As our mobile devices and laptops get smaller and faster, the processing hardware inside often has to share on-board memory and other resources to deliver peak performance and power efficiency.
The problem: Sometimes this sharing can allow hackers to access your personal data in another way.
Preventing these types of attacks has been a top priority for Hoda Naghibijouybari, Assistant Professor in the Department of Computer Science at the Thomas J. Watson College of Engineering and Applied Science at Binghamton University.
“My research is on the intersection of IT architecture and system security,” she said. “So as systems evolve and improve, I explore the security aspect of those changes. “
She recently received a grant of $ 534,595 from the National Science Foundation to study side channel attacks, which occur when a malicious application can extract sensitive information from other applications running on the same system.
Modern computer systems use both a conventional central processing unit (CPU) as well as a graphics processing unit (GPU) – a heterogeneous design that works in tandem for multimedia and computing capabilities.
When an application needs a lot of computing power, the GPU works in parallel and can do the task very, very quickly – up to 100 times faster than the CPU. The GPU has thousands of single cores, and programmers can assign a small, essential task to each of these cores.
In mobile devices and laptops, the CPU and GPU are tightly integrated and share certain hardware resources like memory for efficient and fast data transfer. However, if a malicious application is running on one processor, it can launch an attack against another application running on the other processor, allowing an attacker to gain sensitive information about a user’s activities through shared resources.
These attacks are dangerous because they bypass built-in protections that only focus on the CPU or GPU, Naghibijouybari said: “A user can browse the web and the hacker’s application running on the GPU can monitor websites. that he visits, or he can steal a password when the user types it.
For the NSF grant, it has three main objectives:
- Investigate side channel attacks on components such as CPUs and GPUs in native applications on mobile devices, laptops and personal computers.
- Investigate similar threats in web browsers as Chrome, Firefox, and other major browsers also rely on GPUs to function efficiently. Hackers can launch a remote GPU attack to steal passwords, web histories, or similar sensitive information.
- Suggest ways to defend against both types of attacks. While apps can be isolated from the CPU or GPU, they cannot communicate using shared resources, outwitting hackers.
“Inter-component side channel attacks have never been explored before. If we don’t address and fix these issues on modern systems, side channel attacks will continue and threaten everyone’s privacy, so I think it’s really important for NSF to fund, ”Naghibijouybari said.
The SF grant is titled “Microarchitectural Side Channel Attacks and Defenses in Integrated CPU-GPU Systems” (price # 2130978).