ACAI: Protecting Accelerator Execution with Arm Confidential Computing Architecture

METADATA ONLY

Author / Producer

Sridhara, Supraja Bertschi, Andrin Schlüter, Benedict

Date

2023-10-25

Publication Type

Working Paper

ETH Bibliography

yes

Citations

Altmetric
METADATA ONLY

Data

Rights / License

Abstract

Trusted execution environments in several existing and upcoming CPUs demonstrate the success of confidential computing, with the caveat that tenants cannot securely use accelerators such as GPUs and FPGAs. In this paper, we reconsider the Arm Confidential Computing Architecture (CCA) design, an upcoming TEE feature in Armv9-A, to address this gap. We observe that CCA offers the right abstraction and mechanisms to allow confidential VMs to use accelerators as a first-class abstraction. We build ACAI, a CCA-based solution, with a principled approach of extending CCA security invariants to device-side access to address several critical security gaps. Our experimental results on GPU and FPGA demonstrate the feasibility of ACAI while maintaining security guarantees.

Permanent link

http://hdl.handle.net/20.500.11850/644731

Publication status

published

External links

Arxiv: 2305.15986 north_east
https://doi.org/10.48550/ARXIV.2305.15986 north_east

Editor

Book title

Journal / series

Volume

Pages / Article No.

2305.15986

Publisher

Cornell University

Event

Edition / version

v2

Methods

Software

Geographic location

Date collected

Date created

Subject

Cryptography and Security (cs.CR); FOS: Computer and information sciences

Organisational unit

09730 - Shinde, Shweta Shivaji / Shinde, Shweta Shivaji check_circle

Notes

Funding

Related publications and datasets

Is previous version of:

More

Show all metadata