07/04/2016 - 07/04/2016

Abstract:

Graphics Processing Units (GPUs) have become  an integral part of modern systems, but their implications for system security are not yet clear.  In this talk I will discuss our ongoing research in security of GPU-accelerated systems. Specifically, I will  show that, in contrast to previous publications, GPUs  cannot be used as secure co-processors.  Moreover,  GPU themselves may serve a platform for running highly stealthy malware with unlimited access to system memory. I will describe two new attacks, one which modifies the GPU closed-source binary driver in OS kernel memory, and another one that infects the GPU firmware. Both attacks enable unlimited access to CPU memory, in addition bypassing IOTLB protection.  We also demonstrate a new GPU-based covert channel which enables hidden bi-directional communications with network servers from a standard web browser.