Title :
Towards Concurrent Data Sampling Using GPU Coprocessing
Author :
Seeger, Mark M. ; Wolthusen, Stephen D.
Author_Institution :
Dept. Secure Services, Center for Adv. Security Res. Darmstadt (CASED), Darmstadt, Germany
Abstract :
Host intrusion detection systems operating on the host under observation itself are limited by an adversary´s ability to subvert all data collection and the detection and mitigation mechanisms themselves. Although coprocessor architectures have been proposed to avoid this security mechanism integrity problem, they either involve the application of non-standard hardware or rely on host-bound application programming interfaces (API). This is why, so far, they are only used in the field of network intrusion detection. In this paper, we present our results concerning a concurrent host memory sampling mechanism based on direct memory access (DMA) and demonstrate that it is possible to de-couple GPU kernel execution, thereby providing temporary isolation from the host and allowing data sampling actions to be taken without interruption. We present a security analysis of our approach and detail a proof-of-concept implementation of the autonomous concurrent monitoring and sampling system, thus, validating that self-sufficient data sampling using a commodity coprocessor (i.e. a GPU) is indeed possible.
Keywords :
application program interfaces; computerised monitoring; file organisation; graphics processing units; operating system kernels; security of data; API; DMA; GPU coprocessor architectures; GPU kernel execution decoupling; autonomous concurrent monitoring system; autonomous concurrent sampling system; commodity coprocessor; concurrent host memory sampling mechanism; data collection; direct memory access; host intrusion detection systems; host-bound application programming interfaces; mitigation mechanisms; nonstandard hardware; proof-of-concept implementation; Coprocessors; Graphics processing unit; Hardware; Intrusion detection; Kernel; Autonomous GPU Kernels; Coprocessor; Data Sampling; Intrusion detection;
Conference_Titel :
Availability, Reliability and Security (ARES), 2012 Seventh International Conference on
Conference_Location :
Prague
Print_ISBN :
978-1-4673-2244-7
DOI :
10.1109/ARES.2012.92