skip to main content
research-article
Public Access

Sugar: Secure GPU Acceleration in Web Browsers

Published:19 March 2018Publication History
Skip Abstract Section

Abstract

Modern personal computers have embraced increasingly powerful Graphics Processing Units (GPUs). Recently, GPU-based graphics acceleration in web apps (i.e., applications running inside a web browser) has become popular. WebGL is the main effort to provide OpenGL-like graphics for web apps and it is currently used in 53% of the top-100 websites. Unfortunately, WebGL has posed serious security concerns as several attack vectors have been demonstrated through WebGL. Web browsers» solutions to these attacks have been reactive: discovered vulnerabilities have been patched and new runtime security checks have been added. Unfortunately, this approach leaves the system vulnerable to zero-day vulnerability exploits, especially given the large size of the Trusted Computing Base of the graphics plane. We present Sugar, a novel operating system solution that enhances the security of GPU acceleration for web apps by design. The key idea behind Sugar is using a dedicated virtual graphics plane for a web app by leveraging modern GPU virtualization solutions. A virtual graphics plane consists of a dedicated virtual GPU (or vGPU) as well as all the software graphics stack (including the device driver). Sugar enhances the system security since a virtual graphics plane is fully isolated from the rest of the system. Despite GPU virtualization overhead, we show that Sugar achieves high performance. Moreover, unlike current systems, Sugar is able to use two underlying physical GPUs, when available, to co-render the User Interface (UI): one GPU is used to provide virtual graphics planes for web apps and the other to provide the primary graphics plane for the rest of the system. Such a design not only provides strong security guarantees, it also provides enhanced performance isolation.

