Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU

Pietro Frigo, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

197 Downloads (Pure)

Abstract

Dark silicon is pushing processor vendors to add more specialized units such as accelerators to commodity processor chips. Unfortunately this is done without enough care to security. In this paper we look at the security implications of integrated Graphical Processor Units (GPUs) found in almost all mobile processors. We demonstrate that GPUs, already widely employed to accelerate a variety of benign applications such as image rendering, can also be used to 'accelerate' microarchitectural attacks (i.e., making them more effective) on commodity platforms. In particular, we show that an attacker can build all the necessary primitives for performing effective GPU-based microarchitectural attacks and that these primitives are all exposed to the web through standardized browser extensions, allowing side-channel and Rowhammer attacks from JavaScript. These attacks bypass state-of-the-art mitigations and advance existing CPU-based attacks: we show the first end-to-end microarchitectural compromise of a browser running on a mobile phone in under two minutes by orchestrating our GPU primitives. While powerful, these GPU primitives are not easy to implement due to undocumented hardware features. We describe novel reverse engineering techniques for peeking into the previously unknown cache architecture and replacement policy of the Adreno 330, an integrated GPU found in many common mobile platforms. This information is necessary when building shader programs implementing our GPU primitives. We conclude by discussing mitigations against GPU-enabled attackers.

Original languageEnglish
Title of host publicationProceedings - 2018 IEEE Symposium on Security and Privacy, SP 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages195-210
Number of pages16
ISBN (Electronic)9781538643525
DOIs
Publication statusPublished - 2018
Event39th IEEE Symposium on Security and Privacy, SP 2018 - San Francisco, United States
Duration: 21 May 201823 May 2018

Conference

Conference39th IEEE Symposium on Security and Privacy, SP 2018
CountryUnited States
CitySan Francisco
Period21/05/1823/05/18

Keywords

  • ARM
  • Browser security
  • Integrated GPUs
  • Microarchitectural attacks
  • Mobile security
  • Rowhammer
  • Side channels

Fingerprint Dive into the research topics of 'Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU'. Together they form a unique fingerprint.

Cite this