“检测到死像素”——苹果图形子系统的安全评估.pdf

《“检测到死像素”——苹果图形子系统的安全评估.pdf》由会员分享，可在线阅读，更多相关《“检测到死像素”——苹果图形子系统的安全评估.pdf（67页珍藏版）》请在三个皮匠报告上搜索。

1、#BHUSA BlackHatEventsDead pixel detected-A Security Assessment of ApplesGraphics Subsystem#BHUSA BlackHatEventsAbout usAbout usYu WangCo-founder&CEO at CWeiteng ChenMicrosoft Research R#BHUSA BlackHatEventsA Quick Introduction to(Apple)Graphics Subsystem#BHUSA BlackHatEventsA quick introduction to G

2、PUA quick introduction to GPURather than drafting your own GPU overview,check out how GPU manufacturers describe their products.NVIDIA&Mythbusters:Mythbusters Demo GPU versus CPUhttps:/web.archive.org/web/20201007031633/https:/ BlackHatEventsThe key componentsThe key componentsFramebufferCommand que

3、ue and data sharing(The 10-second countdown can be regarded as preparation for data and instructions)Command submissionMythbusters Demo GPU versus CPU#BHUSA BlackHatEventsCentral Processing Unit/Application ProcessorGraphics Processing UnitGPU OS/HypervisorFirmwareUser ModeKernel ModeDRM/Dxgkrnl/IOG

4、PUFamilyPlug-in Kernel DriversLets start with the simplest formLets start with the simplest formBrowser3DModelingGaming.ApplicationRuntime FrameworkTalk directly to the kernel mode driversDead pixel detected-A Security Assessment of ApplesGraphics SubsystemOpenGL/VulkanCUDA/Direct3D/Metal.#BHUSA Bla

5、ckHatEventsCentral Processing Unit/Application ProcessorGraphics Processing UnitGPU OS/HypervisorFirmwareUser ModeKernel ModeDRM/Dxgkrnl/IOGPUFamilyPlug-in Kernel DriversVertexProcessingPrimitiveAssemblyFragmentGenerationFramebufferOperationShadingLanguageInterpreter&LLVMWrapper Layer:libDRM,etc.Acc

6、eleratedEncryptionDecryptionCompressionFrom command to ring bufferFrom command to ring bufferBrowser3DModelingGaming.ApplicationRuntime Frameworkioctl-style InterfacesRing BufferCommandQueue 0CommandQueue 1CommandQueue N.ConstructionExecutionDead pixel detected-A Security Assessment of ApplesGraphic