GPGPU boom and the consequences…

[Tharic-Nar]

The explosive interest in GPGPU’s is something that has been a long time coming, and it is only now that there is a real push for it. It could unlock some of that latent potential that’s been building up over the years, along with SSD’s to give systems that bandwidth kick. But there is a real concern that’ll probably show its head soon enough, that of GPGPU viruses.

The internals of the GPU are somewhat out of site, the only way to peer into them is with the use of 3rd party apps, like Rivatuner. But with the interest in GPGPU capabilities, the OS’s will need to provide an easier way for users to monitor their GPU’s, like a modified taskmanager. Think down the line, the GPU will become like that of a specialised CPU, with its own processes and memory to manage. If there was no way to monitor it sufficiently, then what if a virus was to make it’s way onto your GPU? You would have no way to know if it’s consuming your resources, AntiVirus wouldn’t detect it, no way to shut it down, as well as consume large amounts of power should it want to. While a lot of these problems are some ways off, it is important to think about them now and at least prepare for them.

To begin with, OpenCL and CUDA may be like that of API’s with regard to the GPU, not directly executing code but just telling the GPU what to do, these would still require a thread on the OS, to which AV’s could monitor. As the technologies develop, it may then be possible to execute code directly on the GPU, which could bypass the AV, resulting in the above situations. I do not fully understand the capabilities or the processes involved with executing GPU based applications since I am not a programmer, but I still think these are justifiable concerns.

Am I overly paranoid, as well as getting things muddled up?

 

[Kougar]

That's a rather interesting idea. The only way a virus could infect a GPU would be to write itself into the card's BIOS, pretty much the same way some viruses would write themselves into a motherboard's BIOS (and hence why some boards had built-in BIOS AV scanning on boot!). But having done so there is not much a virus could do unless the goal was to either destroy the card or cause constant crashes.

There isn't any viable way for a virus to get inside a CPU, and although proof-of-concept designs have been shown they are extremely model specific as they must rely on known execution flaws. This allows the virus full control of any OS running on the machine, or provides a way to bypass it completely without the OS being able to do a thing about it.

However all it would take was a power cycling of the computer to erase it from the CPU's buffers... Generally the OS is the only thing you should worry about for a virus... or perhaps your network router. Hacked/modified router firmware is becoming an issue, and I've heard of viruses that propagate around the net looking for unprotected/default setting linux-based routers to reflash. A compromised router can record, sort, and simply retransmit all the online data to other locations without the user ever knowing, especially with data sent to/from known financial websites.

 

[Tharic-Nar]

I mean Malware in general rather than a virus explicitly, anything that could interact with the systems OS and applications (thus access to user data if need be), but with the help of the GPU.

I will admit to my naivety somewhat, as i am probably over generalizing and missing things out. AV's can search system memory, but they probably can't search GPU memory. I know that a simple shutdown will probably wipe any trace of a virus resident in volatile memory, but thats not the point, it's the fact that it can become resident in a live system through some external means (flash, java, browser exploit, etc).

With HT or Quickpath can a CPU send instructions directly to the GPU without going through system memory? I know a virus would need to communicate with the CPU first, which probably means system memory will be involved regardless... but in a rudimentary manor, with the use of GPU API's, could a CPU use the GPU's memory like system memory, there by completely avoiding an AV's ability to monitor system memory. It would probably be significantly slower than using system memory, but again, not the point, malware isn't in any rush.

Say a set of small files are decrypted sequential, using system ram, with the final contents being dumped straight into GPU memory. The CPU then accesses these files for processing, but always saving back any changes to the GPU. The CPU can then freely interrogate and change system memory based on the instructions stored in GPU memory, possibly helped by innocuous use of system memory if need be, keeping things separate as to not alarm the AV's heuristic scanning. So the malware is spread out over both system and GPU based memory, with the only point of aggregation at the CPU

Like i said, i am somewhat naive as to this level of component and data interaction and is definitely beyond my scope.

I am jumping the gun somewhat, but this is more of a future concern, where GPU's may not be limited by API's, but my guess is, as soon as that level is reached, then AV's would be able to interrogate the GPU freely. My concern is what evil things may lurk as a result of Direct Compute and OpenCL creating a platform agnostic system, AV's would need OpenCL extensions to see what's happening 'behind the scenes'.

 

[Kougar]

Malware, virus, there isn't much difference as they are all various types of programs. There isn't really anything a virus would need to do that would require a GPU (I suppose it could borrow the GPU to crack encryption, but it'd make more sense to send the data elsewhere for cracking using better GPUs), but even if it did it would still require an OS to execute itself within before it can use the GPU drivers to control the GPU. As long as the OS controls the drivers then an anti-virus can scan and monitor for virus signatures.

Bad stuff, whether you call it a virus, malware, spyware, adware, trojan, or anything else requires software present to execute itself. It either has to be software based, or firmware based. Firmware is just hardware level code that runs the hardware, but it can only do/affect/run whatever it physically controls and is attached to... so in this instance it makes little sense to write a GPU BIOS (firmware) level virus because it wouldn't be good for much of anything, all it could do was control the graphics card. Routers can only control themselves, but because financial data is piped through them they are attractive targets, and have the built-in ability to direct attacks at other targets. There isn't anything of value that a GPU could access or do anything with.

The GPU doesn't quite function as you describe, for it to do so it would require it's own "OS" and it would function as a sort of micro-computer. With a modern GPU everything is handled at the software level with the GPU drivers controlling data that goes in and out of the GPU, and controlling what is exchanged between it and the system RAM. At least for the time being this isn't going to be an issue, thankfully.