Sugar: Secure GPU Acceleration in Web Browsers
|
|
- Domenic Palmer
- 5 years ago
- Views:
Transcription
1 Sugar: Secure GPU Acceleration in Web Browsers Zhihao Yao, Zongheng Ma, Yingtong Liu, Ardalan Amiri Sani, Aparna Chandramowlishwaran Trustworthy Systems Lab, UC Irvine 1
2 WebGL was released in Source:
3 WebGL is popular WebGL adoption rate by top 100 websites 47.0% 53.0% 3
4 WebGL is popular Browser support rate (48.8 million visitors) Does not support 4.0% 96.0% 4 Source: (2017)
5
6 WebGL recap 6
7 First, a quick recap on OpenGL Native app user space Kernel mode GPU driver hardware GPU hardware 7
8 First, a quick recap on OpenGL Native app Native functionapp call user space Kernel mode GPU driver hardware GPU hardware 8
9 First, a quick recap on OpenGL Native app Native app user space syscall Kernel mode GPU driver hardware GPU hardware 9
10 Use the same design for WebGL? Web app Buggy Malicious user space Compromised Kernel mode GPU driver hardware GPU hardware 10
11 Web apps are not trusted Web app Buggy Malicious user space Compromised Kernel mode GPU driver hardware GPU hardware 11
12 GPU driver is buggy Web app Buggy Malicious user space Compromised Kernel mode GPU driver hardware GPU hardware 12
13 Kernel driver is compromised Web app web app Buggy Malicious user space Compromised Kernel mode GPU driver hardware GPU hardware 13
14 Current WebGL design GPU Process Web app Web Webapp app Checks Browser user space Kernel mode GPU driver hardware GPU hardware 14
15 Current WebGL design GPU Process IPC Web app Web Webapp app Checks Browser user space Kernel mode GPU driver hardware GPU hardware 15
16 Security checks in GPU Process GPU Process Web app Web Webapp app Checks Browser user space Kernel mode GPU driver hardware GPU hardware 16
17 TCB of current WebGL Design GPU Process Web app Web Webapp app Checks Browser Kernel mode GPU driver GPU hardware ,000 LoC (GPU Process) 457,000 LoC (GL libraries) 123,000 LoC (GPU driver)
18 Vulnerabilities in GPU process GPU Process Web app Web Webapp app Checks Browser Kernel mode GPU driver GPU hardware 18 CVE CVE CVE CVE CVE
19 Kernel driver is compromised GPU Process Web app Web Webapp app Checks Browser Kernel mode GPU driver CVE * Chrome Chrome * CVE CVE GPU hardware 19 *Not yet fixed
20 Vulnerability examples CVE CVE CVE CVE CVE Chrome Issue Chrome Issue CVE * Chrome issue Chrome issue * CVE CVE CVE execute arbitrary code execute arbitrary code read browser UI read GPU process memory use of cross-origin contents browser hang leak system username system UI freeze kernel panic system UI freeze read of GPU memory read of GPU memory read of GPU memory 20 *Not yet fixed
21 Our WebGL vulnerability study 21
22 Current WebGL design High performance Known Zero day vulnerabilities vulnerabilities 22 System UI freeze
23 CVE , read of GPU graphics memory We type some private notes in terminal: 23
24 CVE , read of GPU graphics memory 24
25 Overview of Sugar Key idea: Use GPU virtualization to give an untrusted web app a separate vgpu 25
26 Intel GPU virtualization We build a prototype on Intel GPU virtualization Intel GPU virtualization is available since the 4th generation Core processors [1] [1] Photo credit:
27 27
28 vgpu 2 vgpu 1 GPU GPU 28
29 Sugar s design Web app GPU Process vgpu driver Browser Kernel mode GPU driver user space hardware vgpu GPU hardware 29
30 Sugar s design Web app function call GPU Process vgpu driver Browser Kernel mode GPU driver user space hardware vgpu GPU hardware 30
31 Sugar s design Web app GPU Process function call vgpu driver Browser Kernel mode GPU driver user space hardware vgpu GPU hardware 31
