Analyzing Secure Memory Architecture for GPUs

Yuan, Shougang; Yudha, Ardhi Wiratama Baskara; Solihin, Yan; Zhou, Huiyang

doi:10.1109/ispass51385.2021.00017

Cited by 6 publications

(4 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although encryption/decryption latency is relatively high when performed in software, GPU is good at hiding it via thread-level parallelism, resulting in nearly negligible encryption overheads. This observation is also consistent with the findings in the prior work [26]. However, anything that reduces the degree of thread-level parallelism can easily introduce high execution time overheads.…”

Section: Lite Performance Overheadsupporting

confidence: 92%

“…They proposed to group several data blocks to have a common counter to reduce counter cache misses. Yuan et al [26] analyzed the performance implication of counter mode encryption for secure GPU memory. They observed that the increase in memory traffic due to accessing security metadata, including counters and MACs, is the main contributor to performance degradation.…”

Section: Related Workmentioning

confidence: 99%

“…However, since current GPUs do not support TEEs, users sacrifice security and privacy when offloading computation to GPUs. Recently researchers have looked at providing TEE on GPUs [7,23,26,27]. While these solutions work, they do not address inter-operability with CPU TEE.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Lite

Yudha

Meyer

Yuan

et al. 2022

Proceedings of the 36th ACM International Conference on Supercomputing

Self Cite

View full text Add to dashboard Cite

There is a strong need for GPU trusted execution environments (TEEs) as GPU is increasingly used in the cloud environment. However, current proposals either ignore memory security (i.e., not encrypting memory) or impose a separate memory encryption domain from the host TEE, causing a very substantial slowdown for communicating data from/to the host.In this paper, we propose a flexible GPU memory encryption design called LITE that relies on software memory encryption aided by small architecture support. LITE's flexibility allows GPU TEE to be co-designed with CPU to create a unified encryption domain. We show that GPU applications can be adapted to the use of LITE encryption APIs without major changes. Through various optimizations, we show that software memory encryption in LITE can produce negligible performance overheads (1.1%) for regular benchmarks and still-acceptable overheads (56%) for irregular benchmarks.

show abstract

Section: Lite Performance Overheadsupporting

confidence: 92%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Lite

Yudha

Meyer

Yuan

et al. 2022

Proceedings of the 36th ACM International Conference on Supercomputing

Self Cite

View full text Add to dashboard Cite

show abstract

“…We assume that that the memory on a TEE-DSA node (e.g., Graviton [26], SheF [29]), is part of the chip that an attacker cannot infiltrate, such as-high performance 3D stacked memories [51] for accelerators [52], GPU [53], and SoCs [54]. For off-core memory, memory encryption and integrity protection proposals on GPU [55,56], NPU [57,58], and data center accelerators [59] can thwart physical attackers with some performance penalties. However, protecting non-TEE nodes is a significant challenge as no such protection mechanisms are available for legacy nodes.…”

Section: Security Considerationsmentioning

confidence: 99%

Empowering Data Centers for Next Generation Trusted Computing

Dhar¹,

Sridhara²,

Shinde³

et al. 2022

Preprint

View full text Add to dashboard Cite

Modern data centers have grown beyond CPU nodes to provide domain-specific accelerators such as GPUs and FP-GAs to their customers. From a security standpoint, cloud customers want to protect their data. They are willing to pay additional costs for trusted execution environments such as enclaves provided by Intel SGX and AMD SEV. Unfortunately, the customers have to make a critical choice-either use domain-specific accelerators for speed or use CPU-based confidential computing solutions.To bridge this gap, we aim to enable data-center scale confidential computing that expands across CPUs and accelerators. We argue that having wide-scale TEE-support for accelerators presents a technically easier solution, but is far away from being a reality. Instead, our hybrid design provides enclaved execution guarantees for computation distributed over multiple CPU nodes and devices with/without TEE support. Our solution scales gracefully in two dimensions-it can handle a large number of heterogeneous nodes and it can accommodate TEE-enabled devices as and when they are available in the future. We observe marginal overheads of 0.42-8% on real-world AI data center workloads that are independent of the number of nodes in the data center. We add custom TEE support to two accelerators (AI and storage) and integrate it into our solution, thus demonstrating that it can cater to future TEE devices.

show abstract