Print Email Facebook Twitter Practical Microarchitectural Attacks from Integrated GPUs Title Practical Microarchitectural Attacks from Integrated GPUs Author Frigo, Pietro (TU Delft Electrical Engineering, Mathematics and Computer Science) Contributor Doerr, Christian (mentor) van der Lubbe, Jan (graduation committee) Wong, Stephan (graduation committee) Degree granting institution Delft University of Technology Date 2017-12-18 Abstract Dark silicon is pushing processor vendors to add more specialized units such as accelerators to commodity processor chips. Unfortunately this is done without enough care to security. In this paper we look at the security implications of integrated Graphical Processor Units (GPUs) found in almost all mobile processors. We demonstrate that GPUs, already widely employed to accelerate a variety of benign applications such as image rendering, can also be used to “accelerate” microarchitectural attacks (i.e., making them more effective) on commodity platforms. In particular, we show that an attacker can build all the necessary primitives for performing effective GPU-based microarchitectural attacks and that these primitives are all exposed to the web through standardized browser extensions, allowing side-channel and Rowhammer attacks from JavaScript. These attacks bypass state-of-the-art mitigations and advance existing CPU-based attacks: we show the first end-to-end microarchitectural compromise of a browser running on a mobile phone by orchestrating our GPU primitives. While powerful, these GPU primitives are not easy to implement due to undocumented hardware features. We describe novel reverse engineering techniques for peeking into the previously unknown cache architecture and replacement policy of the Adreno 330, an integrated GPU found in many common mobile platforms. This information is necessary when building shader programs implementing our GPU primitives. We conclude by discussing mitigations against GPU-enabled attackers. Subject Microarchitectural AttacksIntegrated GPUsMobile SecuritySide-Channel AttacksRowhammer AttacksARM To reference this document use: http://resolver.tudelft.nl/uuid:c0d3c629-4c67-4741-9776-05802d89872f Embargo date 2018-05-23 Part of collection Student theses Document type master thesis Rights © 2017 Pietro Frigo Files PDF thesis.pdf 1.16 MB Close viewer /islandora/object/uuid:c0d3c629-4c67-4741-9776-05802d89872f/datastream/OBJ/view