32 Sugar s design Web app GPU Process vgpu driver Browser Kernel mode GPU driver user space hardware vgpu GPU hardware 32
33 Sugar s design Web app GPU Process virtual graphics plane vgpu driver Browser Kernel mode GPU driver vgpu GPU hardware 33 primary graphics plane
34 Why is Sugar secure? 34
35 Web app process is untrusted Web app GPU Process vgpu driver Browser Kernel mode GPU driver user space hardware vgpu GPU hardware 35
36 Web app process is sandboxed Web app GPU Process vgpu driver Browser Kernel mode GPU driver user space hardware vgpu GPU hardware 36
37 vgpu is isolated Web app GPU Process vgpu driver Browser Kernel mode GPU driver user space hardware vgpu GPU hardware 37
38 Sugar s TCB is small Web app GPU Process vgpu driver Browser 34,400 LoC (GPU virtualization) Kernel mode GPU driver user space hardware vgpu GPU hardware 38
39 Vulnerability examples CVE CVE CVE CVE CVE Chrome Issue Chrome Issue CVE * Chrome issue Chrome issue * CVE CVE CVE execute arbitrary code execute arbitrary code read browser UI read GPU process memory use of cross-origin contents browser hang leak system username system UI freeze kernel panic system UI freeze read of GPU memory read of GPU memory read of GPU memory 39 *Not yet fixed
40 Limitation of this Sugar design Intel vgpu hang will cause a real GPU hang 40
41 Dual-GPU Sugar Key idea: Use two GPUs to fully isolate the virtual graphics plane and the primary graphics plane. Solves system UI freeze Provides better performance isolation 41
42 Dual-GPU Sugar s design Web app GPU process vgpu driver user space Browser Kernel mode GPU 1 driver Kernel mode GPU 2 driver hardware vgpu GPU 1 hardware GPU 2 hardware Photo credit:
43 Many computers have two GPUs dell.com/inspiron15 apple.com/macbook-pro store.hp.com/envy 43
44 Intel s 8th Generation Core Processors with Radeon RX Vega M Graphics Source:
45 Sugar s implementation 45
46 WebGL in web app process Reuse most of GPU process code WebKit / Blink Ported from GPU process WebGL frontend WebGL backend vgpu driver 46
47 vgpu driver as a library We modify to issue function calls instead of syscalls WebKit / Blink WebGL frontend WebGL backend function call vgpu driver 47
48 Register: trap and emulate Web app GPU Process vgpu driver Mapped registers Browser Kernel mode GPU driver user space hardware vgpu GPU hardware 48
49 Register: trap and emulate Web app GPU Process vgpu driver Mapped registers Browser Kernel mode GPU driver GPU virtualization layer will emulate user space hardware vgpu GPU hardware 49
50 Interrupt: deliver as signal Web app GPU Process vgpu driver Browser Kernel mode GPU driver Interrupt user space hardware vgpu GPU hardware 50
51 Interrupt: deliver as signal Web app GPU Process vgpu driver Browser The virtualization layer delivers as a signal Kernel mode GPU driver Interrupt user space hardware vgpu GPU hardware 51
52 Interrupt: deliver as signal Web app GPU Process vgpu driver Signal Browser Kernel mode GPU driver Interrupt user space hardware vgpu GPU hardware 52
53 DMA overview GPU DMA 53 Main memory
54 DMA overview vgpu Page table DMA 54 Main memory
55 Evaluations 55
56 Sugar s performance is good under the same WebGL benchmarks that Chrome uses 56
57 Sugar s performance is good under the same WebGL benchmarks that Chrome uses 60 FPS 57
58 Sugar s CPU overhead is low Sugar is better than CPU rendering by 375% on average 58
59 Summary Sugar leverages modern GPU virtualization solutions to isolate WebGL Sugar addresses this by repurposing Intel vgpu driver to a library Thank you! Sugar is open source: 59
Tolerating Malicious Drivers in Linux. Silas Boyd-Wickizer and Nickolai Zeldovich
XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory,...
