TwinVisor

Li, Dingji; Mi, Zeyu; Xia, Yubin; Zang, Binyu; Chen, Haibo; Guan, Haibing

doi:10.1145/3477132.3483554

Cited by 22 publications

(8 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…LITE [82] proposes a co-design framework between CPU TEE and its GPU TEE though it is not adapted to endpoint GPUs. Existing Arm TEEs (e.g., SANCTUARY [72], TrustICE [83], Inktag [84], Trustshadow [85] and vTZ [73]) leverage the non-secure [73] and secure [40] Stage-2 translation to achieve access control, or protect the untrusted applications with traditional TrustZone techniques [84], [85]. However, they are yet to consider the confidential computation on endpoint GPU.…”

Section: Related Workmentioning

confidence: 99%

“…Most works [72], [73], [83], [86] defend against the threat from the non-secure components but consider Secure OS and secure applications as trusted. Recent studies [40], [53], [87], [88] start to confine and isolate the integrated and potentially vulnerable Secure OS. TEEv [88] implements a minimal controller on the same privilege of Secure OS (i.e., S-EL1), while PrOS [87] monitors them in EL3.…”

Section: Related Workmentioning

confidence: 99%

“…They require a non-trivial modification on TEE firmware to remove the mapping of critical regions, while STRONGBOX confines them via the secure Stage-2 translation without severe modifications on Secure OS or applications. Our defense mechanism against the secure OS is similar to Twinvisor [40] and Hafnium [89] but introduce a smaller TCB (i.e., no hypervisor). Rezone [53] partitions the integrated TEE with two additional peripherals: Platform Partition Controller (PPC) and Auxiliary Control Unit (ACU), while STRONGBOX is compatible to Arm endpoints with S-EL2 extension.…”

Section: Related Workmentioning

confidence: 99%

“…To handle potential attacks from this new threat model, we leverage a novel Arm feature, called secure virtualization, to restrict illegal access from the compromised secure OS and secure applications. To verify the feasibility of our defense mechanism, we prototype it on Arm Fixed Virtual Platforms (FVP) [39], which provides the official software-simulated Arm features and is widely used in other TEE works [40], [41], [42], [43]. We also measure the performance overhead of our prototype on Arm Juno R2 development board.…”

mentioning

confidence: 99%

See 3 more Smart Citations

Building a Lightweight Trusted Execution Environment for Arm GPUs

Wang,

Deng,

Ning

et al. 2024

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

A wide range of Arm endpoints leverage integrated and discrete GPUs to accelerate computation. However, Arm GPU security has not been explored by the community. Existing work has used Trusted Execution Environments (TEEs) to address GPU security concerns on Intel-based platforms, but there are numerous architectural differences that lead to novel technical challenges in deploying TEEs for Arm GPUs. There is a need for generalizable and efficient Arm-based GPU security mechanisms.To address these problems, we present STRONGBOX, the first GPU TEE for secured general computation on Arm endpoints. STRONGBOX provides an isolated execution environment by ensuring exclusive access to GPU. Our approach is based in part on a dynamic, fine-grained memory protection policy as Arm-based GPUs typically share a unified memory with the CPU. Furthermore, STRONGBOX reduces runtime overhead from the redundant security introspection operations. We also design an effective defense mechanism within secure world to protect the confidential GPU computation. Our design leverages the widely-deployed Arm TrustZone and generic Arm features, without hardware modification or architectural changes. We prototype STRONGBOX using an off-the-shelf Arm Mali GPU and perform an extensive evaluation. Results show that STRONGBOX successfully ensures GPU computation security with a low (4.70% -15.26%) overhead.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

mentioning

confidence: 99%

See 2 more Smart Citations

Building a Lightweight Trusted Execution Environment for Arm GPUs

Wang,

Deng,

Ning

et al. 2024

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

show abstract

“…We envision scenarios where users or third-party developers request a realm to persistently store and execute the confidential GPU applications. The realm user transfers sensitive data through a secure and encrypted channel [32], [58], [79] to the requested realm. To follow Arm CCA's realm-style architecture, the realm user provides (1) GPU task code and (2) descriptions of data buffers to the untrusted GPU software to help construct a stub execution environment, including metadata, GPU buffers, and GPU page table.…”

Section: A Cage Overviewmentioning

confidence: 99%

CAGE: Complementing Arm CCA with GPU Extensions

University),

Zhang,

Deng

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Confidential computing is an emerging technique that provides users and third-party developers with an isolated and transparent execution environment. To support this technique, Arm introduced the Confidential Computing Architecture (CCA), which creates multiple isolated address spaces, known as realms, to ensure data confidentiality and integrity in securitysensitive tasks. Arm recently proposed the concept of confidential computing on GPU hardware, which is widely used in generalpurpose, high-performance, and artificial intelligence computing scenarios. However, hardware and firmware supporting confidential GPU workloads remain unavailable. Existing studies leverage Trusted Execution Environments (TEEs) to secure GPU computing on Arm-or Intel-based platforms, but they are not suitable for CCA's realm-style architecture, such as using incompatible hardware or introducing a large trusted computing base (TCB). Therefore, there is a need to complement existing Arm CCA capabilities with GPU acceleration.To address this challenge, we present CAGE to support confidential GPU computing for Arm CCA. By leveraging the existing security features in Arm CCA, CAGE ensures data security during confidential computing on unified-memory GPUs, the mainstream accelerators in Arm devices. To adapt the GPU workflow to CCA's realm-style architecture, CAGE proposes a novel shadow task mechanism to manage confidential GPU applications flexibly. Additionally, CAGE leverages the memory isolation mechanism in Arm CCA to protect data confidentiality and integrity from the strong adversary. Based on this, CAGE also optimizes security operations in memory isolation to mitigate performance overhead. Without hardware changes, our approach uses the generic hardware security primitives in Arm CCA to defend against a privileged adversary. We present two prototypes to verify CAGE's functionality and evaluate performance, respectively. Results show that CAGE effectively provides GPU support for Arm CCA with an average of 2.45% performance overhead.

show abstract