Trusted Display on Untrusted Commodity Platforms

Yu, M.; Gligor, Virgil D.; Zhou, Zongwei

doi:10.1145/2810103.2813719

Cited by 20 publications

(6 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While many works study how to use a hypervisor to build a trusted path to users (e.g. [60][61][62][63][64]), little work has been done in the trusted hardware setting. SGXIO [16] provides a hybrid solution that combines SGX with hypervisor techniques to allow a trusted I/O path with unmodified devices.…”

Section: Discussion and Extensionsmentioning

confidence: 99%

Fidelius: Protecting User Secrets from Compromised Browsers

Eskandarian

Cogan

Birnbaum

et al. 2019

2019 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

Users regularly enter sensitive data, such as passwords, credit card numbers, or tax information, into the browser window. While modern browsers provide powerful clientside privacy measures to protect this data, none of these defenses prevent a browser compromised by malware from stealing it. In this work, we present Fidelius, a new architecture that uses trusted hardware enclaves integrated into the browser to enable protection of user secrets during web browsing sessions, even if the entire underlying browser and OS are fully controlled by a malicious attacker.Fidelius solves many challenges involved in providing protection for browsers in a fully malicious environment, offering support for integrity and privacy for form data, JavaScript execution, XMLHttpRequests, and protected web storage, while minimizing the TCB. Moreover, interactions between the enclave and the browser, the keyboard, and the display all require new protocols, each with their own security considerations. Finally, Fidelius takes into account UI considerations to ensure a consistent and simple interface for both developers and users.As part of this project, we develop the first open source system that provides a trusted path from input and output peripherals to a hardware enclave with no reliance on additional hypervisor security assumptions. These components may be of independent interest and useful to future projects.We implement and evaluate Fidelius to measure its performance overhead, finding that Fidelius imposes acceptable overhead on page load and user interaction for secured pages and has no impact on pages and page components that do not use its enhanced security features.

show abstract

Section: Discussion and Extensionsmentioning

confidence: 99%

Fidelius: Protecting User Secrets from Compromised Browsers

Eskandarian

Cogan

Birnbaum

et al. 2019

2019 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

show abstract

“…Prior work has attempted to reduce trust on privileged host [41] via hardware support on the GPU [38] or on the CPU [18]. Graviton [38] extends the GPU with support for secure resource management, and relies on a trusted GPU runtime hosted in a process-based CPU TEE to manage the TEE lifecycle.…”

Section: Related Workmentioning

confidence: 99%

Confidential Machine Learning within Graphcore IPUs

Vaswani¹,

Volos²,

Fournet³

et al. 2022

Preprint

View full text Add to dashboard Cite

We present IPU Trusted Extensions (ITX), a set of experimental hardware extensions that enable trusted execution environments in Graphcore's AI accelerators.ITX enables the execution of AI workloads with strong confidentiality and integrity guarantees at low performance overheads. ITX isolates workloads from untrusted hosts, and ensures their data and models remain encrypted at all times except within the IPU. ITX includes a hardware root-of-trust that provides attestation capabilities and orchestrates trusted execution, and on-chip programmable cryptographic engines for authenticated encryption of code and data at PCIe bandwidth. We also present software for ITX in the form of compiler and runtime extensions that support multi-party training without requiring a CPU-based TEE.Experimental support for ITX is included in Graphcore's GC200 IPU taped out at TSMC's 7nm technology node. Its evaluation on a development board using standard DNN training workloads suggests that ITX adds less than 5% performance overhead, and delivers up to 17x better performance compared to CPU-based confidential computing systems relying on AMD SEV-SNP.

show abstract

“…For instance, Zhou et al propose a trusted path to a single USB device [69]. Yu et al demonstrate how to build a trusted path for display [70]. Filyanov et al discuss a pure uni-directional trusted path using the TPM and Intel TXT [71].…”

Section: Related Workmentioning

confidence: 99%

Enabling Rack-scale Confidential Computing using Heterogeneous Trusted Execution Environment

Zhu

Hou

Wang

et al. 2020

2020 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

With its huge real-world demands, large-scale confidential computing still cannot be supported by today's Trusted Execution Environment (TEE), due to the lack of scalable and effective protection of high-throughput accelerators like GPUs, FPGAs, and TPUs etc. Although attempts have been made recently to extend the CPU-like enclave to GPUs, these solutions require change to the CPU or GPU chips, may introduce new security risks due to the side-channel leaks in CPU-GPU communication and are still under the resource constraint of today's CPU TEE.To address these problems, we present the first Heterogeneous TEE design that can truly support large-scale compute or data intensive (CDI) computing, without any chip-level change. Our approach, called HETEE, is a device for centralized management of all computing units (e.g., GPUs and other accelerators) of a server rack. It is uniquely designed to work with today's data centres and clouds, leveraging modern resource pooling technologies to dynamically compartmentalize computing tasks, and enforce strong isolation and reduce TCB through hardware support. More specifically, HETEE utilizes the PCIe ExpressFabric to allocate its accelerators to the server node on the same rack for a non-sensitive CDI task, and move them back into a secure enclave in response to the demand for confidential computing. Our design runs a thin TCB stack for security management on a security controller (SC), while leaving a large set of software (e.g., AI runtime, GPU driver, etc.) to the integrated microservers that operate enclaves. An enclaves is physically isolated from others through hardware and verified by the SC at its inception. Its microserver and computing units are restored to a secure state upon termination.We implemented HETEE on a real hardware system, and evaluated it with popular neural network inference and training tasks. Our evaluations show that HETEE can easily support the CDI tasks on the real-world scale and incurred a maximal throughput overhead of 2.17% for inference and 0.95% for training on ResNet152.Recent years have seen attempts to support the heterogeneous TEE. Examples include Graviton [15] and HIX [16]. However, all these approaches require changes to CPU and (or) GPU chips, which prevents the use of existing hardware, and also incurs a long and expensive development cycle to chip manufacturers and therefore may not happen in the near 1450 2020 IEEE Symposium on Security and Privacy

show abstract

Trusted Display on Untrusted Commodity Platforms

Cited by 20 publications

References 25 publications

Fidelius: Protecting User Secrets from Compromised Browsers

Fidelius: Protecting User Secrets from Compromised Browsers

Confidential Machine Learning within Graphcore IPUs

Enabling Rack-scale Confidential Computing using Heterogeneous Trusted Execution Environment

Contact Info

Product

Resources

About