More informationARMlock: Hardware-based Fault Isolation for ARM
ARMlock: Hardware-based Fault Isolation for ARM Yajin Zhou, Xiaoguang Wang, Yue Chen, and Zhi Wang North Carolina State University Xi an Jiaotong University Florida State University Software is Complicated
More informationEleos: Exit-Less OS Services for SGX Enclaves
Eleos: Exit-Less OS Services for SGX Enclaves Meni Orenbach Marina Minkin Pavel Lifshits Mark Silberstein Accelerated Computing Systems Lab Haifa, Israel What do we do? Improve performance: I/O intensive
More informationCharm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems
Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems Seyed Mohammadjavad Seyed Talebi, Hamid Tavakoli, Hang Zhang, Zheng Zhang, Ardalan Amiri Sani, Zhiyun Qian UC Irvine UC Riverside
More informationFlicker: An Execution Infrastructure for TCB Minimization
Flicker: An Execution Infrastructure for TCB Minimization Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Hiroshi Isozaki (EuroSys 08) Presented by: Tianyuan Liu Oct 31, 2017 Outline Motivation
More informationSECURING SOFTWARE AGAINST LIBRARY ATTACKS
SECURING SOFTWARE AGAINST LIBRARY ATTACKS Roland Yap School of Computing National University of Singapore ryap@comp.nus.edu.sg Session ID: DAS W05 Session Classification: Advanced Untrusted Libraries Software
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationAdvanced Systems Security: Virtual Machine Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationNetworks and Operating Systems Chapter 11: Introduction to Operating Systems
Systems Group Department of Computer Science ETH Zürich Networks and Operating Systems Chapter 11: Introduction to Operating Systems (252-0062-00) Donald Kossmann & Torsten Hoefler Frühjahrssemester 2012
More informationNVIDIA GRID A True PC Experience for Everyone Anywhere
NVIDIA GRID A True PC Experience for Everyone Anywhere Why Every PC Has a GPU AGENDA NVIDIA GRID GPUs for Virtual Computing Solutions Roadmaps Resources at NVIDIA NVIDIA THE VISUAL COMPUTING COMPANY What
More informationKhronos and the Mobile Ecosystem
Copyright Khronos Group, 2011 - Page 1 Khronos and the Mobile Ecosystem Neil Trevett VP Mobile Content, NVIDIA President, Khronos Copyright Khronos Group, 2011 - Page 2 Topics It s not just about individual
More informationShrinath Shanbhag Senior Software Engineer Microsoft Corporation
Accelerating GPU inferencing with DirectML and DirectX 12 Shrinath Shanbhag Senior Software Engineer Microsoft Corporation Machine Learning Machine learning has become immensely popular over the last decade
More informationX.org security. Recap, vulnerabilities, attacks and discussions on the graphic stack s security. Martin Peres & Timothée Ravier
X.org security Recap, vulnerabilities, attacks and discussions on the graphic stack s security Martin Peres & Timothée Ravier Ph.D. student at LaBRI, System security engineer September 19 21, 2012 Disclaimer
More informationEfficient Software Based Fault Isolation. Software Extensibility
Efficient Software Based Fault Isolation Robert Wahbe, Steven Lucco Thomas E. Anderson, Susan L. Graham Software Extensibility Operating Systems Kernel modules Device drivers Unix vnodes Application Software
More informationTowards Application Security on Untrusted Operating Systems
Towards Application Security on Untrusted Operating Systems Dan R. K. Ports MIT CSAIL & VMware Tal Garfinkel VMware Motivation Many applications handle sensitive data financial, medical, insurance, military...
