CRONUS: Fault-isolated, Secure and High-performance Heterogeneous Computing for Trusted Execution Environments

Jianyu Jiang, Ji Qi, Tianxiang Shen, Xusheng Chen, Shixiong Zhao, Sen Wang, Li Chen, Gong Zhang, Xiapu Luo, Heming Cui

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

Abstract

With the trend of processing a large volume of sensitive data on PaaS services (e.g., DNN training), a TEE architecture that supports general heterogeneous accelerators, enables spatial sharing on one accelerator, and enforces strong isolation across accelerators is highly desirable. However, none of the existing TEE solutions meet all three requirements. In this paper, we propose CRONUS, the first TEE architecture that achieves the three crucial requirements. The key idea of CRONUS is to partition heterogeneous computation into isolated TEE enclaves, where each enclave encapsulates only one kind of computation (e.g., GPU computation), and multiple enclaves can spatially share an accelerator. Then, CRONUS constructs heterogeneous computing using remote procedure calls (RPCs) among enclaves. With CRONUS, each accelerator’s hardware and its software stack are strongly isolated from others’, and each enclave trusts only its own hardware. To tackle the security challenge caused by inter-enclave interactions, we design a new streaming remote procedure call abstraction to enable secure RPCs with high performance. CRONUS is software-based, making it general to diverse accelerators. We implemented CRONUS on ARM TrustZone. Evaluation on diverse workloads with CPUs, GPUs and NPUs shows that, CRONUS achieves less than 7.1% extra computation time compared to native (unprotected) executions.
Original languageEnglish
Title of host publicationProceedings of the 55th IEEE/ACM International Symposium on Microarchitecture (MICRO)
PublisherIEEE
Pages124-143
ISBN (Electronic)978-1-6654-6272-3
ISBN (Print)978-1-6654-7428-3
Publication statusPublished - Oct 2022
Event55th IEEE/ACM International Symposium on Microarchitecture (MICRO) - Chicago, United States
Duration: 1 Oct 20225 Oct 2022
Conference number: 22186459

Conference

Conference55th IEEE/ACM International Symposium on Microarchitecture (MICRO)
Country/TerritoryUnited States
CityChicago
Period1/10/225/10/22

Fingerprint

Dive into the research topics of 'CRONUS: Fault-isolated, Secure and High-performance Heterogeneous Computing for Trusted Execution Environments'. Together they form a unique fingerprint.

Cite this