CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University
Center for Education and Research in Information Assurance and Security

"Memory Analysis, Meet GPU Malware"

Golden G. Richard III - University of New Orleans

Oct 22, 2014

Size: 170.0MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

Abstract

Graphics Processing Units (GPUs) have evolved from very specialized,
idiosyncratic hardware intended to execute specialized graphics workloads
to semi-autonomous "supercomputers" that can be programmed easily using
common programming languages and powerful, portable APIs. GPUs also form
the basis for an emerging threat, GPU malware, which offloads important
aspects of malicious computations onto the GPU. The benefits of executing
malicious computations on the GPU include abundant compute power, a large
amount of semi-non-volatile memory, and perhaps most importantly, isolation
from host-based security measures. While memory analysis offers powerful
tools to detect and analyze traditional host-based malware, there are
essentially no equivalent tools for analyzing GPU malware. Furthermore,
existing general-purpose tools for debugging GPU applications are
completely ineffective if a large number of conditions are not established
before a GPU application is executed, all of which will certainly be
violated by weaponized GPU malware. This talk explores GPU malware in
detail, identifies why it's hard to analyze, and also discusses measures
that can easily employed to make analysis even more difficult. A primary
motivation for this research is the 2015 DFRWS Digital Forensics Challenge,
under development by Dr. Richard, the aim of which is to increase interest
in GPU malware analysis and foster the development of powerful tools to
analyze and combat this threat.

About the Speaker

Golden G. Richard III is Professor of Computer Science, University Research
Professor and Director of the Greater New Orleans Center for Information
Assurance (GNOCIA) at the University of New Orleans. Prof. Richard
received his Ph.D. in Computer Science from The Ohio State University in
1995 and has 35 years of experience in computer systems and computer
security. He is a Fellow of the American Academy of Forensic Sciences, a
member of the United States Secret Service Cybercrime Task Force, and
Chairman of the Board of Directors for DFRWS, a conference devoted to
digital forensics research. His research interests mirror his teaching
interests: digital forensics, reverse engineering, offensive computing,
operating systems internals, and malware analysis. In private practice, Dr.
Richard owns Arcane Alloy, LLC, and to further his agenda of absolutely no
time for sleep, Golden is also a professional music photographer--you can
check out his work at HighISOMusic.com.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.