Rootkit inside GPU Kernel Execution
Summary :
We propose a rootkit installation method inside a GPU kernel execution process which works through GPU context manipulation. In GPU-based applications such as deep learning computations and cryptographic operations, the proposed method uses the feature by which the execution flow of the GPU kernel obeys the GPU context information in GPU memory. The proposed method consists of two key ideas. The first is GPU code manipulation, which is able to hijack the execution flow of the original GPU kernel to execute an injected payload without affecting the original GPU computation result. The second is a self-page-table update execution during which the GPU kernel updates its page table to access any location in system memory. After the installation, the malicious payload is executed only in the GPU kernel, and any no evidence remains in system memory. Thus, it cannot be detected by conventional rootkit detection methods.
- Publication
- IEICE TRANSACTIONS on Information Vol.E102-D No.11 pp.2261-2264
- Publication Date
- 2019/11/01
- Publicized
- 2019/08/19
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.2019EDL8104
- Type of Manuscript
- LETTER
- Category
- Dependable Computing
Authors
Ohmin KWON
Korea Advanced Institute of Science and Technology
Hyun KWON
Korea Advanced Institute of Science and Technology
Hyunsoo YOON
Korea Advanced Institute of Science and Technology
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Ohmin KWON, Hyun KWON, Hyunsoo YOON, "Rootkit inside GPU Kernel Execution" in IEICE TRANSACTIONS on Information,
vol. E102-D, no. 11, pp. 2261-2264, November 2019, doi: 10.1587/transinf.2019EDL8104.
Abstract: We propose a rootkit installation method inside a GPU kernel execution process which works through GPU context manipulation. In GPU-based applications such as deep learning computations and cryptographic operations, the proposed method uses the feature by which the execution flow of the GPU kernel obeys the GPU context information in GPU memory. The proposed method consists of two key ideas. The first is GPU code manipulation, which is able to hijack the execution flow of the original GPU kernel to execute an injected payload without affecting the original GPU computation result. The second is a self-page-table update execution during which the GPU kernel updates its page table to access any location in system memory. After the installation, the malicious payload is executed only in the GPU kernel, and any no evidence remains in system memory. Thus, it cannot be detected by conventional rootkit detection methods.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2019EDL8104/_p
Copy
@ARTICLE{e102-d_11_2261,
author={Ohmin KWON, Hyun KWON, Hyunsoo YOON, },
journal={IEICE TRANSACTIONS on Information},
title={Rootkit inside GPU Kernel Execution},
year={2019},
volume={E102-D},
number={11},
pages={2261-2264},
abstract={We propose a rootkit installation method inside a GPU kernel execution process which works through GPU context manipulation. In GPU-based applications such as deep learning computations and cryptographic operations, the proposed method uses the feature by which the execution flow of the GPU kernel obeys the GPU context information in GPU memory. The proposed method consists of two key ideas. The first is GPU code manipulation, which is able to hijack the execution flow of the original GPU kernel to execute an injected payload without affecting the original GPU computation result. The second is a self-page-table update execution during which the GPU kernel updates its page table to access any location in system memory. After the installation, the malicious payload is executed only in the GPU kernel, and any no evidence remains in system memory. Thus, it cannot be detected by conventional rootkit detection methods.},
keywords={},
doi={10.1587/transinf.2019EDL8104},
ISSN={1745-1361},
month={November},}
Copy
TY - JOUR
TI - Rootkit inside GPU Kernel Execution
T2 - IEICE TRANSACTIONS on Information
SP - 2261
EP - 2264
AU - Ohmin KWON
AU - Hyun KWON
AU - Hyunsoo YOON
PY - 2019
DO - 10.1587/transinf.2019EDL8104
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E102-D
IS - 11
JA - IEICE TRANSACTIONS on Information
Y1 - November 2019
AB - We propose a rootkit installation method inside a GPU kernel execution process which works through GPU context manipulation. In GPU-based applications such as deep learning computations and cryptographic operations, the proposed method uses the feature by which the execution flow of the GPU kernel obeys the GPU context information in GPU memory. The proposed method consists of two key ideas. The first is GPU code manipulation, which is able to hijack the execution flow of the original GPU kernel to execute an injected payload without affecting the original GPU computation result. The second is a self-page-table update execution during which the GPU kernel updates its page table to access any location in system memory. After the installation, the malicious payload is executed only in the GPU kernel, and any no evidence remains in system memory. Thus, it cannot be detected by conventional rootkit detection methods.
ER -
English