More informationISOLATION DEFENSES GRAD SEC OCT
ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted environment Setting Possibly with multiple tenants OS: users / processes Browser: webpages / browser extensions Cloud:
More informationSandboxing Untrusted Code: Software-Based Fault Isolation (SFI)
Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI) Brad Karp UCL Computer Science CS GZ03 / M030 9 th December 2011 Motivation: Vulnerabilities in C Seen dangers of vulnerabilities: injection
More informationChrome Extension Security Architecture
Chrome Extension Security Architecture Presenter: Jienan Liu Network, Intelligence & security Lab outline Chrome extension introduction Threats towards extension Chrome extension s security architecture
More informationExperiences Developing a Wayland-Based Tizen IVI HMI. Ossama Othman
Experiences Developing a Wayland-Based Tizen IVI HMI Ossama Othman Context Provide human-machine interface (HMI) better suited for Tizen IVI Driver safety React to vehicle state Options Leverage existing
More informationWebGL. Announcements. WebGL for Graphics Developers. WebGL for Web Developers. Homework 5 due Monday, 04/16. Final on Tuesday, 05/01
Announcements Patrick Cozzi University of Pennsylvania CIS 565 - Spring 2012 Homework 5 due Monday, 04/16 In-class quiz Wednesday, 04/18 Final on Tuesday, 05/01 6-8pm David Rittenhouse Lab A7 Networking
More informationSIGGRAPH Briefing August 2014
Copyright Khronos Group 2014 - Page 1 SIGGRAPH Briefing August 2014 Neil Trevett VP Mobile Ecosystem, NVIDIA President, Khronos Copyright Khronos Group 2014 - Page 2 Significant Khronos API Ecosystem Advances
More informationIntroduction to Qubes OS
Introduction to Qubes OS bhyvecon Tokyo 2014 @ntddk Self-introduction Yuma Kurogome(@ntddk) Takeda Lab @ KEIO Univ. Researching about security in low-layer Participant of Security Camp '11, '13 CTF player
More informationBringing Android to Secure SDRs
Bringing Android to Secure SDRs David Kleidermacher Frank Vandenberg SDR 11 WinnComm - Europe Agenda Overview Why Android in SDR? Android Security Proposed Architecture Typical red-black architecture for
More informationStefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan. Stanford University, Chalmers University of Technology
Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology One of the most popular application platforms Easy to deploy and access Almost anything
More informationOne Ring to Rule them All
One Ring to Rule them All A primer on virtualization enhanced security @SimonCrosby Co-founder & CTO Introduction We use micro-virtualization to secure endpoints We serve enterprises and government agencies
More informationOn the effectiveness of mitigations against floating-point timing channels. David Kohlbrenner Hovav Shacham UC San Diego
On the effectiveness of mitigations against floating-point timing channels David Kohlbrenner Hovav Shacham UC San Diego How effective are On the effectiveness of mitigations? against floating-point timing
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationTRESCCA Trustworthy Embedded Systems for Secure Cloud Computing
TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing IoT Week 2014, 2014 06 17 Ignacio García Wellness Telecom Outline Welcome Motivation Objectives TRESCCA client platform SW framework for
More informationSECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM
1 SRIFY: A COMPOSITIONAL APPROACH OF BUILDING SRITY VERIFIED SYSTEM Liu Yang, Associate Professor, NTU SG-CRC 2018 28 March 2018 2 Securify Approach Compositional Security Reasoning with Untrusted Components
More informationSecurity as a Architectural Concern, Chrome Arch, and NFP Measurement Reid Holmes
Material and some slide content from: - Software Architecture: Foundations, Theory, and Practice - Krzysztof Czarnecki Security as a Architectural Concern, Chrome Arch, and NFP Measurement Reid Holmes
More informationGraphene-SGX. A Practical Library OS for Unmodified Applications on SGX. Chia-Che Tsai Donald E. Porter Mona Vij
Graphene-SGX A Practical Library OS for Unmodified Applications on SGX Chia-Che Tsai Donald E. Porter Mona Vij Intel SGX: Trusted Execution on Untrusted Hosts Processing Sensitive Data (Ex: Medical Records)
More informationVirtual Machine Security
Virtual Machine Security CSE443 - Spring 2012 Introduction to Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ 1 Operating System Quandary Q: What is the primary goal
More informationSpectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment. Orin Jeff Melnick
Spectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment Orin Thomas @orinthomas Jeff Melnick Jeff.Melnick@Netwrix.com In this session Vulnerability types Spectre Meltdown Spectre
More informationApplication Architectures for Critical Data Isolation. Zhenkai Liang
Application Architectures for Critical Data Isolation Zhenkai Liang 1 Computing Platform in Cloud Era User access control Same Origin Policy App Permissions 2 New Security Challenges Heterogeneous system
More informationSecurity Bugs in Embedded Interpreters
Security Bugs in Embedded Interpreters Haogang Chen, Cody Cutler, Taesoo Kim, Yandong Mao, Xi Wang, Nickolai Zeldovich and M. Frans Kaashoek MIT CSAIL Embedded interpreters Host system Bytecode Input Embedded
More informationShreds: S H R E. Fine-grained Execution Units with Private Memory. Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, Long Lu D S
Shreds: S H R E D S Fine-grained Execution Units with Private Memory Yaohui Chen, Sebassujeen Reymondjohnson, Zhichuang Sun, Long Lu RiS3 Lab / Computer Science / Stony Brook University 1 Execution Units
More informationThe benefits and costs of writing a POSIX kernel in a high-level language
1 / 38 The benefits and costs of writing a POSIX kernel in a high-level language Cody Cutler, M. Frans Kaashoek, Robert T. Morris MIT CSAIL Should we use high-level languages to build OS kernels? 2 / 38
More informationOperating Systems. Operating System Structure. Lecture 2 Michael O Boyle
Operating Systems Operating System Structure Lecture 2 Michael O Boyle 1 Overview Architecture impact User operating interaction User vs kernel Syscall Operating System structure Layers Examples 2 Lower-level
More informationPresented by Alex Nicolaou
Presented by Alex Nicolaou The world wide Application Server More about Security: Design Principles Do not re-invent the wheel Principle of least privilege Sandboxed code is malicious code
More informationSandboxing. CS-576 Systems Security Instructor: Georgios Portokalidis Spring 2018
Sandboxing CS-576 Systems Security Instructor: Georgios Portokalidis Sandboxing Means Isolation Why? Software has bugs Defenses slip Untrusted code Compartmentalization limits interference and damage!
