CAGE: Complementing Arm CCA with GPU Extensions

Chenxu Wang, Fengwei Zhang, Yunjie Deng, Kevin Leach, Jiannong Cao, Zhenyu Ning, Shoumeng Yan, Zhengyu He

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

Abstract

Confidential computing is an emerging technique that provides users and third-party developers with an isolated and transparent execution environment. To support this technique, Arm introduced the Confidential Computing Architecture (CCA), which creates multiple isolated address spaces, known as realms, to ensure data confidentiality and integrity in security sensitive tasks. Arm recently proposed the concept of confidential computing on GPU hardware, which is widely used in general purpose, high-performance, and artificial intelligence computing scenarios. However, hardware and firmware supporting confidential GPU workloads remain unavailable. Existing studies leverage Trusted Execution Environments (TEEs) to secure GPU computing on Arm- or Intel-based platforms, but they are not suitable for CCA’s realm-style architecture, such as using incompatible hardware or introducing a large trusted computing base (TCB). Therefore, there is a need to complement existing Arm CCA capabilities with GPU acceleration.
Original languageEnglish
Title of host publicationThe Network and Distributed System Security Symposium
Subtitle of host publicationNDSS Symposium 2024
Pages1-16
Number of pages16
ISBN (Electronic)ISBN 1-891562-93-2
DOIs
Publication statusPublished - 27 Feb 2024
EventThe Network and Distributed System Security Symposium (NDSS) 2024 - San Diego, United States
Duration: 26 Feb 20241 Mar 2024
https://www.ndss-symposium.org/ndss2024/

Conference

ConferenceThe Network and Distributed System Security Symposium (NDSS) 2024
Country/TerritoryUnited States
CitySan Diego
Period26/02/241/03/24
Internet address

Fingerprint

Dive into the research topics of 'CAGE: Complementing Arm CCA with GPU Extensions'. Together they form a unique fingerprint.

Cite this