[osg-users] Question about security of shader developments

Damian Dixon damian.dixon at gmail.com
Thu Jan 31 01:16:59 PST 2019


Hi,

I don't know what the OSG solution to this would be.

You could obfuscate the shader code. Though to be honest this would only
slow someone down not stop them from obtaining the shader source.

In addition to obfusication put the shader source into the DLL/exe and
potentially hide the strings by a simple rotation or masking of the data.

You could add additional logic to detect OpenGL/GPU debuggers and/or check
the OpenGL shared library is loaded from sensible locations.

The other options would be to look at the following in OpenGL. I've not
used either of them so they may not work particularly well.

   - https://www.khronos.org/registry/OpenGL/extensions/ARB/ARB_gl_spirv.txt
   (OpenGL 4.6)
   -
   https://www.khronos.org/registry/OpenGL-Refpages/gl4/html/glShaderBinary.xhtml
   (OpenGL 4.1)

You may find that the SPIRV extension is not widely supported yet on all
GPUs and drivers (mesa support is not yet there) that your customers are
using. SPIRV modules are an intermediate compiled representation of the
shaders so someone with a lot of time could reverse engineer.

The shader binary I believe may be limited to the GPU/driver that it was
compiled for.

Also OSG would need to be modified to use SPIRV or shader binaries.

Most of this is a trade off between cost of implementation, additional test
and support costs and lost revenue.

Regards
Damian




On Wed, 30 Jan 2019 at 17:50, Werner Modenbach <texion at modenbach-ac.de>
wrote:

> Dear Robert, dear community,
>
> I use OSG since many years now with great success. But being honest I
> usually just use the osg api and direct gl calls are very rare in our code.
> That's the reason why I ask people with more gl experience here.
> I'm working in a commercial environment. Unfortunately we have very bad
> experience about the security of our developments
> especially with a famous Asian country. Cracking and copying is the
> normal case there.
> During the years we have established a quite secure environment for our
> executables by encrypting the them and by detecting
> debugging and sniffing tools running in parallel.
> There is mainly one really weak part, the shaders we develop.
> We spent years now in very complex and highly optimized shaders and I
> have sleepless nights knowing that the shader code is
> transferred to the driver as plain source code.
> My question: Is there any way solving this problem? Is there any driver
> api for that? I searched all over OSG but didn't find anything.
> Is this feature missing in general or is it just not in the OSG api?
> If all the questions are answered NO can anybody provide a contact to
> NVIDIA for discussing this problem?
>
> Many thanks in advance for any hints and help.
>
> - Werner -
>
>
> _______________________________________________
> osg-users mailing list
> osg-users at lists.openscenegraph.org
> http://lists.openscenegraph.org/listinfo.cgi/osg-users-openscenegraph.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openscenegraph.org/pipermail/osg-users-openscenegraph.org/attachments/20190131/0e477f22/attachment.html>


More information about the osg-users mailing list