Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon

Sugar operating system: A new OS to enhance GPU acceleration security in web apps

Save for later
  • 3 min read
  • 23 Aug 2018

article-image

Researchers at the University of California, Irvine presented Sugar (Secure GPU Acceleration), a new OS solution to enhance the security of GPU acceleration for web apps. Their research paper titled, Sugar: Secure GPU Acceleration in Web Browsers, is a collective effort of Zhihao Yao et al.

Recently, GPU based graphics acceleration in web apps has become increasingly popular. WebGL is the key component which provides OpenGL--such as graphics for web apps

and is currently used in 53% of the top-100 websites. However, several attack vendors have been demonstrated through WebGL making it vulnerable to security attacks. One such example is the Rowhammer attack which took place in May, this year. Although web browsers have patched the vulnerabilities and have added new runtime security checks, the systems are still vulnerable to zero-day vulnerability exploits, especially given the large size of the Trusted Computing Base of the graphics plane.

Sugar OS uses a dedicated virtual graphics plane for a web app by leveraging modern GPU virtualization solutions. It enhances the system security since a virtual graphics plane is fully isolated from the rest of the system. Despite GPU virtualization overhead, Sugar achieves high performance.

Unlike current systems, Sugar uses two underlying physical GPUs, when available, to co-render the User Interface (UI),

  1. One GPU, to provide virtual graphics planes for web apps
  2. The other one to provide the primary graphics plane for the rest of the system.


Thus, this design not only provides strong security guarantees but also provides enhanced performance isolation.

Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at $19.99/month. Cancel anytime

The two GPU designs in Sugar OS for secured web apps


The researchers presented two different designs of Sugar in their paper; a single-GPU and a dual-GPU. In both these designs, web apps use the virtual graphics planes created by the virtualizable GPU. The main difference between the two is the primary graphics plane.

Single-GPU


sugar-operating-system-a-new-os-to-enhance-gpu-acceleration-security-in-web-apps-img-0

Design target: They designed a Single-GPU Sugar for machines with a single virtualizable GPU. The main targets of this design are commodity desktops and laptops using Intel processors that incorporate a virtualizable integrated GPU (all Intel Core processors starting from the 4th generation, i.e., Haswell [99]).

Primary Graphics plane, in this design, uses the same underlying virtualizable GPU but has exclusive access to the display connected to it.

Dual-GPU


sugar-operating-system-a-new-os-to-enhance-gpu-acceleration-security-in-web-apps-img-1

Design target: The dual-GPU Sugar is designed for machines with two physical GPUs, one of which is virtualizable. The main targets for this design are high-end desktops and laptops that incorporate a second GPU in addition to the virtualizable integrated Intel GPU.

Primary graphics plane, here, uses the other GPU, which is connected to the display.

However, Dual-GPU Sugar provides better security than single-GPU Sugar, especially against Denial-of-Service attacks. Moreover, dual-GPU Sugar achieves better graphics performance isolation.

The researchers demonstrated that Sugar reduces the Trusted Computing Base (TCB) exposed to web apps and thus eliminates various vulnerabilities already reported in the WebGL framework. They also showed that Sugar’s performance is high, providing similar user-visible performance with existing less secure systems.

Read more about Sugar OS in detail in its research paper

Introducing MapD Cloud, the first Analytics Platform with GPU Acceleration on Cloud

A new WPA/WPA2 security attack in town: Wi-fi routers watch out!

5 examples of Artificial Intelligence in Web apps