TWC: Small: Enhancing the Security and Performance of GPU Access in Web Browsers

TWC：小型：增强 Web 浏览器中 GPU 访问的安全性和性能

• 批准号: 1617513
• 负责人: Ardalan Amiri Sani
• 金额: $ 49.98万
• 依托单位: University of California-Irvine
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-06-15 至 2020-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1617513&HistoricalAwards=false
• 关键词: TWC; Small; Enhancing; Security; Performance

Modern personal computers have embraced increasingly powerful Graphics Processing Units (GPUs), hardware components that enable high performance graphics. The software that controls the programming of these GPUs in today's computers (i.e., the graphics stack) was designed to be used by applications acquired from trustworthy developers and installed directly by the user. However, web applications (i.e., applications running inside a web browser) are gaining in popularity and WebGL is a recent industry effort to provide GPU-based graphics for web applications. However, WebGL has posed serious security concerns as malicious web applications have used WebGL to accomplish attacks on user's systems. Unfortunately, web browser-based protection techniques have not solved the security concerns and have significantly worsened WebGL performance. This project is developing techniques to improve the security of GPU-based graphics for web applications, without worsening performance.The project is proceeding in two research thrusts. In the first thrust, the researchers are using GPU virtualization technology to sandbox a web application's access to the GPU, providing hardware-level isolation for sharing a GPU. In this design, each web application uses a dedicated virtual GPU (or vGPU) allowing the web application to achieve high graphics performance, while isolating it from the rest of the system. The project is developing a new operating system compositor to control and schedule the shared resources between the vGPUs. Unfortunately, the vGPU-based architecture cannot prevent all possible GPU-based security attacks, including some forms of information leakage, denials-of-service, and memory integrity attacks. In the second thrust, the researchers are studying these remaining attack vectors and developing complementary solutions.

现代个人计算机已经采用了越来越强大的图形处理单元 (GPU)，这些硬件组件可实现高性能图形。当今计算机中控制这些 GPU 编程的软件（即图形堆栈）旨在供从值得信赖的开发人员处获取并由用户直接安装的应用程序使用。然而，Web 应用程序（即在 Web 浏览器内运行的应用程序）越来越受欢迎，而 WebGL 是业界最近的一项努力，旨在为 Web 应用程序提供基于 GPU 的图形。然而，WebGL 带来了严重的安全问题，因为恶意 Web 应用程序已使用 WebGL 来完成对用户系统的攻击。不幸的是，基于 Web 浏览器的保护技术并没有解决安全问题，并且显着恶化了 WebGL 性能。该项目正在开发技术来提高 Web 应用程序基于 GPU 的图形的安全性，同时不会降低性能。该项目正在分两个研究方向进行。第一个重点是，研究人员使用 GPU 虚拟化技术对 Web 应用程序对 GPU 的访问进行沙箱处理，为共享 GPU 提供硬件级隔离。在此设计中，每个 Web 应用程序都使用专用的虚拟 GPU（或 vGPU），使 Web 应用程序能够实现高图形性能，同时将其与系统的其余部分隔离。该项目正在开发一种新的操作系统合成器来控制和调度 vGPU 之间的共享资源。不幸的是，基于 vGPU 的架构无法防止所有可能的基于 GPU 的安全攻击，包括某些形式的信息泄漏、拒绝服务和内存完整性攻击。在第二个重点中，研究人员正在研究这些剩余的攻击向量并开发补充解决方案。

项目成果

Tabellion: secure legal contracts on mobile devices

Tabellion：移动设备上的安全法律合同

• DOI: 10.1145/3386901.3389027
• 发表时间: 2020-06-15
• 期刊: Proceedings of the 18th International Conference on Mobile Systems, Applications, and Services
• 作者: S. Mirzamohammadi;Yuxin Liu;Tianmei Ann Huang;A. A. Sani;S. Agarwal;Sung Eun Kim
• 通讯作者: Sung Eun Kim

Undo Workarounds for Kernel Bugs

撤消内核错误的解决方法

• 发表时间: 2021-01
• 期刊: USENIX Security Symposium
• 作者: Seyed Mohammadjavad Seyed Talebi;Zhihao Yao;Ardalan Amiri Sani;Zhiyun Qian;Daniel Austin
• 通讯作者: Daniel Austin

Minimizing a Smartphone's TCB for Security-Critical Programs with Exclusively-Used, Physically-Isolated, Statically-Partitioned Hardware

通过专用、物理隔离、静态分区的硬件，最大限度地减少智能手机的安全关键程序的 TCB

• DOI: 10.1145/3581791.3596864
• 发表时间: 2023-06-18
• 期刊: Proceedings of the 21st Annual International Conference on Mobile Systems, Applications and Services
• 作者: Zhihao Yao;Seyed Mohammadjavad Seyed Talebi;M. Chen;Ardalan Amiri Sani;T. Anderson
• 通讯作者: T. Anderson