Xavier Bellekens
Greig Paul
ABSTRACT
Recent advances in the massively parallel computational abilities of graphical processing units (GPUs) have increased their use for general purpose computation, as companies look to take advantage of big data processing techniques. This has given rise to the potential for malicious software targeting GPUs, which is of interest to forensic investigators examining the operation of software. The ability to carry out reverse-engineering of software is of great importance within the security and forensics fields, particularly when investigating malicious software or carrying out forensic analysis following a successful security breach. Due to the complexity of the Nvidia CUDA (Compute Unified Device Architecture) framework, it is not clear how best to approach the reverse engineering of a piece of CUDA software. We carry out a review of the different binary output formats which may be encountered from the CUDA compiler, and their implications on reverse engineering. We then demonstrate the process of carrying out disassembly of an example CUDA application, to establish the various techniques available to forensic investigators carrying out black-box disassembly and reverse engineering of CUDA binaries. We show that the Nvidia compiler, using default settings, leaks useful information. Finally, we demonstrate techniques to better protect intellectual property in CUDA algorithm implementations from reverse engineering.
- X. J. A. Bellekens, G. Paul, J. Irvine, C. Tachtatzis, R. C. Atkinson, C. Renfrew, and T. Kirkham. Data remanence and digital forensic investigation for CUDA graphics processing units. In Proceedings of the 1ST IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies, DISSECT 2015. IEEE, 2015.Google Scholar
Cross Ref
- X. J. A. Bellekens, C. Tachtatzis, R. C. Atkinson, C. Renfrew, and T. Kirkham. A highly-efficient memory-compression scheme for GPU-accelerated intrusion detection systems. In Proceedings of the 7th International Conference on Security of Information and Networks, SIN '14, pages 302:302--302:309, New York, NY, USA, 2014. ACM. Google ScholarDigital Library
- S. Breß, S. Kiltz, and M. Schäler. Forensics on GPU coprocessing in databases - research challenges, first experiments, and countermeasures. In Datenbanksysteme für Business, Technologie und Web (BTW), - Workshopband, 15. Fachtagung des GI-Fachbereichs "Datenbanken und Informationssysteme" (DBIS), 11.-15.3.2013 in Magdeburg, Germany. Proceedings, pages 115--129, 2013.Google Scholar
- J. Cheng, M. Grossman, and T. McKercher. Professional CUDA C Programming. EBL-Schweitzer. Wiley, 2014. Google ScholarDigital Library
- E. Chikofsky and I. Cross, J.H. Reverse engineering and design recovery: a taxonomy. Software, IEEE, 7(1):13--17, Jan 1990. Google ScholarDigital Library
- S. Cook. CUDA Programming: A Developer's Guide to Parallel Computing with GPUs. Applications of GPU computing series. Morgan Kaufmann, 2013. Google ScholarDigital Library
- D. Distler. SANS institute - malware analysis: An introduction.Google Scholar
- Q. Dong, T. Li, S. Zhang, X. Jiao, and J. Leng. Ptx2kernel: Converting ptx code into compilable kernels. 2015.Google Scholar
- E. Eilam. Reversing: Secrets of Reverse Engineering. Wiley, 2011. Google ScholarDigital Library
- G. Giunta, R. Montella, G. Agrillo, and G. Coviello. gVirtuS: A GPGPU transparent virtualization component.Google Scholar
- H. Huang, S. Zhu, P. Liu, and D. Wu. A framework for evaluating mobile app repackaging detection algorithms. In M. Huth, N. Asokan, S. Čapkun, I. Flechais, and L. Coles-Kemp, editors, Trust and Trustworthy Computing, volume 7904 of Lecture Notes in Computer Science, pages 169--186. Springer Berlin Heidelberg, 2013.Google Scholar
- E. Ladakis, L. Koromilas, G. Vasiliadis, M. Polychronakis, and S. Ioannidis. You can type, but you can't hide: A stealthy GPU-based keylogger. Proceedings of the 6th European Workshop on System Security (EuroSec), 2013.Google Scholar
- D. Low. Protecting Java code via code obfuscation. Crossroads, 4(3):21--23, Apr. 1998. Google ScholarDigital Library
- K. Makan and S. Alexander-Bown. Android Security Cookbook. Packt Publishing, 2013. Google ScholarDigital Library
- S. Manavski. CUDA compatible GPU as an efficient hardware accelerator for AES cryptography. In Signal Processing and Communications, 2007. ICSPC 2007. IEEE International Conference on, pages 65--68, Nov 2007.Google ScholarCross Ref
- G. Naumovich and N. Memon. Preventing piracy, reverse engineering, and tampering. Computer, 36(7):64--71, 2003. Google ScholarDigital Library
- Nvidia. CUDA toolkit documentation v7.0.Google Scholar
- Nvidia. Using inline PTX assembly in CUDA.Google Scholar
- D. Reynaud. GPU powered malware. In Ruxcon, Sydney, Australia, 11 2008.Google Scholar
- P. Stewin, J.-P. Seifert, and C. Mulliner. Poster: Towards detecting DMA malware. In Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS '11, pages 857--860, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- T. Systä and U. Tamperensis. Static and dynamic reverse engineering techniques for Java software systems. 2000.Google Scholar
- G. Vasiliadis, M. Polychronakis, and S. Ioannidis. GPU-assisted malware. International Journal of Information Security, pages 1--9, 2010. Google ScholarDigital Library
- N. Wilt. The CUDA Handbook: A Comprehensive Guide to GPU Programming. Pearson Education, 2013.Google Scholar
Recommendations
A performance study of general-purpose applications on graphics processors using CUDA
Graphics processors (GPUs) provide a vast number of simple, data-parallel, deeply multithreaded cores and high memory bandwidths. GPU architectures are becoming increasingly programmable, offering the potential for dramatic speedups for a variety of ...
Parallelization of a Video Segmentation Algorithm on CUDA---Enabled Graphics Processing Units
Euro-Par '09: Proceedings of the 15th International Euro-Par Conference on Parallel ProcessingNowadays, Graphics Processing Units (GPU) are emerging as SIMD coprocessors for general purpose computations, specially after the launch of nVIDIA CUDA. Since then, some libraries have been implemented for matrix computation and image processing. ...
Acceleration of grammatical evolution using graphics processing units: computational intelligence on consumer games and graphics hardware
GECCO '11: Proceedings of the 13th annual conference companion on Genetic and evolutionary computationSeveral papers show that symbolic regression is suitable for data analysis and prediction in financial markets. Grammatical Evolution (GE), a grammar-based form of Genetic Programming (GP), has been successfully applied in solving various tasks ...
Comments