Rootkit inside GPU Kernel Execution

Rootkit inside GPU Kernel Execution

We propose a rootkit installation method inside a GPU kernel execution process which works through GPU context manipulation. In GPU-based applications such as deep learning computations and cryptographic operations, the proposed method uses the feature by which the execution flow of the GPU kernel o...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEICE Transactions on Information and Systems 2019/11/01, Vol.E102.D(11), pp.2261-2264
Hauptverfasser: KWON, Ohmin, KWON, Hyun, YOON, Hyunsoo
Format: Artikel
Sprache:eng
Schlagworte:
Cryptography
Graphics boards
graphics processing unit
Kernels
Machine learning
rootkit
security
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 2264
container_issue 11
container_start_page 2261
container_title IEICE Transactions on Information and Systems
container_volume E102.D
creator KWON, Ohmin
KWON, Hyun
YOON, Hyunsoo
description We propose a rootkit installation method inside a GPU kernel execution process which works through GPU context manipulation. In GPU-based applications such as deep learning computations and cryptographic operations, the proposed method uses the feature by which the execution flow of the GPU kernel obeys the GPU context information in GPU memory. The proposed method consists of two key ideas. The first is GPU code manipulation, which is able to hijack the execution flow of the original GPU kernel to execute an injected payload without affecting the original GPU computation result. The second is a self-page-table update execution during which the GPU kernel updates its page table to access any location in system memory. After the installation, the malicious payload is executed only in the GPU kernel, and any no evidence remains in system memory. Thus, it cannot be detected by conventional rootkit detection methods.
doi_str_mv 10.1587/transinf.2019EDL8104
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2311259669</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2311259669</sourcerecordid><originalsourceid>FETCH-LOGICAL-c517t-55453aa73140898e872cd2984bb033195cfafab75ee312ac41bcea54100ee7d93</originalsourceid><addsrcrecordid>eNpNkE1PAjEURRujiYj-AxeTsB7s68e0XRoY0UiiUVk3nfJGB3EG25LovxeCoKt3F-fcl1xCLoEOQWp1lYJrY9PWQ0bBlOOpBiqOSA-UkDnwAo5Jjxooci05OyVnMS4oBc1A9sjgqevSe5OyZtMwx2zyOMvuMbS4zMov9OvUdO05OandMuLF7-2T2U35MrrNpw-Tu9H1NPcSVMqlFJI7pzgIqo1GrZifM6NFVVHOwUhfu9pVSiJyYM4LqDw6KYBSRDU3vE8Gu95V6D7XGJNddOvQbl5axgGYNEWxpcSO8qGLMWBtV6H5cOHbArXbOex-Dvtvjo32vNMWMblXPEgupMYv8U8qgTI7tgD79K_lQPs3Fyy2_AfuVnCs</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2311259669</pqid></control><display><type>article</type><title>Rootkit inside GPU Kernel Execution</title><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><source>J-STAGE (Japan Science &amp; Technology Information Aggregator, Electronic) Freely Available Titles - Japanese</source><creator>KWON, Ohmin ; KWON, Hyun ; YOON, Hyunsoo</creator><creatorcontrib>KWON, Ohmin ; KWON, Hyun ; YOON, Hyunsoo</creatorcontrib><description>We propose a rootkit installation method inside a GPU kernel execution process which works through GPU context manipulation. In GPU-based applications such as deep learning computations and cryptographic operations, the proposed method uses the feature by which the execution flow of the GPU kernel obeys the GPU context information in GPU memory. The proposed method consists of two key ideas. The first is GPU code manipulation, which is able to hijack the execution flow of the original GPU kernel to execute an injected payload without affecting the original GPU computation result. The second is a self-page-table update execution during which the GPU kernel updates its page table to access any location in system memory. After the installation, the malicious payload is executed only in the GPU kernel, and any no evidence remains in system memory. Thus, it cannot be detected by conventional rootkit detection methods.</description><identifier>ISSN: 0916-8532</identifier><identifier>EISSN: 1745-1361</identifier><identifier>DOI: 10.1587/transinf.2019EDL8104</identifier><language>eng</language><publisher>Tokyo: The Institute of Electronics, Information and Communication Engineers</publisher><subject>Cryptography ; Graphics boards ; graphics processing unit ; Kernels ; Machine learning ; rootkit ; security</subject><ispartof>IEICE Transactions on Information and Systems, 2019/11/01, Vol.E102.D(11), pp.2261-2264</ispartof><rights>2019 The Institute of Electronics, Information and Communication Engineers</rights><rights>Copyright Japan Science and Technology Agency 2019</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c517t-55453aa73140898e872cd2984bb033195cfafab75ee312ac41bcea54100ee7d93</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,1883,27924,27925</link.rule.ids></links><search><creatorcontrib>KWON, Ohmin</creatorcontrib><creatorcontrib>KWON, Hyun</creatorcontrib><creatorcontrib>YOON, Hyunsoo</creatorcontrib><title>Rootkit inside GPU Kernel Execution</title><title>IEICE Transactions on Information and Systems</title><addtitle>IEICE Trans. Inf. &amp; Syst.