More informationCS 470 Spring Virtualization and Cloud Computing. Mike Lam, Professor. Content taken from the following:
CS 470 Spring 2018 Mike Lam, Professor Virtualization and Cloud Computing Content taken from the following: A. Silberschatz, P. B. Galvin, and G. Gagne. Operating System Concepts, 9 th Edition (Chapter
More informationThe Most Dangerous Code in the Browser. Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Modern web experience Modern web experience Modern web experience Web apps Extensions NYTimes Chase AdBlock
More informationNext Generation Verification Process for Automotive and Mobile Designs with MIPI CSI-2 SM Interface
Thierry Berdah, Yafit Snir Next Generation Verification Process for Automotive and Mobile Designs with MIPI CSI-2 SM Interface Agenda Typical Verification Challenges of MIPI CSI-2 SM designs IP, Sub System
More informationLive Migration with Mdev Device
Live Migration with Mdev Device Yulei Zhang yulei.zhang@intel.com 1 Background and Motivation Live Migration Desgin of Mediated Device vgpu Live Migration Implementation Current Status and Demo Future
More informationCharm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems
Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems Seyed Mohammadjavad Seyed Talebi, Hamid Tavakoli, Hang Zhang, Zheng Zhang, Ardalan Amiri Sani, Zhiyun Qian UC Irvine, UC Riverside
More informationExtended Page Tables (EPT) A VMM must protect host physical memory Multiple guest operating systems share the same host physical memory VMM typically implements protections through page-table shadowing
More informationSpectre and Meltdown. Clifford Wolf q/talk
Spectre and Meltdown Clifford Wolf q/talk 2018-01-30 Spectre and Meltdown Spectre (CVE-2017-5753 and CVE-2017-5715) Is an architectural security bug that effects most modern processors with speculative
More informationDawn Song
1 Virtual Machines & Security Dawn Song dawnsong@cs.berkeley.edu Virtual Machines VM: Execution environment that gives the illusion of a real machine VMM/Hypervisor: host software which provides this capability
More informationWeb Physics: A Hardware Accelerated Physics Engine for Web- Based Applications
Web Physics: A Hardware Accelerated Physics Engine for Web- Based Applications Tasneem Brutch, Bo Li, Guodong Rong, Yi Shen, Chang Shu Samsung Research America-Silicon Valley {t.brutch, robert.li, g.rong,
More informationEscaping The Sandbox By Not Breaking It
Escaping The Sandbox By Not Breaking It Marco Grassi Qidan He (@marcograss) (@flanker_hqd) About Us Marco Grassi Senior Security Researcher @ Tencent KEEN Lab Main Focus: Vulnerability Research, Android,
More informationCorey Clark PhD Daniel Montgomery
Corey Clark PhD Daniel Montgomery Web Dev Platform Cross Platform Cross Browser WebGL HTML5 Web Socket Web Worker Hardware Acceleration Optimized Communication Channel Parallel Processing JaHOVA OS Kernel
More informationExperiences Developing a Wayland Based IVI HMI. Ossama Othman 28 May 2013
Experiences Developing a Wayland Based IVI HMI Ossama Othman 28 May 2013 Context Provide human-machine interface (HMI) better suited for Tizen IVI Driver safety React to vehicle state Options Leverage
More informationFault Isolation for Device Drivers
Fault Isolation for Device Drivers 39 th International Conference on Dependable Systems and Networks, 30 June 2009, Estoril Lisbon, Portugal Jorrit N. Herder Vrije Universiteit Amsterdam ~26% of Windows
More informationSecurity when applications become web sites
1/20 Security when applications become web sites Andrea Bittau, Arti Gupta, and David Mazières April 30, 2010 Web and apps perceived differently 2/20 Users know software can do bad things. Conservative:
More informationVirtualization, Xen and Denali
