Composite Enclaves: Towards Disaggregated Trusted Execution

Schneider, Moritz; Dhar, Aritra; Puddu, Ivan; Kostiainen, Kari; Čapkun, Srđjan

doi:10.46586/tches.v2022.i1.630-656

Cited by 8 publications

(4 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…CVA6 host core CVA6 [44] is the heart of Shaheen. It is an open-source 6-stages, single-issue, in-order, 64-bit Linux-capable RISC-V core, supporting the RV64GC ISA variant, SV39 virtual memory with a dedicated Memory Management Unit (MMU), three levels of privilege (Machine, Supervisor, User), and PMP [19]. In the context of this work, the baseline version of CVA6 has been enhanced with 2 extra features to provide high-assurance isolation between the different applications coexisting on the core:…”

Section: Shaheen Architecurementioning

confidence: 99%

“…In particular, the Hypervisor extension aims to provide confidentiality and integrity of virtual machines (VM) by enforcing isolation (via two-stage virtual memory) between multiple consolidated guest OSes, i.e., General Purpose OS (GPOS) and RTOS. To further isolate the execution of these coexisting software stacks (trusted and untrusted), prevent security threats, and ensure multi-domain operations, the host core features Physical Memory Protection (PMP) [19] and ISA and micro-architecture extensions for timing channel mitigation [20]. Namely, the PMP aims to provide confidentiality and integrity by limiting the physical addresses accessible by software running on CVA6.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Shaheen: An Open, Secure, and Scalable RV64 SoC for Autonomous Nano-UAVs

Valente,

Veeran,

Sinigaglia

et al. 2023

2023 IEEE Hot Chips 35 Symposium (HCS)

View full text Add to dashboard Cite

The rapid advancement of energy-efficient parallel ultra-low-power (ULP) µcontrollers units (MCUs) is enabling the development of autonomous nano-sized unmanned aerial vehicles (nano-UAVs). These sub-10cm drones represent the next generation of unobtrusive robotic helpers and ubiquitous smart sensors. However, nano-UAVs face significant power and payload constraints while requiring advanced computing capabilities akin to standard drones, including real-time Machine Learning (ML) performance and the safe co-existence of general-purpose and real-time OSs. Although some advanced parallel ULP MCUs offer the necessary ML computing capabilities within the prescribed power limits, they rely on small main memories (<1MB) and µcontroller-class CPUs with no virtualization or security features, and hence only support simple bare-metal runtimes. In this work, we present Shaheen, a 9mm 2 200mW SoC implemented in 22nm FDX technology. Differently from state-of-the-art MCUs, Shaheen integrates a Linux-capable RV64 core, compliant with the v1.0 ratified Hypervisor extension and equipped with timing channel protection, along with a low-cost and low-power memory controller exposing up to 512MB of off-chip low-cost low-power HyperRAM directly to the CPU. At the same time, it integrates a fully programmable energy-and area-efficient multi-core cluster of RV32 cores optimized for general-purpose DSP as well as reduced-and mixed-precision ML. To the best of the authors' knowledge, it is the first silicon prototype of a ULP SoC coupling the RV64 and RV32 cores in a heterogeneous host+accelerator architecture fully based on the RISC-V ISA. We demonstrate the capabilities of the proposed SoC on a wide range of benchmarks relevant to nano-UAV applications including general-purpose DSP as well as inference and online learning of quantized DNNs. The cluster can deliver up to 90GOp/s and up to 1.8TOp/s/W on 2-bit integer kernels and up to 7.9GFLOp/s and up to 150GFLOp/s/W on 16-bit FP kernels.

show abstract

Section: Shaheen Architecurementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Shaheen: An Open, Secure, and Scalable RV64 SoC for Autonomous Nano-UAVs

Valente,

Veeran,

Sinigaglia

et al. 2023

2023 IEEE Hot Chips 35 Symposium (HCS)

View full text Add to dashboard Cite

show abstract

“…Another line of research has shown the feasibility of doing enclaved execution on unmodified devices by extending the CPU-TEE protection. They leverage MMU protection to protect memory-mapped devices and perform bus-level isolation since devices are physically connected to a TEE host [35][36][37].…”

Section: Related Workmentioning

confidence: 99%

“…One potential solution to address this problem is to make all nodes TEE-enabled, but this is not a practical. For protecting non-TEE nodes, prior works have shown the feasibility of doing so via bus-level isolation if they are directly physically connected to a TEE host [35][36][37]. Such host-centric solutions do not apply to a data-center setting where nodes are connected in clusters and racks as shown in Fig.…”

Section: Introductionmentioning

confidence: 99%

Empowering Data Centers for Next Generation Trusted Computing

Dhar¹,

Sridhara²,

Shinde³

et al. 2022

Preprint

View full text Add to dashboard Cite

Modern data centers have grown beyond CPU nodes to provide domain-specific accelerators such as GPUs and FP-GAs to their customers. From a security standpoint, cloud customers want to protect their data. They are willing to pay additional costs for trusted execution environments such as enclaves provided by Intel SGX and AMD SEV. Unfortunately, the customers have to make a critical choice-either use domain-specific accelerators for speed or use CPU-based confidential computing solutions.To bridge this gap, we aim to enable data-center scale confidential computing that expands across CPUs and accelerators. We argue that having wide-scale TEE-support for accelerators presents a technically easier solution, but is far away from being a reality. Instead, our hybrid design provides enclaved execution guarantees for computation distributed over multiple CPU nodes and devices with/without TEE support. Our solution scales gracefully in two dimensions-it can handle a large number of heterogeneous nodes and it can accommodate TEE-enabled devices as and when they are available in the future. We observe marginal overheads of 0.42-8% on real-world AI data center workloads that are independent of the number of nodes in the data center. We add custom TEE support to two accelerators (AI and storage) and integrate it into our solution, thus demonstrating that it can cater to future TEE devices.

show abstract

Conclusion

Shepherd,

Markantonakis

2024

Trusted Execution Environments

View full text Add to dashboard Cite

Composite Enclaves: Towards Disaggregated Trusted Execution

Cited by 8 publications

References 10 publications

Shaheen: An Open, Secure, and Scalable RV64 SoC for Autonomous Nano-UAVs

Shaheen: An Open, Secure, and Scalable RV64 SoC for Autonomous Nano-UAVs

Empowering Data Centers for Next Generation Trusted Computing

Conclusion

Contact Info

Product

Resources

About