Securing GPU via Region-based Bounds Checking
Georgia Institute of Technology, USA
49th Annual International Symposium on Computer Architecture (ISCA ’22), 2022
@inproceedings{lee2022securing,
title={Securing GPU via region-based bounds checking},
author={Lee, Jaewon and Kim, Yonghae and Cao, Jiashen and Kim, Euna and Lee, Jaekyu and Kim, Hyesoon},
booktitle={Proceedings of the 49th Annual International Symposium on Computer Architecture},
pages={27–41},
year={2022}
}
Graphics processing units (GPUs) have become essential general-purpose computing platforms to accelerate a wide range of workloads, such as deep learning, scientific, and high-performance computing (HPC) applications. However, recent memory corruption attacks, such as buffer overflow, exposed security vulnerabilities in GPUs. We demonstrate that out-of-bounds writes are reproducible on an Nvidia GPU, which can enable other security attacks. We propose GPUShield, a hardware-software cooperative region-based bounds-checking mechanism, to improve GPU memory safety for global, local, and heap memory buffers. To achieve effective protection, we update the GPU driver to assign a random but unique ID to each buffer and local variable and store individual bounds information in the bounds table allocated in the global memory. The proposed hardware performs efficient bounds checking by indexing the bounds table with unique IDs. We further reduce the bounds-checking overhead by utilizing compile-time bounds analysis, workgroup/warp-level bounds checking, and GPU-specific address mode. Our performance evaluations show that GPUShield incurs little performance degradation across 88 CUDA benchmarks on the Nvidia GPU architecture and 17 OpenCL benchmarks on the Intel GPU architecture with a marginal hardware overhead.
June 19, 2022 by hgpu