Modern personal computers have embraced increasingly powerful Graphics Processing Units (GPUs), hardware components that enable high performance graphics. The software that controls the programming of these GPUs in today's computers (i.e., the graphics stack) was designed to be used by applications acquired from trustworthy developers and installed directly by the user. However, web applications (i.e., applications running inside a web browser) are gaining in popularity and WebGL is a recent industry effort to provide GPU-based graphics for web applications. However, WebGL has posed serious security concerns as malicious web applications have used WebGL to accomplish attacks on user's systems. Unfortunately, web browser-based protection techniques have not solved the security concerns and have significantly worsened WebGL performance. This project is developing techniques to improve the security of GPU-based graphics for web applications, without worsening performance.
The project is proceeding in two research thrusts. In the first thrust, the researchers are using GPU virtualization technology to sandbox a web application's access to the GPU, providing hardware-level isolation for sharing a GPU. In this design, each web application uses a dedicated virtual GPU (or vGPU) allowing the web application to achieve high graphics performance, while isolating it from the rest of the system. The project is developing a new operating system compositor to control and schedule the shared resources between the vGPUs. Unfortunately, the vGPU-based architecture cannot prevent all possible GPU-based security attacks, including some forms of information leakage, denials-of-service, and memory integrity attacks. In the second thrust, the researchers are studying these remaining attack vectors and developing complementary solutions.