Presentation

· Contributors · Organizations · Search Program · Flagged · Happening Now

Confidential Computing with Heterogeneous Devices at Cloud-Scale

SessionWednesday Work-in-Progress Posters

DescriptionCloud-centric workloads are increasingly moving towards leveraging domain-specific accelerators (DSAs) such as GPU, NPU, FPGA, etc. to achieve massive speedup over general-purpose CPUs. These workloads compute sensitive data; furthermore, the programs themselves can be proprietary business secrets such as high-performance AI models. Therefore, several confidential cloud solutions have recently emerged to protect not only the attacker-controlled software stack (OS/VMM) but also the cloud service providers or CSPs themselves. CPU-centric trusted execution environments or TEEs have been around for some time and are deployed commercially. However, despite some recent proposals, most nodes do not have any TEE capability and, therefore, are unprotected against malicious CSP and software stack.

In this paper, we address this gap by proposing a new dedicated hardware module, which we call the security controller (SC) that acts as the TEE proxy for the legacy non-TEE DSA nodes in a data center rack. SC enforces access control and attestation mechanisms and protects the non-TEE nodes even from a physical attacker. We implement and synthesize SC hardware and evaluate it with real-world cloud-centric workloads with heterogeneous DSAs. Our evaluation shows that on average, SC introduces 1.5-4.5% overhead while running AI, Redis, and file system workloads and scales well with an increasing number of DSA nodes (up to 2236 concurrent NPUs running CNNs).

Authors

Event Type