References

  1. A. Amiri Sani. 2017. SchrodinText: Strong Protection of Sensitive Textual Content of Mobile Applications Proc. ACM MobiSys. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. A. Amiri Sani, K. Boos, S. Qin, and L. Zhong. 2014. I/O Paravirtualization at the Device File Boundary Proc. ACM ASPLOS. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. A. Amiri Sani, L. Zhong, and D. S. Wallach. 2014. Glider: A GPU Library Driver for Improved System Security. Technical Report 2014--11--14, Rice University (2014).Google ScholarGoogle Scholar
  4. J. Andrus, C. Dall, A. V. Hof, O. Laadan, and J. Nieh. 2011. Cells: a Virtual Mobile Smartphone Architecture. In Proc. ACM SOSP. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. A. Belay, A. Bittau, A. Mashtizadeh, D. Terei, D. Mazieres, and C. Kozyrakis. 2012. Dune: Safe User-level Access to Privileged CPU Features Proc. USENIX OSDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. A. Belay, G. Prekas, A. Klimovic, S. Grossman, C. Kozyrakis, and E. Bugnion. 2014. IX: A Protected Dataplane Operating System for High Throughput and Low Latency Proc. USENIX OSDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. M. Ben-Yehuda, O. Peleg, O. Agmon Ben-Yehuda, I. Smolyar, and D. Tsafrir. 2013. The nonkernel: A Kernel Designed for the Cloud. In Proc. ACM Asia-Pacific Workshop on Systems (APSys). Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. S. Birr, J. Mönch, D. Sommerfeld, U. Preim, and B. Preim. 2013. The LiverAnatomyExplorer: A WebGL-Based Surgical Teaching Tool. IEEE Computer Graphics and Applications (2013). Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. S. Boyd-Wickizer and N. Zeldovich. 2010. Tolerating Malicious Device Drivers in Linux. In Proc. USENIX ATC. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. R. S. Cox, J. G. Hansen, S. D. Gribble, and H. M. Levy. 2006. A Safety-Oriented Platform for Web Applications. In Proc. IEEE Symposium on Security and Privacy (S&P). Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. U. Dey, P. K. Jana, and C. S. Kumar. 2016. Modeling and Kinematic Analysis of Industrial Robots in WebGL Interface IEEE International Conference on Technology for Education.Google ScholarGoogle Scholar
  12. J. R. Douceur, J. Elson, J. Howell, and J. R. Lorch. 2008. Leveraging Legacy Code to Deploy Desktop Applications on the Web. Proc. USENIX OSDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. K. Elphinstone and G. Heiser. 2013. From L3 to seL4 What Have We Learnt in 20 Years of L4 Microkernels? Proc. ACM SOSP. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. D. R. Engler, M. F. Kaashoek, and J. O'Toole Jr.. 1995. Exokernel: an Operating System Architecture for Application-Level Resource Management Proc. ACM SOSP. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. A. Forin, D. Golub, and B. N. Bershad. 1991. An I/O System for Mach 3.0. In Proc. USENIX Mach Symposium.Google ScholarGoogle Scholar
  16. V. Ganapathy, M. J. Renzelmann, A. Balakrishnan, M. M. Swift, and S. Jha. 2008. The Design and Implementation of Microdrivers. In Proc. ACM ASPLOS. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. David B. Golub, Guy G. Sotomayor, and Freeman L. Rawson, III. 1993. An Architecture for Device Drivers Executing As User-Level Tasks Proc. USENIX MACH III Symposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. J. Howell, B. Parno, and J. Douceur. 2013. Embassies: Radically Refactoring the Web. In Proc. USENIX NSDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. B. Leslie, P. Chubb, N. Fitzroy-Dale, S. Götz, C. Gray, L. Macpherson, D. Potts, Y. Shen, K. Elphinstone, and G. Heiser. 2005. User-Level Device Drivers: Achieved Performance. Journal of Computer Science and Technology Vol. 20, 5 (2005).Google ScholarGoogle Scholar
  20. I. Lesokhin, H. Eran, S. Raindel, G. Shapiro, S. Grimberg, L. Liss, M. Ben-Yehuda, N. Amit, and D. Tsafrir. 2017. Page Fault Support for Network Controllers. In Proc. ACM ASPLOS. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. J. LeVasseur, V. Uhlig, J. Stoess, and S. Götz. 2004. Unmodified Device Driver Reuse and Improved System Dependability via Virtual Machines Proc. USENIX OSDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. J. Mickens and M. Dhawan. 2011. Atlantis: robust, extensible execution environments for web applications Proc. ACM SOSP. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. P. Pearce, A. P. Felt, G. Nunez, and D. Wagner. 2012. AdDroid: Privilege Separation for Applications and Advertisers in Android Proc. ACM Symposium on Information, Computer and Communications Security (AsiaCCS). Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. S. Peter, J. Li, I. Zhang, D. R. K. Ports, D. Woos, A. Krishnamurthy, T. Anderson, and T. Roscoe. 2014. Arrakis: The Operating System is the Control Plane Proc. USENIX OSDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. D. E. Porter, S. Boyd-Wickizer, J. Howell, R. Olinsky, and G. C. Hunt. 2011. Rethinking the Library OS from the Top Down. In Proc. ACM ASPLOS. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. D. S. Ritchie and G. W. Neufeld. 1993. User Level IPC and Device Management in the Raven Kernel USENIX Microkernels and Other Kernel Architectures Symposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. F. Roesner and T. Kohno. 2013. Securing Embedded User Interfaces: Android and Beyond Proc. USENIX Security Symposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. A. S. Rose and P. W. Hildebrand. 2015. NGL Viewer: a web application for molecular visualization. Nucleic Acids Res (2015).Google ScholarGoogle Scholar
  29. S. Shekhar, M. Dietz, and D. S. Wallach. 2012. AdSplit: Separating Smartphone Advertising from Applications Proc. USENIX Security Symposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. M. M. Swift, B. N. Bershad, and H. M. Levy. 2003. Improving the Reliability of Commodity Operating Systems Proc. ACM SOSP. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. S. Tang, H. Mai, and S. T. King. 2010. Trust and Protection in the Illinois Browser Operating System Proc. USENIX OSDI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. K. Tian, Y. Dong, and D. Cowperthwaite. 2014. A Full GPU Virtualization Solution with Mediated Pass-Through Proc. USENIX ATC. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. 2009. Native Client: A Sandbox for Portable, Untrusted x86 Native Code Proc. IEEE Symposium on Security and Privacy (S&P). Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. F. Zhou, J. Condit, Z. Anderson, I. Bagrak, R. Ennals, M. Harren, G. Necula, and E. Brewer. 2006. SafeDrive: Safe and Recoverable Extensions Using Language-Based Techniques Proc. USENIX OSDI. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Sugar: Secure GPU Acceleration in Web Browsers

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM SIGPLAN Notices
          ACM SIGPLAN Notices  Volume 53, Issue 2
          ASPLOS '18
          February 2018
          809 pages
          ISSN:0362-1340
          EISSN:1558-1160
          DOI:10.1145/3296957
          Issue’s Table of Contents
          • cover image ACM Conferences
            ASPLOS '18: Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems
            March 2018
            827 pages
            ISBN:9781450349116
            DOI:10.1145/3173162

          Copyright © 2018 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 19 March 2018

          Check for updates

          Qualifiers

          • research-article

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!