Sugar: Secure GPU acceleration in web browsers

Zhihao Yao, Zongheng Ma, Yingtong Liu, Ardalan Amiri Sani, Aparna Chandramowlishwaran

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations

Abstract

Modern personal computers have embraced increasingly powerful Graphics Processing Units (GPUs). Recently, GPU-based graphics acceleration in web apps (i.e., applications running inside a web browser) has become popular. WebGL is the main effort to provide OpenGL-like graphics for web apps and it is currently used in 53% of the top-100 websites. Unfortunately, WebGL has posed serious security concerns as several attack vectors have been demonstrated through WebGL. Web browsers' solutions to these attacks have been reactive: discovered vulnerabilities have been patched and new runtime security checks have been added. Unfortunately, this approach leaves the system vulnerable to zero-day vulnerability exploits, especially given the large size of the Trusted Computing Base of the graphics plane. We present Sugar, a novel operating system solution that enhances the security of GPU acceleration for web apps by design. The key idea behind Sugar is using a dedicated virtual graphics plane for a web app by leveraging modern GPU virtualization solutions. A virtual graphics plane consists of a dedicated virtual GPU (or vGPU) as well as all the software graphics stack (including the device driver). Sugar enhances the system security since a virtual graphics plane is fully isolated from the rest of the system. Despite GPU virtualization overhead, we show that Sugar achieves high performance. Moreover, unlike current systems, Sugar is able to use two underlying physical GPUs, when available, to co-render the User Interface (UI): one GPU is used to provide virtual graphics planes for web apps and the other to provide the primary graphics plane for the rest of the system. Such a design not only provides strong security guarantees, it also provides enhanced performance isolation.

Original languageEnglish (US)
Title of host publicationProceedings of the 23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018
PublisherAssociation for Computing Machinery
Pages519-534
Number of pages16
Volume53
Edition2
ISBN (Electronic)9781450349116
DOIs
StatePublished - Mar 19 2018
Externally publishedYes
Event23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018 - Williamsburg, United States
Duration: Mar 24 2018Mar 28 2018

Other

Other23rd International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2018
Country/TerritoryUnited States
CityWilliamsburg
Period3/24/183/28/18

All Science Journal Classification (ASJC) codes

  • General Computer Science

Keywords

  • GPU acceleration
  • Systems security
  • Virtualization
  • Web browser

Fingerprint

Dive into the research topics of 'Sugar: Secure GPU acceleration in web browsers'. Together they form a unique fingerprint.

Cite this