Data remanence and digital forensic investigation for CUDA Graphics Processing Units

Research output: Contribution to conferenceProceeding

1 Citation (Scopus)

Abstract

This paper investigates the practicality of memory attacks on commercial Graphics Processing Units (GPUs). With recent advances in the performance and viability of using GPUs for various highly-parallelised data processing tasks, a number of security challenges are raised. Unscrupulous software running subsequently on the same GPU, either by the same user, or another user, in a multi-user system, may be able to gain access to the contents of the GPU memory. This contains data from previous program executions. In certain use-cases, where the GPU is used to offload intensive parallel processing such as pattern matching for an intrusion detection system, financial systems, or cryptographic algorithms, it may be possible for the GPU memory to contain privileged data, which would ordinarily be inaccessible to an unprivileged application running on the host computer. With GPUs potentially yielding access to confidential information, existing research in the field is built upon, to investigate the practicality of extracting data from global, shared and texture memory, and retrieving this data for further analysis. These techniques are also implemented on various GPUs using three different Nvidia CUDA versions. A novel methodology for digital forensic examination of GPU memory for remanent data is then proposed, along with some suggestions and considerations towards countermeasures and anti-forensic techniques

Workshop

Workshop1ST IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT)
Abbreviated titleDISSECT 2015
CountryCanada
CityOttawa
Period11/05/1515/05/15
Internet address

Fingerprint

Remanence
Data storage equipment
Graphics processing unit
Digital forensics
Pattern matching
Intrusion detection
Textures

Keywords

  • graphics processing units
  • memory attacks
  • digital forensics

Cite this

Bellekens, X., Paul, G., Irvine, J. M., Tachtatzis, C., Atkinson, R. C., Kirkham, T., & Renfrew, C. (2015). Data remanence and digital forensic investigation for CUDA Graphics Processing Units. 1ST IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), Ottawa, Canada.
Bellekens, Xavier ; Paul, Greig ; Irvine, James M. ; Tachtatzis, Christos ; Atkinson, Robert C. ; Kirkham, Tony ; Renfrew, Craig. / Data remanence and digital forensic investigation for CUDA Graphics Processing Units. 1ST IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), Ottawa, Canada.6 p.
@conference{7dd7aeb7a15c44d7ab774a5fa64a0e5e,
title = "Data remanence and digital forensic investigation for CUDA Graphics Processing Units",
abstract = "This paper investigates the practicality of memory attacks on commercial Graphics Processing Units (GPUs). With recent advances in the performance and viability of using GPUs for various highly-parallelised data processing tasks, a number of security challenges are raised. Unscrupulous software running subsequently on the same GPU, either by the same user, or another user, in a multi-user system, may be able to gain access to the contents of the GPU memory. This contains data from previous program executions. In certain use-cases, where the GPU is used to offload intensive parallel processing such as pattern matching for an intrusion detection system, financial systems, or cryptographic algorithms, it may be possible for the GPU memory to contain privileged data, which would ordinarily be inaccessible to an unprivileged application running on the host computer. With GPUs potentially yielding access to confidential information, existing research in the field is built upon, to investigate the practicality of extracting data from global, shared and texture memory, and retrieving this data for further analysis. These techniques are also implemented on various GPUs using three different Nvidia CUDA versions. A novel methodology for digital forensic examination of GPU memory for remanent data is then proposed, along with some suggestions and considerations towards countermeasures and anti-forensic techniques",
keywords = "graphics processing units, memory attacks, digital forensics",
author = "Xavier Bellekens and Greig Paul and Irvine, {James M.} and Christos Tachtatzis and Atkinson, {Robert C.} and Tony Kirkham and Craig Renfrew",
note = "{\circledC} 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.; 1ST IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), DISSECT 2015 ; Conference date: 11-05-2015 Through 15-05-2015",
year = "2015",
month = "5",
language = "English",
url = "http://dissect2015.vcu.edu/",

}

Bellekens, X, Paul, G, Irvine, JM, Tachtatzis, C, Atkinson, RC, Kirkham, T & Renfrew, C 2015, 'Data remanence and digital forensic investigation for CUDA Graphics Processing Units' 1ST IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), Ottawa, Canada, 11/05/15 - 15/05/15, .

Data remanence and digital forensic investigation for CUDA Graphics Processing Units. / Bellekens, Xavier; Paul, Greig; Irvine, James M.; Tachtatzis, Christos; Atkinson, Robert C.; Kirkham, Tony; Renfrew, Craig.

2015. 1ST IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), Ottawa, Canada.

Research output: Contribution to conferenceProceeding

TY - CONF

T1 - Data remanence and digital forensic investigation for CUDA Graphics Processing Units

AU - Bellekens, Xavier

AU - Paul, Greig

AU - Irvine, James M.

AU - Tachtatzis, Christos

AU - Atkinson, Robert C.

AU - Kirkham, Tony

AU - Renfrew, Craig

N1 - © 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

PY - 2015/5

Y1 - 2015/5

N2 - This paper investigates the practicality of memory attacks on commercial Graphics Processing Units (GPUs). With recent advances in the performance and viability of using GPUs for various highly-parallelised data processing tasks, a number of security challenges are raised. Unscrupulous software running subsequently on the same GPU, either by the same user, or another user, in a multi-user system, may be able to gain access to the contents of the GPU memory. This contains data from previous program executions. In certain use-cases, where the GPU is used to offload intensive parallel processing such as pattern matching for an intrusion detection system, financial systems, or cryptographic algorithms, it may be possible for the GPU memory to contain privileged data, which would ordinarily be inaccessible to an unprivileged application running on the host computer. With GPUs potentially yielding access to confidential information, existing research in the field is built upon, to investigate the practicality of extracting data from global, shared and texture memory, and retrieving this data for further analysis. These techniques are also implemented on various GPUs using three different Nvidia CUDA versions. A novel methodology for digital forensic examination of GPU memory for remanent data is then proposed, along with some suggestions and considerations towards countermeasures and anti-forensic techniques

AB - This paper investigates the practicality of memory attacks on commercial Graphics Processing Units (GPUs). With recent advances in the performance and viability of using GPUs for various highly-parallelised data processing tasks, a number of security challenges are raised. Unscrupulous software running subsequently on the same GPU, either by the same user, or another user, in a multi-user system, may be able to gain access to the contents of the GPU memory. This contains data from previous program executions. In certain use-cases, where the GPU is used to offload intensive parallel processing such as pattern matching for an intrusion detection system, financial systems, or cryptographic algorithms, it may be possible for the GPU memory to contain privileged data, which would ordinarily be inaccessible to an unprivileged application running on the host computer. With GPUs potentially yielding access to confidential information, existing research in the field is built upon, to investigate the practicality of extracting data from global, shared and texture memory, and retrieving this data for further analysis. These techniques are also implemented on various GPUs using three different Nvidia CUDA versions. A novel methodology for digital forensic examination of GPU memory for remanent data is then proposed, along with some suggestions and considerations towards countermeasures and anti-forensic techniques

KW - graphics processing units

KW - memory attacks

KW - digital forensics

UR - http://dissect2015.vcu.edu/

UR - http://www.scopus.com/inward/record.url?scp=84942693722&partnerID=8YFLogxK

M3 - Proceeding

ER -

Bellekens X, Paul G, Irvine JM, Tachtatzis C, Atkinson RC, Kirkham T et al. Data remanence and digital forensic investigation for CUDA Graphics Processing Units. 2015. 1ST IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), Ottawa, Canada.