Virtualization, Xen and Denali Susmit Shannigrahi November 9, 2011 Susmit Shannigrahi () Virtualization, Xen and Denali November 9, 2011 1 / 70 Introduction Virtualization is the technology to allow two
More informationThe Challenges of X86 Hardware Virtualization. GCC- Virtualization: Rajeev Wankar 36
The Challenges of X86 Hardware Virtualization GCC- Virtualization: Rajeev Wankar 36 The Challenges of X86 Hardware Virtualization X86 operating systems are designed to run directly on the bare-metal hardware,
More informationAutomated Detection of Firefox Extension-
Automated Detection of Firefox Extension- Click to edit Master text Reuse stylesvulnerabilities Ahmet S BUYUKKAYHAN William ROBERTSON Co-directs Third the level NEU Systems Security Lab with Engin Kirda
More informationThe Evolution of Chrome Security Architecture. Huan Ren Director, Qihoo 360 Technology Ltd
The Evolution of Chrome Security Architecture Huan Ren Director, Qihoo 360 Technology Ltd Today s Chrome Architecture Browser GPU Sandbox Policy Renderer Extension Plug In History Initial version: multi-process,
More informationContainer Isolation at Scale (... and introducing gvisor) Dawn Chen and Zhengyu He
Container Isolation at Scale (... and introducing gvisor) Dawn Chen and Zhengyu He Containers are amazing! Year 2013: Docker Inc. released its container engine Million downloads and about 8,000 docker
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 1 Operating System Quandary Q: What is the primary goal of
More informationChapter 5 B. Large and Fast: Exploiting Memory Hierarchy
Chapter 5 B Large and Fast: Exploiting Memory Hierarchy Dependability 5.5 Dependable Memory Hierarchy Chapter 6 Storage and Other I/O Topics 2 Dependability Service accomplishment Service delivered as
More informationCSE543 - Computer and Network Security Module: Virtualization
CSE543 - Computer and Network Security Module: Virtualization Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Operating System Quandary Q: What is the primary goal of system
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationCS 550 Operating Systems Spring System Call
CS 550 Operating Systems Spring 2018 System Call 1 Recap: The need for protection When running user processes, the OS needs to protect itself and other system components For reliability: buggy programs
More informationAN EVALUATION OF THE GOOGLE CHROME EXTENSION SECURITY ARCHITECTURE
AN EVALUATION OF THE GOOGLE CHROME EXTENSION SECURITY ARCHITECTURE Nicholas Carlini, Adrienne Porter Felt, David Wagner University of California, Berkeley CHROME EXTENSIONS CHROME EXTENSIONS servers servers
More informationGet your port on! porting to Native Client as of Pepper 18. Colt "MainRoach" McAnlis
Get your port on! porting to Native Client as of Pepper 18 Colt "MainRoach" McAnlis 3.05.2012 Getting Started gonacl.com It works! Native Client runs C++ code in a web page No plug-in required The Gist
More informationEVALUATING WINDOWS 10: LEARN WHY YOUR USERS NEED GPU ACCELERATION
EVALUATING WINDOWS 10: LEARN WHY YOUR USERS NEED GPU ACCELERATION Erik Bohnhorst, Manager, ProViz Performance Engineering, NVIDIA Nachiket Karmarkar, Senior Performance Engineer, NVIDIA WINDOWS 10 VDI
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationExploiting and Protecting Dynamic Code Generation
Exploiting and Protecting Dynamic Code Generation Chengyu Song Georgia Institute of Technology csong84@gatech.edu Chao Zhang UC Berkeley chaoz@berkeley.edu Tielei Wang, Wenke Lee Georgia Institute of Technology
More informationROTE: Rollback Protection for Trusted Execution
ROTE: Rollback Protection for Trusted Execution Sinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David Sommer, Arthur Gervais, Ari Juels, Srdjan Capkun Siniša Matetić ETH Zurich Institute of
More informationOS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
More informationT-SGX: Eradicating Controlled-Channel
