Stealing webpages rendered on your browser by exploiting GPU vulnerabilities

Sangho Lee, Youngsok Kim, Jangwoo Kim, Jong Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

38 Citations (Scopus)

Abstract

Graphics processing units (GPUs) are important components of modern computing devices for not only graphics rendering, but also efficient parallel computations. However, their security problems are ignored despite their importance and popularity. In this paper, we first perform an in-depth security analysis on GPUs to detect security vulnerabilities. We observe that contemporary, widely-used GPUs, both NVIDIA's and AMD's, do not initialize newly allocated GPU memory pages which may contain sensitive user data. By exploiting such vulnerabilities, we propose attack methods for revealing a victim program's data kept in GPU memory both during its execution and right after its termination. We further show the high applicability of the proposed attacks by applying them to the Chromium and Firefox web browsers which use GPUs for accelerating webpage rendering. We detect that both browsers leave rendered webpage textures in GPU memory, so that we can infer which web pages a victim user has visited by analyzing the remaining textures. The accuracy of our advanced inference attack that uses both pixel sequence matching and RGB histogram matching is up to 95.4%.

Original languageEnglish
Title of host publicationProceedings - IEEE Symposium on Security and Privacy
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages19-33
Number of pages15
ISBN (Electronic)9781479946860
DOIs
Publication statusPublished - 2014 Nov 13
Event35th IEEE Symposium on Security and Privacy, SP 2014 - San Jose, United States
Duration: 2014 May 182014 May 21

Publication series

NameProceedings - IEEE Symposium on Security and Privacy
ISSN (Print)1081-6011

Conference

Conference35th IEEE Symposium on Security and Privacy, SP 2014
CountryUnited States
CitySan Jose
Period14/5/1814/5/21

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Stealing webpages rendered on your browser by exploiting GPU vulnerabilities'. Together they form a unique fingerprint.

  • Cite this

    Lee, S., Kim, Y., Kim, J., & Kim, J. (2014). Stealing webpages rendered on your browser by exploiting GPU vulnerabilities. In Proceedings - IEEE Symposium on Security and Privacy (pp. 19-33). [6956554] (Proceedings - IEEE Symposium on Security and Privacy). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SP.2014.9