135 research outputs found
A Survey of Techniques for Improving Security of GPUs
Graphics processing unit (GPU), although a powerful performance-booster, also
has many security vulnerabilities. Due to these, the GPU can act as a
safe-haven for stealthy malware and the weakest `link' in the security `chain'.
In this paper, we present a survey of techniques for analyzing and improving
GPU security. We classify the works on key attributes to highlight their
similarities and differences. More than informing users and researchers about
GPU security techniques, this survey aims to increase their awareness about GPU
security vulnerabilities and potential countermeasures
Grand Pwning Unit:Accelerating Microarchitectural Attacks with the GPU
Dark silicon is pushing processor vendors to add more specialized units such as accelerators to commodity processor chips. Unfortunately this is done without enough care to security. In this paper we look at the security implications of integrated Graphical Processor Units (GPUs) found in almost all mobile processors. We demonstrate that GPUs, already widely employed to accelerate a variety of benign applications such as image rendering, can also be used to 'accelerate' microarchitectural attacks (i.e., making them more effective) on commodity platforms. In particular, we show that an attacker can build all the necessary primitives for performing effective GPU-based microarchitectural attacks and that these primitives are all exposed to the web through standardized browser extensions, allowing side-channel and Rowhammer attacks from JavaScript. These attacks bypass state-of-the-art mitigations and advance existing CPU-based attacks: we show the first end-to-end microarchitectural compromise of a browser running on a mobile phone in under two minutes by orchestrating our GPU primitives. While powerful, these GPU primitives are not easy to implement due to undocumented hardware features. We describe novel reverse engineering techniques for peeking into the previously unknown cache architecture and replacement policy of the Adreno 330, an integrated GPU found in many common mobile platforms. This information is necessary when building shader programs implementing our GPU primitives. We conclude by discussing mitigations against GPU-enabled attackers
Securing Critical Infrastructures
1noL'abstract è presente nell'allegato / the abstract is in the attachmentopen677. INGEGNERIA INFORMATInoopenCarelli, Albert
JackHammer: Efficient Rowhammer on Heterogeneous FPGA-CPU Platforms
After years of development, FPGAs are finally making an appearance on
multi-tenant cloud servers. These heterogeneous FPGA-CPU architectures break
common assumptions about isolation and security boundaries. Since the FPGA and
CPU architectures share hardware resources, a new class of vulnerabilities
requires us to reassess the security and dependability of these platforms.
In this work, we analyze the memory and cache subsystem and study Rowhammer
and cache attacks enabled on two proposed heterogeneous FPGA-CPU platforms by
Intel: the Arria 10 GX with an integrated FPGA-CPU platform, and the Arria 10
GX PAC expansion card which connects the FPGA to the CPU via the PCIe
interface. We show that while Intel PACs currently are immune to cache attacks
from FPGA to CPU, the integrated platform is indeed vulnerable to Prime and
Probe style attacks from the FPGA to the CPU's last level cache. Further, we
demonstrate JackHammer, a novel and efficient Rowhammer from the FPGA to the
host's main memory. Our results indicate that a malicious FPGA can perform
twice as fast as a typical Rowhammer attack from the CPU on the same system and
causes around four times as many bit flips as the CPU attack. We demonstrate
the efficacy of JackHammer from the FPGA through a realistic fault attack on
the WolfSSL RSA signing implementation that reliably causes a fault after an
average of fifty-eight RSA signatures, 25% faster than a CPU rowhammer attack.
In some scenarios our JackHammer attack produces faulty signatures more than
three times more often and almost three times faster than a conventional CPU
rowhammer attack.Comment: Accepted to IACR Transactions on Cryptographic Hardware and Embedded
Systems (TCHES), Volume 2020, Issue
A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility
The advanced encryption standard (AES) is the premier symmetric key cryptosystem in use today. Given its prevalence, the security provided by AES is of utmost importance. Technology is advancing at an incredible rate, in both capability and popularity, much faster than its rate of advancement in the late 1990s when AES was selected as the replacement standard for DES. Although the literature surrounding AES is robust, most studies fall into either theoretical or practical yet infeasible. This research takes the unique approach drawn from the performance field and dual nature of AES performance. It uses benchmarks to assess the performance potential of computer systems for both general purpose and AES. Since general performance information is readily available, the ratio may be used as a predictor for AES performance and consequently attack potential. The design involved distributing USB drives to facilitators containing a bootable Linux operating system and the benchmark instruments. Upon boot, these devices conducted the benchmarks, gathered system specifications, and submitted them to a server for regression analysis. Although it is likely to be many years in the future, the results of this study may help better predict when attacks against AES key lengths will become feasible
Gotcha! I Know What You are Doing on the FPGA Cloud: Fingerprinting Co-Located Cloud FPGA Accelerators via Measuring Communication Links
In recent decades, due to the emerging requirements of computation
acceleration, cloud FPGAs have become popular in public clouds. Major cloud
service providers, e.g. AWS and Microsoft Azure have provided FPGA computing
resources in their infrastructure and have enabled users to design and deploy
their own accelerators on these FPGAs. Multi-tenancy FPGAs, where multiple
users can share the same FPGA fabric with certain types of isolation to improve
resource efficiency, have already been proved feasible. However, this also
raises security concerns. Various types of side-channel attacks targeting
multi-tenancy FPGAs have been proposed and validated. The awareness of security
vulnerabilities in the cloud has motivated cloud providers to take action to
enhance the security of their cloud environments.
In FPGA security research papers, researchers always perform attacks under
the assumption that attackers successfully co-locate with victims and are aware
of the existence of victims on the same FPGA board. However, the way to reach
this point, i.e., how attackers secretly obtain information regarding
accelerators on the same fabric, is constantly ignored despite the fact that it
is non-trivial and important for attackers. In this paper, we present a novel
fingerprinting attack to gain the types of co-located FPGA accelerators. We
utilize a seemingly non-malicious benchmark accelerator to sniff the
communication link and collect performance traces of the FPGA-host
communication link. By analyzing these traces, we are able to achieve high
classification accuracy for fingerprinting co-located accelerators, which
proves that attackers can use our method to perform cloud FPGA accelerator
fingerprinting with a high success rate. As far as we know, this is the first
paper targeting multi-tenant FPGA accelerator fingerprinting with the
communication side-channel.Comment: To be published in ACM CCS 202
- …