T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs Ming-Wei Shih Sangho Lee Taesoo Kim Marcus Peinado Georgia Institute of Technology Microsoft Research 2 3 Intel SGX aims to secure
More informationMultiDroid: A Novel Solution to Consolidate Interactive Physical Android Clients on One Single Computing Platform
MultiDroid: A Novel Solution to Consolidate Interactive Physical Android Clients on One Single Computing Platform Bin Yang Shoumeng, Yan Intel R&D Center Intel Labs Agenda Background and Scenarios Solution
More informationProtection. Thierry Sans
Protection Thierry Sans Protecting Programs How to lower the risk of a program security flaw resulting from a bug? 1. Build better programs 2. Build better operating systems Build Better Programs Why are
More informationViola: Trustworthy Sensor Notifications for Enhanced Privacy on Mobile Systems
Viola: Trustworthy Sensor Notifications for Enhanced Privacy on Mobile Systems Saeed Mirzamohammadi, Ardalan Amiri Sani University of California, Irvine saeed@uci.edu, ardalan@uci.edu Abstract Modern mobile
More informationSecure Containers with EPT Isolation
Secure Containers with EPT Isolation Chunyan Liu liuchunyan9@huawei.com Jixing Gu jixing.gu@intel.com Presenters Jixing Gu: Software Architect, from Intel CIG SW Team, working on secure container solution
More informationGPU Programming and Architecture: Course Overview
Lectures GPU Programming and Architecture: Course Overview Patrick Cozzi University of Pennsylvania CIS 565 - Spring 2012 Monday and Wednesday 9-10:30am Moore 212 Lectures will be recorded Image from http://pinoytutorial.com/techtorial/geforce-gtx-580-vs-amd-radeon-hd-6870-review-and-comparison-conclusion/
More informationQCon - Mobile Maps HTML5 Team Andrea
QCon London @Nokia - Mobile Maps HTML5 Team Andrea Giammarchi @WebReflection the what the whole story, in 8 words the whole story, in 8 words one does not simply create an HTML5 Application Nokia Mobile
More informationLogical Partitions on Many-core Processors
Logical Partitions on Many-core Processors Ramya Masti, Claudio Marforio, Kari Kostiainen, Claudio Soriente, Srdjan Capkun ETH Zurich ACSAC 2015 1 Infrastructure as a Service (IaaS) App App App App OS
More informationMiniBox: A Two-Way Sandbox for x86 Native Code
MiniBox: A Two-Way Sandbox for x86 Native Code Yanlin Li CyLab/CMU Jonathan McCune CyLab/CMU, Google Inc. James Newsome CyLab/CMU, Google Inc. Adrian Perrig CyLab/CMU Brandon Baker Google Inc. Will Drewry
More informationCS261 Scribe Notes: Secure Computation 1
CS261 Scribe Notes: Secure Computation 1 Scriber: Cameron Rasmussen October 24, 2018 1 Introduction It is often the case that code is being run locally on our system that isn t completely trusted, a prime
More informationINTRODUCING RYZEN MARCH
INTRODUCING RYZEN MARCH 2018 1 WHAT WE WILL COVER TODAY 5 Things to Know about AMD AMD Ryzen TM Mobile Processors AMD SenseMI Smart Features Key Things to Remember INTRODUCING RYZEN MARCH 2018 32 5 Things
More informationOS Agnostic Sandboxing Using Virtual CPUs
Berlin Institute of Technology FG Security in Telecommunications OS Agnostic Sandboxing Using Virtual CPUs Spring 6 - SIDAR Graduierten-Workshop über Reaktive Sicherheit Weiss Matthias Lange, March 21st,
More informationVMware End User Computing Global Demo Environment Walkthrough Guide
VMware End User Computing Global Demo Environment Walkthrough Guide Summary This VMware SmartGuide has been created to give a quick start walkthrough of accessing and operating the VMware End User Computing
More informationHW isolation for automotive environment BoF
HW isolation for automotive environment BoF Michele Paolino m.paolino@virtualopensystems.com AGL All Member Meeting 2016, 2016-09-07, Munich, Germany http://www.tapps-project.eu/ Authorship and sponsorship
More informationKomodo: Using Verification to Disentangle Secure-Enclave Hardware from Software
Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, Bryan Parno* Microsoft Research, Cornell University, Carnegie Mellon
More informationFirefox OS App Days. Overview and High Level Architecture. Author: José M. Cantera Last update: March 2013 TELEFÓNICA I+D
Firefox OS App Days Overview and High Level Architecture Author: José M. Cantera (@jmcantera) Last update: March 2013 TELEFÓNICA I+D 1 Introduction What is Firefox OS? A new mobile open OS fully based
More informationProof of Work, Curl & Nonce
IOTA TUTORIAL 7 Proof of Work, Curl & Nonce v1.0.0 INTRO In this video I will explain what the purpose is of the IOTA light wallet Curl implementation and what the difference is between Webgl 2 Curl implementation
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationVirtual Memory. Lecture for CPSC 5155 Edward Bosworth, Ph.D. Computer Science Department Columbus State University
Virtual Memory Lecture for CPSC 5155 Edward Bosworth, Ph.D. Computer Science Department Columbus State University Precise Definition of Virtual Memory Virtual memory is a mechanism for translating logical
More informationEven coarse architectural trends impact tremendously the design of systems
CSE 451: Operating Systems Winter 2015 Module 2 Architectural Support for Operating Systems Mark Zbikowski mzbik@cs.washington.edu 476 Allen Center 2013 Gribble, Lazowska, Levy, Zahorjan 1 Even coarse
More informationEven coarse architectural trends impact tremendously the design of systems. Even coarse architectural trends impact tremendously the design of systems
CSE 451: Operating Systems Spring 2013 Module 2 Architectural Support for Operating Systems Ed Lazowska lazowska@cs.washington.edu 570 Allen Center Even coarse architectural trends impact tremendously
More informationGeneric Buffer Sharing Mechanism for Mediated Devices
Generic Buffer Sharing Mechanism for Mediated Devices Tina Zhang tina.zhang@intel.com 1 Agenda Background Generic Buffer Sharing in MDEV Framework Status Summary 2 Virtual Function I/O Virtual Function
More informationInstitute for Cyber Security. ZeroVM Backgroud
ZeroVM Backgroud Prosunjit Biswas Institute for Cyber Security University of Texas at San Antonio April 23, 2014 Institute of Cyber Security, ICS @ UTSA 1 Motivation Behind ZeroVM 1. In Amazon map/reduces
More informationConfinement (Running Untrusted Programs)
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules
More informationHTML5 for mobile development.
HTML5 for mobile development Txus Ordorika @txusinho @ludei HTML5 for development (I) HTML5 to be the silver bullet of development Low entrance - barrier Runs over VM (write once, run everywhere) ECMA-262
More informationWu Zhiwen.
Wu Zhiwen zhiwen.wu@intel.com Agenda Background information OpenCV DNN module OpenCL acceleration Vulkan backend Sample 2 What is OpenCV? Open Source Compute Vision (OpenCV) library 2500+ Optimized algorithms
More informationBuilding Real-Time Professional Visualization Solutions on GPUs. Kristof Denolf Samuel Maroy Ronny Dewaele
Building Real-Time Professional Visualization Solutions on GPUs Kristof Denolf Samuel Maroy Ronny Dewaele Page 2 Outline Barco s professional visualization solutions The need for performance portability
More informationCSCI 420: Mobile Application Security. Lecture 15. Prof. Adwait Nadkarni
CSCI 420: Mobile Application Security Lecture 15 Prof. Adwait Nadkarni 1 Running scripts from home apktool instructions: Move both files (apktool.jar & apktool) to /usr/local/bin (root needed) No-root
More informationEVALUATING WINDOWS 10 LEARN WHY YOUR USERS NEED GPU ACCELERATION
May 8-11 2017 Silicon Valley EVALUATING WINDOWS 10 LEARN WHY YOUR USERS NEED GPU ACCELERATION Jason Kyungho Lee, Sr Performance Engineer, NVIDAI GRID @NVIDIA Hari Sivaraman, Staff Engineer @ VMware Introduction
More information