Milkomeda: Safeguarding the mobile GPU interface using WebGL security checks

Zhihao Yao, Saeed Mirzamohammadi, Ardalan Amiri Sani, Mathias Payer

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations


GPU-accelerated graphics is commonly used in mobile applications. Unfortunately, the graphics interface exposes a large amount of potentially vulnerable kernel code (i.e., the GPU device driver) to untrusted applications. This broad attack surface has resulted in numerous reported vulnerabilities that are exploitable from unprivileged mobile apps. We observe that web browsers have faced and addressed the exact same problem in WebGL, a framework used by web apps for graphics acceleration. Web browser vendors have developed and deployed a plethora of security checks for the WebGL interface. We introduce Milkomeda, a system solution for automatically repurposing WebGL security checks to safeguard the mobile graphics interface. We show that these checks can be used with minimal modifications (which we have automated using a tool called CheckGen), significantly reducing the engineering effort. Moreover, we demonstrate an in-process shield space for deploying these checks for mobile applications. Compared to the multi-process architecture used by web browsers to protect the integrity of the security checks, our solution improves the graphics performance by eliminating the need for Inter-Process Communication and shared memory data transfer, while providing integrity guarantees for the evaluation of security checks. Our evaluation shows that Milkomeda achieves close-to-native GPU performance at reasonably increased CPU utilization.

Original languageEnglish (US)
Title of host publicationCCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Number of pages15
ISBN (Electronic)9781450356930
StatePublished - Oct 15 2018
Externally publishedYes
Event25th ACM Conference on Computer and Communications Security, CCS 2018 - Toronto, Canada
Duration: Oct 15 2018 → …

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221


Other25th ACM Conference on Computer and Communications Security, CCS 2018
Period10/15/18 → …

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications


  • Mobile graphics security
  • WebGL security


Dive into the research topics of 'Milkomeda: Safeguarding the mobile GPU interface using WebGL security checks'. Together they form a unique fingerprint.

Cite this