Services
• 作者: Mirzamohammadi, Saeed;Liu, Yuxin;Huang, Tianmei Ann;Sani, Ardalan Amiri;Agarwal, Sharad;Kim, Sung Eun
• 通讯作者: Kim, Sung Eun

Undo Workarounds for Kernel Bugs

• 发表时间: 2021
• 作者: S. Talebi;Zhihao Yao;A. A. Sani-A.;Zhiyun Qian;D. Austin

Minimizing a Smartphone's TCB for Security-Critical Programs with Exclusively-Used, Physically-Isolated, Statically-Partitioned Hardware

• DOI: 10.1145/3581791.3596864
• 发表时间: 2023-06
• 期刊: Proceedings of the 21st Annual International Conference on Mobile Systems, Applications and Services
• 作者: Zhihao Yao;Seyed Mohammadjavad Seyed Talebi-Seyed-Mohammadjavad-Seyed-Talebi-2220160600;M. Chen;Ardalan Amiri Sani;T. Anderson