Legacy device drivers implement both device resource management
and isolation. This results in a large code base with
a wide high-level interface making the driver vulnerable to
security attacks. This is particularly problematic for increasingly
popular accelerators like GPUs that have large, complex
drivers. We solve this problem with library drivers, a new
driver architecture. A library driver implements resource management
as an untrusted library in the application process
address space, and implements isolation as a kernel module
that is smaller and has a narrower lower-level interface (i.e.,
closer to hardware) than a legacy driver. We articulate a set
of device and platform hardware properties that are required
to retrofit a legacy driver into a library driver. To demonstrate
the feasibility and superiority of library drivers, we present
Glider, a library driver implementation for two GPUs of popular
brands, Radeon and Intel. Glider reduces the TCB size
and attack surface by about 35% and 84% respectively for a
Radeon HD 6450 GPU and by about 38% and 90% respectively
for an Intel Ivy Bridge GPU. Moreover, it incurs no
performance cost. Indeed, Glider outperforms a legacy driver
for applications requiring intensive interactions with the device
driver, such as applications using the OpenGL immediate
mode API.
and isolation. This results in a large code base with
a wide high-level interface making the driver vulnerable to
security attacks. This is particularly problematic for increasingly
popular accelerators like GPUs that have large, complex
drivers. We solve this problem with library drivers, a new
driver architecture. A library driver implements resource management
as an untrusted library in the application process
address space, and implements isolation as a kernel module
that is smaller and has a narrower lower-level interface (i.e.,
closer to hardware) than a legacy driver. We articulate a set
of device and platform hardware properties that are required
to retrofit a legacy driver into a library driver. To demonstrate
the feasibility and superiority of library drivers, we present
Glider, a library driver implementation for two GPUs of popular
brands, Radeon and Intel. Glider reduces the TCB size
and attack surface by about 35% and 84% respectively for a
Radeon HD 6450 GPU and by about 38% and 90% respectively
for an Intel Ivy Bridge GPU. Moreover, it incurs no
performance cost. Indeed, Glider outperforms a legacy driver
for applications requiring intensive interactions with the device
driver, such as applications using the OpenGL immediate
mode API.
more here.......http://arxiv.org/pdf/1411.3777.pdf