</addtitle><description>We propose a rootkit installation method inside a GPU kernel execution process which works through GPU context manipulation. In GPU-based applications such as deep learning computations and cryptographic operations, the proposed method uses the feature by which the execution flow of the GPU kernel obeys the GPU context information in GPU memory. The proposed method consists of two key ideas. The first is GPU code manipulation, which is able to hijack the execution flow of the original GPU kernel to execute an injected payload without affecting the original GPU computation result. The second is a self-page-table update execution during which the GPU kernel updates its page table to access any location in system memory. After the installation, the malicious payload is executed only in the GPU kernel, and any no evidence remains in system memory. Thus, it cannot be detected by conventional rootkit detection methods.</description><subject>Cryptography</subject><subject>Graphics boards</subject><subject>graphics processing unit</subject><subject>Kernels</subject><subject>Machine learning</subject><subject>rootkit</subject><subject>security</subject><issn>0916-8532</issn><issn>1745-1361</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><recordid>eNpNkE1PAjEURRujiYj-AxeTsB7s68e0XRoY0UiiUVk3nfJGB3EG25LovxeCoKt3F-fcl1xCLoEOQWp1lYJrY9PWQ0bBlOOpBiqOSA-UkDnwAo5Jjxooci05OyVnMS4oBc1A9sjgqevSe5OyZtMwx2zyOMvuMbS4zMov9OvUdO05OandMuLF7-2T2U35MrrNpw-Tu9H1NPcSVMqlFJI7pzgIqo1GrZifM6NFVVHOwUhfu9pVSiJyYM4LqDw6KYBSRDU3vE8Gu95V6D7XGJNddOvQbl5axgGYNEWxpcSO8qGLMWBtV6H5cOHbArXbOex-Dvtvjo32vNMWMblXPEgupMYv8U8qgTI7tgD79K_lQPs3Fyy2_AfuVnCs</recordid><startdate>20191101</startdate><enddate>20191101</enddate><creator>KWON, Ohmin</creator><creator>KWON, Hyun</creator><creator>YOON, Hyunsoo</creator><general>The Institute of Electronics, Information and Communication Engineers</general><general>Japan Science and Technology Agency</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20191101</creationdate><title>Rootkit inside GPU Kernel Execution</title><author>KWON, Ohmin ; KWON, Hyun ; YOON, Hyunsoo</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c517t-55453aa73140898e872cd2984bb033195cfafab75ee312ac41bcea54100ee7d93</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Cryptography</topic><topic>Graphics boards</topic><topic>graphics processing unit</topic><topic>Kernels</topic><topic>Machine learning</topic><topic>rootkit</topic><topic>security</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>KWON, Ohmin</creatorcontrib><creatorcontrib>KWON, Hyun</creatorcontrib><creatorcontrib>YOON, Hyunsoo</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEICE Transactions on Information and Systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>KWON, Ohmin</au><au>KWON, Hyun</au><au>YOON, Hyunsoo</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Rootkit inside GPU Kernel Execution</atitle><jtitle>IEICE Transactions on Information and Systems</jtitle><addtitle>IEICE Trans. Inf. &amp; Syst.</addtitle><date>2019-11-01</date><risdate>2019</risdate><volume>E102.D</volume><issue>11</issue><spage>2261</spage><epage>2264</epage><pages>2261-2264</pages><issn>0916-8532</issn><eissn>1745-1361</eissn><abstract>We propose a rootkit installation method inside a GPU kernel execution process which works through GPU context manipulation. In GPU-based applications such as deep learning computations and cryptographic operations, the proposed method uses the feature by which the execution flow of the GPU kernel obeys the GPU context information in GPU memory. The proposed method consists of two key ideas. The first is GPU code manipulation, which is able to hijack the execution flow of the original GPU kernel to execute an injected payload without affecting the original GPU computation result. The second is a self-page-table update execution during which the GPU kernel updates its page table to access any location in system memory. After the installation, the malicious payload is executed only in the GPU kernel, and any no evidence remains in system memory. Thus, it cannot be detected by conventional rootkit detection methods.</abstract><cop>Tokyo</cop><pub>The Institute of Electronics, Information and Communication Engineers</pub><doi>10.1587/transinf.2019EDL8104</doi><tpages>4</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 0916-8532
ispartof IEICE Transactions on Information and Systems, 2019/11/01, Vol.E102.D(11), pp.2261-2264
issn 0916-8532
1745-1361
language eng
recordid cdi_proquest_journals_2311259669
source Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals; J-STAGE (Japan Science & Technology Information Aggregator, Electronic) Freely Available Titles - Japanese
subjects Cryptography
Graphics boards
graphics processing unit
Kernels
Machine learning
rootkit
security
title Rootkit inside GPU Kernel Execution
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-28T18%3A51%3A37IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Rootkit%20inside%20GPU%20Kernel%20Execution&rft.jtitle=IEICE%20Transactions%20on%20Information%20and%20Systems&rft.au=KWON,%20Ohmin&rft.date=2019-11-01&rft.volume=E102.D&rft.issue=11&rft.spage=2261&rft.epage=2264&rft.pages=2261-2264&rft.issn=0916-8532&rft.eissn=1745-1361&rft_id=info:doi/10.1587/transinf.2019EDL8104&rft_dat=%3Cproquest_cross%3E2311259669%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2311259669&rft_id=info:pmid/&rfr_iscdi=true